Welcome back to Invisible Borders.

In the first Episode we introduced you to the very fundamental frameworks, on which we based our research for this podcast. The theories that underpin the way in which we understand the EU border regime and the border surveillance industry. If you have not listened to it, I encourage you to listen.

In this first episode we established the premise that the framing of people on the move and racialized people as risks is rooted in colonial practices of rule and control, a meticulous counting and boxing, and that this process is underlying the expansion of surveillance for the purpose of control. It justifies the ordering and governing of the “Other” in violent ways. Colonial continuities are also reflected in power dynamics inherent to EU border externalization practices both in North Africa but reproduced similarly in Eastern Europe.

Departing from this point, and before we dive into the stories of present-day experiences of the highly digitized border regime, we want to understand how we got to this point, where intrusive and violent surveillance has become the default border management tool.

For this, we want to talk about policy not to bore you but to discuss policy as “the conditions that determine what is made possible.” What are the current conditions that enable such intrusive surveillance of migratory populations and people on the move? What are the political and legislative processes that have created these conditions? And what happens next?

We will speak about EU policies, laws but also informal policy through bilateral deals and operational agreements, that govern border and migration technologies to understand the laws that have enabled or encouraged border surveillance but also to ask what instruments could help us in resistance?

P: To answer these questions I am joined by Alyna Smith, an experienced advocate in Tech and Migration who worked for PICUM, EDRi, and Lighthouse Reports. Would you introduce yourself to us and maybe explain a bit how you've come to engage with the topic of surveillance and migration?

A: This all started for me back in 2015. That was the beginning of my work on migration-related issues in the European context. For nearly 10 years, I worked for a European network focused on the rights of undocumented people and on advocating for more just approaches, more generally to migration and to human mobility. None of that really included anything to do with privacy or digital rights.

But then, around 2017, I started to get wind of a big new piece of legislation that everyone was talking about called the GDPR. A big regulation that would introduce rights in relation to the protection of personal data. And once again, this is not anything I'd worked on before that my organization had worked on before, but something told me this could be important for us.

So this is something that I started to dig into when the GDPR came into force in May 2018. I came to understand that this was not just some very technical piece of legislation that was very esoteric, but that it was really a potentially very significant piece of legislation for migrant rights.

It was very much a rights-granting framework that really applied to anyone whose personal data was being processed by a company or by any entity without conditionality. So your rights in that framework had nothing to do with your resident status or your nationality or anything else. It was just you as a so-called data subject.

At the time we were not thinking of our migrant justice work in terms of privacy and data protection. We were speaking of it in terms of safety and the right to health, but this framework really helped us to get a new language to speak about rights, an additional framework to advocate for rights. It also opened a way for us to work really with a much broader set of partners, digital rights partners, and to work more closely with even racial justice partners who had been working for a long time on surveillance.

Now, the crazy thing is that we had this piece of legislation that came in 2018 and then literally a year later, the European Union seemed to completely forget about that legislation, or at least to conveniently set it aside — when it came to the migration context, because a couple of regulations were passed to create a framework of so-called interoperable migration systems.

So, here we had the GDPR introduce extremely important principles with regards to processing of personal data. And then suddenly in 2019, the EU seems to turn around completely. Instead, in the interests of advancing our objectives on serious crimes, terrorism, and immigration enforcement — which for some reason they saw as more or less interrelated things — we need to instead be able to gather as much data as possible on anyone who is a non-citizen.

Having done a little bit of work already on the GDPR already struck me as just an astonishing, level of incoherence and even hypocrisy. What was so evident, back in 2019, was just how we had a rights framework in place in Europe, that was considered a gold standard even worldwide. And then just how readily European Union policymakers were to essentially exempt people from that framework. And the justification for that was security.

The framing of migration as fundamentally a security-related issue is what justifies — the European institutions use it as a way of justifying — the ignorance of fundamental rights, which should apply to anyone. We have seen a continuity with that over the last number of years. 

We've also seen that in terms of the broader technology field which has come into play.What we see in the migration space today is a reflection of the current fixation with tech and, for example, artificial intelligence. More generally, the European Union's drive towards “innovation” and the idea that technology can somehow help us to fix or address complex societal issues.

