A little-known rule within European visa law has recently come under scrutiny after a reported data retention issue at VFS Global’s New Delhi visa application centre. According to the Schengen Visa Code, once an applicant’s passport details, fingerprints, and photographs are transmitted to the relevant embassy or the central Visa Information System (VIS), all local copies of that sensitive data must be deleted within seven days, without exception.
However, a 2025 report linked to the Hungarian consulate revealed that applicant data at the New Delhi centre was allegedly being retained for more than a month. The issue has raised serious concerns because the rule is considered one of the key privacy protections under European visa regulations.
The seven-day deletion requirement is part of the Schengen Visa Code, officially known as Regulation EC No 810/2009, and is further supported by the EU’s Visa Information System laws. The purpose of the rule is simple — once data has been securely transferred to the embassy or central database, keeping copies on local systems serves no legitimate processing purpose and increases the risk of misuse or security breaches.
Under the existing framework, long-term storage of visa applicant data is handled centrally by the VIS database, where records can legally remain for up to five years for future verification and visa processing. Local visa centres are not permitted to store this information beyond the mandated period.
The incident has drawn attention to the broader legal structure governing Schengen visa applications, a framework many travellers are unaware of despite regularly applying for European visas.
One of the best-known provisions under the Schengen Visa Code is the 90/180-day rule, which allows travellers to stay within the Schengen zone for a maximum of 90 days during any rolling 180-day period. Overstaying can result in penalties, future visa complications, or even entry bans.
The Code also clearly outlines where travellers should apply. Applicants must submit their visa request to the consulate of the country where they plan to spend the most time. If the duration is equally split between countries, the application should go to the consulate of the first country of entry. Applications can be filed up to six months before travel and generally must be submitted at least 15 days before departure.
Strict passport and biometric rules are also part of the process. Passports must have been issued within the previous 10 years, remain valid for at least three months beyond the intended departure date, and contain at least two blank pages. First-time applicants are required to provide fingerprints and a digital photograph, though biometrics remain valid for 59 months for repeat travellers.
Another mandatory requirement is travel insurance covering all Schengen countries with a minimum coverage of €30,000. The insurance must include emergency medical treatment, hospitalisation, and repatriation.
The regulations also make it clear that a visa does not automatically guarantee entry into Europe. Even with a valid visa, border officials can deny entry if travellers fail to provide documents such as hotel bookings, return tickets, or proof of sufficient financial resources.
Responding to the controversy, VFS Global stated that it operates under strict government oversight and follows rigorous security standards worldwide. The company also stressed that it does not tolerate fraud, misuse of data, or practices that fall below expected standards.
Recent Random Post:
