Türkiye, home to the largest refugee population in Europe, has been rapidly integrating emerging technologies into its migration control systems. This post reflects on the potential risks this approach poses to fundamental rights and argues that, by funding these initiatives, the EU is reinforcing a gatekeeping model that allows it to further externalise migration management while distancing itself from the consequences of these practices.
Türkiye plays a crucial role in asylum management both in Europe and globally. According to UNHCR data, it currently hosts 3.1 million individuals—the largest refugee population in Europe and the second largest worldwide. On the other hand, the recent data also indicate growing dissatisfaction among the Turkish population, with 87.2% expressing discontent with Türkiye’s host status. Now, more than ever, preventing new arrivals and, where possible, facilitating the return of those granted international protection are central policy objectives for Türkiye.
As part of its migration management efforts, Türkiye increasingly relies on emerging technologies. For instance, it employs drones, electro-optic towers, thermal cameras, radar surveillance systems, and seismic sensors along border walls that now extend over 1,100 kilometres. Another example is the testing of algorithmic profiling to identify a person’s origin by language or accent, such as distinguishing Uyghurs from Uzbeks. While the possible implications of these practices on human rights and the availability of adequate safeguards merit close examination, due to space constraints this blog focuses on one area that is unique to Türkiye: mass surveillance and deportations.
Big data and mass surveillance
In its drive to maximise the deportation of irregular migrants and voluntary return of those who are under protection, Türkiye heavily invests in operationalising information systems to strengthen surveillance within its territory. A key component of the identification process is the creation of a comprehensive pool of migrants’ personal data, both biographical and biometric. The Central Database (GöçNet) holds fingerprints of 5.5 million people, systematically collected during the application process for visas, residence permits, and international protection. While these measures enhance the state’s capacity for surveillance, they also raise important questions about the legality of gathering and processing such sensitive personal information.
Under Türkiye’s Personal Data Protection Law (No. 6698), attributes such as race, ethnic origin, political views, philosophical beliefs, religion, sect or other personal convictions, appearance and attire, association membership, health, sexual orientation, criminal records, security-related information, as well as biometric and genetic data are designated as ‘special categories of personal data’ (Article 6(1)). Although these categories are regarded as highly sensitive, they are not immune from processing. The same Act permits the processing of ‘special categories of personal data’ under specific conditions, including instances ‘explicitly provided for by law’ (Article 6(2)(b)).
This raises a critical question: what legal foundation supports this large-scale data collection? The Regulation on the Implementation of the Law on Foreigners and International Protection (No. 29656) stipulates that foreigners’ fingerprints, palm prints, retina scans, voice recordings, photos, and other personal data are collected, stored, protected, used, and shared according to the procedures set by the Directorate General of Migration Management or provincial directorate (Article 124). The issue is that little is known about the established protocols for handling sensitive data collected from non-citizens for migration control purposes. The legitimacy of entrusting administrative authorities with the regulation of procedures for processing ‘special categories of personal data’ is highly questionable, given the principle of lawfulness. Although administrative acts are not automatically exempt from the requirement of lawfulness, infringements upon the right to privacy may arise due to various factors. The case law of the European Court of Human Rights (ECtHR) makes it unequivocally clear that the protection of individuals depends not only on the clarity of the law but also on their ability to access it effectively. Yet in practice, the relevant procedures remain opaque, or otherwise inaccessible to the public and those subject to them.
Risk of data leaks
Even if the presumption of a legal basis for data processing is accepted, significant concerns remain regarding the legality of mass biometric data collection for immigration databases, particularly in terms of proportionality and the potential risks associated with such interference. A recent scandal has been reported involving data leaks from e-Devlet, a public administration portal that stores personal data of Turkish citizens as well as legal residents. This includes data such as names, addresses, citizenship numbers, gender, health, banking, and tax information. Although the government has made mixed statements on whether a breach occurred, other incidents show that data breaches are not rare (see public announcements of data breaches involving municipalities and state agencies). These recurring vulnerabilities show the significant risks inherent in managing large-scale sensitive data that extend beyond privacy breaches to compromise the security of the most vulnerable individuals seeking international protection.
Beyond data breaches that expose asylum seekers and refugees to security risks from their countries of origin, the growing reliance on migration databases and biometric technologies increases risks for data subjects in their host states, particularly when data quality issues arise. The discussion on data quality in EU migration databases is insightful, highlighting that identification failures can occur when data quality is poor, such as incorrect biometrics assigned to individuals. The Directorate General of Migration Management is also pursuing a project to integrate facial recognition systems into GöçNet, aiming to create an alternative method of biometric identification. Research demonstrates that facial recognition technologies are not fully reliable and their use can lead to mistakes in asylum decisions. As of now, Türkiye is neither a signatory to the Convention on Artificial Intelligence nor does it have a specific legislation regulating facial recognition technology, as suggested by the ECtHR in Glukhin v Russia, including guidelines on its usage, algorithm accuracy, photo retention, auditability, traceability, and necessary safeguards. In July 2024, a proposal for an Artificial Intelligence Act was submitted to Parliament. However, this proposal focuses more on the scrutiny of the industry and its responsibilities rather than the state’s use of AI technologies. Critically, there is no independent organisation responsible for overseeing the use of these technologies, particularly regarding their impact on vulnerable groups, and the reliability of these technologies remains an open question.