I spoke with Alyna a lot about the phenomenon of Technosolutionism, which has driven massive investments into Research and Innovation projects funded by the European Union, which we already discussed in Episode 1. Projects like ROBORDER and Border UAS operate on this dystopian idea that if we only use and experiment with the most advanced technology then we can prevent people from coming to Europe.

Petra Molnar reflected on this idea of the border as a technological testing ground. She writes: 

“Technology replicates power relations in society that render certain communities as testing grounds for innovation. In addition to violating the rights of the people subject to these technological experiments, the interventions themselves do not live up to the promises and arguments used to justify these innovations. This use of technology to manage and control migration is also shielded from scrutiny because of its emergency nature. In addition, the basic protections that exist for more politically powerful groups that have access to mechanisms of redress and oversight are often not available to people crossing borders.”

P: What we are really trying to get at and map out is what happened in the political sphere that enabled this vast industry experimenting with dystopian surveillance technologies — swarms of drones that enable the tracking, apprehension, and violent pushbacks of individuals seeking protection. Is it a new phenomenon, or has this process really been ongoing, invisibly for decades?

A: I think there's a very longstanding view of migration in these very reductive terms. And then you were mentioning 2015; there was maybe less overt a conversation about tech and those aspects in the migration agenda adopted 10 years ago, but still a lot of what we saw in 2015 set the groundwork for the Pact, which we'll talk about later.

So we saw a new era of so-called hotspots in Italy and Greece, which were really intended to swiftly fingerprint people and expedite the screenings of people and also expedite deportations of those who were found not to meet the criteria of asylum seeking. We also saw an expansion of migration partnerships — that means working with countries outside of Europe to basically limit the number of people who can come. So a lot of this really set out a framework that the EU has leaned into heavily in the decades since and then taken to a new level with the New Pact on Migration and Asylum..

With regards to border surveillance, this also started even prior to 2015, with the Integrated Border Management Strategy of the EU. Since 2013, Frontex has been running EUROSUR, which is a framework for near real-time surveillance and information exchange and cooperation with member states. And, of course, its aim is preventing irregular migration and, quote-unquote, cross-border crimes through the use of all sorts of high-tech tools: drones, unmanned and manned aircraft, helicopters, satellites with radar systems, thermal cameras, high-tech sensors.

I think what's important to note is that EUROSUR itself was essentially inspired by a system that had already been in place for well over a decade and run by the Guardia Civil in Spain called the Integrated System of External Vigilance, or SIVE in Spanish. 

Essentially that was a very high-tech system to monitor external coastlines and borders through, again, radars, high-tech cameras, and, of course, border guards. And this was expanded significantly through partnerships with various African countries over the years. So that system, SIVE, had been around for a long time already before Frontex put in place its own version of that at the European level in 2013.

So again, the idea of using technology and surveillance technology in the interests of enforcing borders and discouraging people from, deterring people from crossing borders or from taking certain routes, was already well in place long before 2015. 

I think that's such an important aspect to remind us that this is a plan, this has been a trend and a desire that has just expanded and expanded, and the tech and AI hype has fed into that as well.

P: This very much reflects on what we found in our research in the Balkans with  Frontex starting to set up the infrastructure for surveillance that can feed into EUROSUR. We see a two way process of Frontex on the one hand, expanding out — via, for example, these migration partnerships that you were mentioning — externalizing, cooperating more and more with countries outside of the EU borders to make sure people are not even reaching EU external borders. But at the same time, Frontex and surveillance more generally are starting to expand inwards  — with surveillance also starting to be used and justified in the internal borders. So the expansion goes both ways. We spoke about what is already happening in practice, like Frontex capacities and budgets for surveillance expanding, but all of this is underpinned by legislation. Can you walk us through what has happened on the policy level, to support the merging of surveillance and migration? 

A: I already mentioned the regulations in 2019 ushering in these interoperable migration IT systems. Those were presented as a largely technical issue, but of course they have massively important implications for human mobility more broadly and in the context of immigration enforcement. They essentially bypass the protections of the GDPR, actually. A number of the systems they pertain to already existed at the time of that legislation — the Visa Information System, the Schengen Information System, maybe some systems familiar to many of your listeners, Eurodac, which is a system related to people seeking asylum. 

But the Interoperability legislation also foresaw the creation of new databases, ETFs, which are for people who don't need visas, but will in the future need other types of authorization to enter the EU.  We're talking about people applying to come to visit Europe to attend a wedding, or do a business trip, or be a tourist. We're speaking of people in an asylum process. We're speaking of people again, crossing internal borders. The scope of this legislation, or the scope of the people implicated, is enormous.

Another important one is the AI ACT, which passed in 2015. This Act was, of course, not about migration. It was, a bit like the GDPR, attempting to be a first in the world in trying to take a comprehensive or broad approach to the regulation of new technology, in this case, artificial intelligence, which in some ways is not new actually at all, but which has really been accelerating in the last number of years. What we saw as advocates and activists was that the AI Act was an opportunity to really properly regulate and in some cases prohibit very harmful uses of tech in the context of migration and also policing and others. While we did have some successes in our advocacy, especially towards the European Parliament, essentially what we saw is that member states were very, very eager to retain their power to use tech quite freely in the context of borders and migration control and also law enforcement. And so the final text that was adopted last year had a lot of important loopholes. We did manage to get some safeguards in terms of acknowledging some forms of use in the migration context and the law enforcement context as high risk and therefore subject to more safeguards. But there are very, very significant loopholes. And those were essentially pushed through by member states, who were adamant that they did not want to relinquish the power to use or develop forms of artificial intelligence in the migration context.

A: I think it's interesting to think about AI because AI relies on large data sets. We started out talking about these massive databases. What we see is that with the fixation on securitization and threat comes a fixation on measuring threats, anticipating, predicting. And then also a fixation with data and how that data then, in large and vast amounts, can be collected but then also analyzed. So with these enormous stores of data, it becomes appealing to use that data as a basis for future policymaking or to assess threats and so on and so forth — for example, for the use of risk profiling of people asking for a visa.

P: This reminds me of the role that databases are increasingly playing in newer legislation. I am thinking of the most recently proposed return directive, which foresees large data sets being used to trace who has already had an entry in the Schengen Information System, to decide who can be the target of a return — a euphemism for violent deportations. It is the same idea that somehow by using data, including biometric data — that means images of people's faces, their fingerprints — using data as the basis, and then using some type of software or other type of system, makes this more objective or somehow neutral approach.

A: The return directive is a piece of legislation that has been around for some time, which essentially regulates deportations and the conditions under which someone can be held in immigration detention or essentially incarcerated in the context of immigration procedures, and specifically in relation to deportation. It has been a key instrument in the EU's migration enforcement arsenal. However, this year, or so earlier this year in March, the European Commission proposed to essentially beef up that directive into a regulation so-called return regulation, a European system for what the EU likes to call returns, as if you have a dress that doesn't fit and you're just sending it back. But of course, as you said, it's a European system for deportations.

What would that really mean? That would mean that the existing directive would be replaced by a regulation that absolutely foresees more data sharing the idea of facilitating, basically, tracking people down, finding them, because again, the aim is to increase deportations. There's also an intention to digitalize the case management around deportations  to “smooth the process.”

This piece of legislation is quite concerning. It has other very concerning dimensions also in terms of notions of return hubs, the idea of essentially externalizing deportation processes to countries outside of Europe. Leaning hard into this idea of working with third countries in ways that render more invisible the violence of deportations.

We haven't really spoken so much about it, but of course, this securitization framework is deeply racialized, and if we're more blunt, racist. So I think this underpins so much of what we're talking about in terms of how the European Union is conceiving of migration, how it's understanding it, and then how it sees that it should be responding to it, and the tools that it's engaging in that effort.

P: Before we move on to talking more directly about who is affected we should talk about the New EU Pact for Migration just briefly, since this is the big piece of legislation that the EU is so proud of having brought together all the member states to finally have a common policy on migration and asylum. The Pact will now be translated into domestic law and put in place in the next year.  The legislation is massive with 10 files - aiming to organize the whole  asylum system based on screening and detaining people directly at the border. It may not be obvious to everyone how linked the Pact really is with everything that we've talked about in terms of data and surveillance. Can we pull out a few of the most important linkages? 