Ethnic profiling
The creation of GöçNet is critical for another initiative that Türkiye introduced in July 2023: Mobile Migration Points, which the government presents as the first of its kind in the world. These mobile units allow on-the-spot checks of fingerprints of individuals, who are then sent directly to deportation centres if their registration cannot be detected, where deportation procedures are initiated. Authorities have broad discretion over whose biometrics are checked on-site, with no need for intelligence or specific information about an individual. Law enforcement is aware that these practices “should be undertaken without disturbing tourists”, which inevitably exacerbates ethnic profiling in policing.
Detention and deportations
In addition to the issue of reinforcing discrimination, this system accelerates detention and deportation procedures, its primary objective. Arguably, this is the most contentious aspect of the practice, particularly in light of recent developments in Syria and ongoing discussions about terminating temporary protection, which can simply be initiated by presidential decree. By the summer of 2024, a total of 286,012 individuals had been checked in the Mobile Data Points, and 61,429 were sent to deportation centres (for data, see here). The Minister of Internal Affairs shared the 2023 deportation figures, stating that a total of 130,609 individuals were deported that year, while also emphasising that this number significantly exceeds the total deportations across the EU. As of July 2024, the number of deportations for the past year has risen to 141,187.
The ECtHR found in G.B and Others v. Turkey that the poor conditions in a deportation centre amounted to inhuman and degrading treatment. With rising numbers, the risk of dire conditions remains a concern, alongside the ongoing issue of forced returns. In the ruling of Akkad v. Turkey, ECtHR clearly establishes both the ill treatment of individuals under temporary protection and the risk of their forced return. A recent report indicates incidences of ‘soft deportations’, which are not limited to but are particularly prevalent when individuals face criminal charges for minor criminal offences, which also brings into question the interoperability of relevant systems. GöçNet data is now connected to the National Judiciary Informatics System – a central judicial information system that digitally integrates all judicial processes and services and facilitates the sharing of information between the judiciary and related institutions (p. 51). Interoperability of immigration and justice systems can trigger the return procedures when an individual is charged with a crime. Law on Foreigners and International Protection (No. 6458) allows deportation of those under international protection, not only for being associated with terrorist and criminal organisations, but also when they “pose a public order or public security or public health threat” (Article 54(2)). This rather broad scope opens the door for deportations of those who are involved in misdemeanours. In practice, individuals placed in administrative detention for minor offences, such as being involved in a neighbourhood altercation, are referred to immigration detention centres, where they are pressured to accept voluntary return (also noted here).
Externalisation of migration management through funding
The use of technological innovations in migration management is a global trend, and scrutinising Türkiye’s practices closely may seem unwarranted, given that it has shouldered the responsibility of protecting millions of refugees over the past decade—particularly amid increasingly restrictive migration policies worldwide. Despite its undeniable role in international protection, Türkiye’s position as a major host country necessitates closer examination, as its policies not only impact the rights of migrants within its borders but also influence global migration management trends, as seen in the concept of temporary protection. Another compelling yet less visible reason for such scrutiny of new migration practices is Türkiye’s deep interconnection with EU migration policies. The deployment of emerging technologies in this context does more than simply enhance the efficiency of migration management; it also reinforces a framework in which restrictive migration controls are implemented beyond EU borders, away from the legal scrutiny and rights protections normally guaranteed under EU law.
Operating largely behind the scenes, the EU provides significant financial support for various initiatives (pp. 46 and 51). This includes funding for capacity-building initiatives in Türkiye, such as alternatives to immigration detention through electronic monitoring—a measure supported by a newly introduced legislative framework. EU funds are also allocated for the purchase of electro-optical masts and thermal cameras at borders (p. 51). Additionally, funding has been directed towards the development and testing of an AI-based language analysis system (p. 60) to identify the country of origin of international protection applicants. The initiative aims to facilitate data sharing among institutions involved in border management and security with a view to conducting joint risk analyses.
At the core of this approach lies the EU’s broader strategy of externalising migration management. This process was initially embodied by the EU–Turkey Statement, which regrettably became a blueprint for offloading asylum responsibilities. Today, externalisation continues in less conspicuous ways, primarily through support for technological initiatives aimed at curbing irregular migration into Türkiye—and, by extension, the EU. This support fortifies a gatekeeping system that allows the EU to evade both the burden of direct involvement and the uncomfortable questions surrounding the human rights violations it tacitly enables and conveniently overlooks. This evolving strategy not only reshapes migration governance in Europe at large but also raises pressing questions about accountability, human rights, and the true cost of keeping Europe’s borders at arm’s length.