A: As we mentioned before, the Pact, in a way, builds on what we already saw in 2015 in terms of the hotspots approach and builds on these interoperable systems, which were essentially, among others, intended to facilitate a more digitalized approach to various migration procedures. So we see these things very much coming together again. And in some ways, the Pact is codifying these things.

For example, the hotspots approach: the Pact foresees essentially detention facilities, high-tech versions of what have now evolved from those hotspots approaches in places like Greece, which include motion centers, sensors, cameras, and fingerprint access. So we're basically codifying that and technifying that, right?

This is moving to the next level with the Pact. We see it in the procedures, the screening procedures themselves, which were intended to be speeded up through these hotspots and the improved efficiency of essentially sorting people in terms of those who would proceed with asylum and those who would be deported. That's now going to be enhanced through digital tools, with the potential for the use of also potentially machine learning or artificial intelligence.

So that's in the context of so-called screening and border procedures, where there are also going to be mandatory security checks for anyone entering without papers.

We then see an expansion in terms of data collection, for instance with Eurodac. So we now will have biometric data, including facial images, included in Eurodac, and we are pushing down the age to six — children as young as six — whose data, including their biometric data, will be stored in this system for up to a decade.

We see that the Pact also enables more searches of people's personal items, and what that means is the likelihood of more super invasive approaches — people's personal electronic devices being seized and data extracted to analyze, to remove and analyze, and mine those tools, including for credibility assessments in asylum procedures or to ascertain a person's identity.

The Pact essentially scales up in terms of the use of digitalization and technology in practices that, let’s be honest, were pre-existing. But some of those practices are codified or more expressly encouraged under these various pieces of legislation, which is the Pact. And of course, we see encouragement of the use of more surveillance tools — motion sensors, drones, and their thermal imaging cameras at external borders as part of this package, as well as at internal borders.

P: So the function surveillance is fulfilling in the Pact is essentially “catching people as early as possible” to be able to screen them, to then subsequently decide whether “people are entitled to apply for asylum and receive international protection.” The term that comes to mind is “a general suspicion” of people on the move. Underpinning the logic of the 10 files of the Pact is the question: “Are you a threat?” “How can we trace you?” It is exemplified by the fact that the EU will be keeping six-year-olds’ data for 10 years,  thinking “maybe we should store their data just in case”. People are under a general suspicion. Who will be most affected by the changes in policy, and what possible forms of resistance do we have to respond to these worrying trends?

A: Our conversation has been a lot about legislation and it matters, because legislation does create a framework for government action and not only governments, but also other actors, private sector and otherwise. But beyond legislation, this is also about a broad agenda of dehumanization that has justified the approach itself that is essentially putting aside protections and protective frameworks and other approaches that we might otherwise have taken.

So when we think about the impact, the most direct impact is on the people directly targeted, but this group might be wider than we realized. The racism underlying these systems is very often a person's appearance, their skin color, their apparent ethnicity, or religion — often used as a stand-in for their immigration status, right? And so the impact then will be felt on racialized people beyond those who may or may not be considered by themselves or others a migrant, right?

Racialized people within Europe will be affected by these changes and already have been affected by the very racialized nature of migration policy and its enforcement. Of course, it will very much affect people already here  so asylum seekers and undocumented people who are already here, whether adults or children, many of whom have been here for a very, very long time.

Then there are also people who have what we might call precarious status, who can be “deportable”, quote-unquote. So undocumented people, but also other people whose status might be removed. Think of, for example, a recent case of Germany deporting other EU nationals — so non-Germans, but EU nationals — for their participation in pro-Palestinian activities. People who found themselves deportable because they engaged in activities that the government found unacceptable. I think this shows the relationship between these policies and practices and wider forms of social oppression. So we need to understand impact in a wider sense. 

P: While it is not always a helpful analogy, to stress that intrusive surveillance technologies will also reach civilian populations once they've been tested at the borders, this is a trend that is very real. Think of the anti-government protests in Serbia for example; many of these technologies that were used for repression and for identification of individuals at the protests had been used in the migration context and were just less visible before. The willingness to expand surveillance is quite striking. 

A: Absolutely. Even in talking about people affected who are not even in Europe, it's again this push towards externalization — to move the harshest, most violent parts of the EU's migration and deportation apparatus outside of the view of Europeans. So also the EU's investing in other countries' capabilities, and also in relation to their security forces and technology, to participate in the deterrence of people coming to Europe in very, very violent ways.

P: What can we do to resist? 

A: In terms of resistance, I think there's already really important work happening to challenge repressive policies. For example, there was just very recently a mobilization in Rome of migrant justice activists against the Italy-Libya Memorandum of Understanding from 2017, which normally would automatically renew in just over a week's time and has been essentially a framework for cooperation between Italy and the Libyan Coast Guard on migration-related issues, and is associated with enormous levels of violence and inhumanity. What's challenging is to really have a similar mobilization at the EU level, that is equally centering the people most affected — the people who understand best what is happening and its impact. The EU just seems so very far away for many people, so very distant. And there's also just been this gap historically in terms of those advocating on issues of migration, migrant justice, and those advocating on issues of, for example, digital rights, or even against militarism, militarization, and security. But we are starting to really see in the last few years efforts  to address these gaps and to really try to stitch together movements and to do better, especially in a European context, of really centering people who understand the truly violent nature of what we're speaking of and what's truly at stake — and can be a really important force in helping us to move in a different direction.

I think one example that I can share is last year there was the launch of an initiative called the Migrant Justice Community Practice. It was launched by a European-level anti-racism organization called Equinox Initiative for Racial Justice, together with two grassroots feminist organizations and migrant justice organizations: International Women's Space in Berlin and the Greek Forum for Migrants in Athens. It's really intended to bring together racialized and migrant-led movements, initiatives, and coalitions to work to shift European migration approaches from deeply punitive and violent towards something much more oriented around community and care. So I think that is inspiring to me — to see initiatives, to see people coming together to mitigate the damage of this ongoing, really problematic policy and legislation, while at the same time building towards a wider, broader, deeper agenda that includes a much wider set of actors and situates this work in a much wider frame.

SHOWNOTES

European Commission. (2025, September 4). European innovation strengthens border management: New EU technology. https://home-affairs.ec.europa.eu/news/european-innovation-strengthens-border-management-new-eu-technology-2025-09-04_en

Statewatch. (2025, September). EU budget proposals: More external migration control, less democratic scrutiny. https://www.statewatch.org/news/2025/september/eu-budget-proposals-more-external-migration-control-less-democratic-scrutiny/

European Commission. (n.d.). European Border and Coast Guard: Update of EU rules. https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14640-European-Border-and-Coast-Guard-update-of-EU-rules_en

Statewatch. (2025). 2 billion in 15 years: How Frontex finances Fortress Europe. https://www.statewatch.org/analyses/2025/2-billion-in-15-years-how-frontex-finances-fortress-europe/

Biometric Update. (2025, January). Expect shift in US border strategy to pay dividends for biometrics, surveillance tech providers. https://www.biometricupdate.com/202501/expect-shift-in-us-border-strategy-to-pay-dividends-for-biometrics-surveillance-tech-providers

European Commission. (2025). Commission press corner: Latest updates. https://ec.europa.eu/commission/presscorner/detail/en/ip_25_724

PICUM. (n.d.). The EU migration pact: A dangerous regime of migrant surveillance. https://picum.org/blog/the-eu-migration-pact-a-dangerous-regime-of-migrant-surveillance/

Protect Not Surveil. (n.d.). Europol paper. https://protectnotsurveil.eu/uploads/ProtectNotSurveil-Europol_Paper.pdf

Sussex Centre for Migration Research. (2025, January 10). European language detection software. https://blogs.sussex.ac.uk/sussex-centre-for-migration-research/2025/01/10/european-language-detection-software/

European Digital Rights (EDRi). (n.d.). Automated data exchange in PRUM II: EU securitisation mindset encroaching on fundamental rights. https://edri.org/our-work/automated-data-exchange-in-prum-ii-eu-securitisation-mindset-encroaching-on-fundamental-rights/

Human Rights Watch. (2022, January 18). Greece: New biometrics policing program undermines rights. https://www.hrw.org/news/2022/01/18/greece-new-biometrics-policing-program-undermines-

Homo Digitalis. (n.d.). Related coverage on biometrics and surveillance in Greece. https://homodigitalis.gr/en/posts/134512/