Border Reconfiguration, Migration Governance, and Fundamental Rights: A Scoping Review of EURODAC as a Research Object

This article scrutinises the European Asylum Dactyloscopy Database (EURODAC) as a research object for social science. EURODAC serves as an important part of the Common European Asylum System (CEAS) infrastructure by registering dig‐ italised fingerprints of asylum seekers, which facilitates the allocation of responsibility following the Dublin Regulation. In this article, we explore the role of EURODAC from its implementation in 2003 until April 2021 through a scoping review that maps and analyses existing social science research in the field. In total, 254 scholarly publications—identified in Scopus, Academic Search Complete, and Web of Science—were reviewed. The article seeks to answer three research questions: What is the accumulated knowledge within social science research on EURODAC? What gaps and trends exist in this research? What are the possible implications of this knowledge, gaps, and trends for other areas of the CEAS such as asylum evaluations and reception of asylum seekers? Based on a qualitative thematic analysis, our review shows that research on EURODAC can be divided into three broad categories: research that focuses on the reconfiguration of borders; research that focuses on migration governance and resistance; and research that emphasises fundamental rights and dis‐ crimination. In our final discussion, we highlight the lack of ethnographic studies, of gender and intersectional perspectives, and of in‐depth studies on national legal frameworks including asylum evaluations and reception practices across the EU. The article concludes that social science needs to address the socio‐political underpinnings of EURODAC and acknowledges its centrality to all areas of the CEAS.


Introduction
With the Treaty of Amsterdam and the Tampere Agenda in 1999, the development of the supranational Common European Asylum System (CEAS) took its course, building upon previous policy efforts aiming to harmonise national policy framework and practice in the area of asylum, such as the Dublin Convention (1990Convention ( -1997. The CEAS focuses on three areas: (a) efficient asylum and return procedures, (b) shared responsibility between member states, and (c) strengthened partnership with third countries. It includes several legal instruments that guide asylum and reception procedures in member states: The Asylum Procedures Directive aims to ensure quality and fairness in asylum decisions; the Reception Conditions Directive seeks to establish "a dignified standard of living"; and the Qualification Directive clarifies grounds for international protection. Two legal instruments concern specifically the allocation of responsibility between member states: the Dublin Regulation, which declares, with some exceptions, that the state of "first arrival" is responsible for processing asylum applications, and the EURODAC Regulation, which primarily seeks to facilitate the Dublin Regulation by storing asylum seekers' fingerprints in the EU-wide EURODAC in order to trace the country of arrival in the EU (Council Regulation of 11 December 2000, 2000. When founded, the initial ambition of the CEAS was to establish minimum protection and reception standards in all EU member states. In its second phase, its aim was to improve standards and adopt a more generous attitude towards asylum seekers. However, since the turn of the millennium, critics argue, the development of EU migration policy has become a "race to the bottom,'' with increasing restrictions and focus on returns (Hansen & Hager, 2012). The merging of migration and security has led to an increasing suspicion, criminalisation, and violence aimed at asylum seekers and their families (Guild, 2009). On a more concrete level, the CEAS has also failed in its ambition, as today EU member states still differ widely in both reception and asylum policy. Thus, some member states grant wide access to welfare institutions, whereas others rely solely upon civil society to accommodate basic needs among refugees (Beirens, 2018). Similarly, major differences in recognition rates between member states reveal that international protection is neither interpreted nor implemented in the same way across the EU (Parusel & Schneider, 2017).
In this article, we place one of CEAS's instruments, the EURODAC, in the limelight. EURODAC's main purpose is often described as primarily facilitating the application of the Dublin Regulation (Orav, 2021). However, following the claim of science and technology studies that technological facts and artefacts-such as a database of fingerprints-are never simply just tools of implementation, but always contingent on their utilisation, translation, and inscription (Callon, 1986), we presume EURODAC to be-and do-much more. To find out what it does is the main aim of our investigation. To pursue our endeavour, we chose to do a scoping review of existing research to map and analyse key themes in social science on EURODAC. More specifically, we set out to answer the following questions: 1. What is the accumulated knowledge within social science research on EURODAC? 2. What gaps and trends exist in this research? 3. What are the possible implications of this knowledge, gaps, and trends for other areas of the CEAS, such as asylum evaluations and reception of asylum seekers?
Before pursuing these matters, we provide a short exposé on the functionalities, technology, and history of the EURODAC, as well as our scoping review methodology.

The Development of EURODAC: Function Creep and Interoperability
The EURODAC regulation was adopted by the Council of the European Union in 2000 and came into force on 15 January 2003. The basic application is a combination of biometric identification technology and computerised data processing. The central unit, managed by the European Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), contains an automatic fingerprint identification system that receives data and replies "hit-no hit'' to the member state's national authorities who are responsible for the quality of data and security of its transmission. The database contains information on three categories of persons who (a) seek asylum, (b) cross borders irregularly, or (c) are found to stay "illegally'' within EU territory. Collectable data includes fingerprints of all persons from the age of 14, the dates of collection, sex, place and date of the application for asylum or of the apprehension, reference number, date of transmission to the Central Unit, and user ID of the person who transmitted the data. Data on asylum seekers is compared against data in the database and stored for 10 years. Data on irregular border crossers is stored for 18 months. The fingerprints of the third category of individuals are checked against previous asylum applications but are not stored (eu-LISA, 2014(eu-LISA, , 2016. In its initial phase, the EURODAC was primarily set out to be used as a tool to prevent "asylum shopping" (see eu-LISA, 2016; Moore, 2013, p. 350). It was also repeatedly stressed that the database should not be used for other purposes, such as criminal investigations against asylum seekers (Brouwer, 2002). However, a decade into its use, a recast regulation (Regulation 603/2013) was issued which opened for wider use and, in particular, an increasing interoperability between different EU IT systems in the fields of migration, border control, and law enforcement. The key organisation to further such development is eu-LISA. Other databases within this operation are the Visa Information System (VIS) and the Schengen Information System (SIS-II), which process information for the purpose of border protection and law enforcement. eu-LISA is responsible for the operation of all EU IT databases but is also assigned the task to "think strategically and anticipate future developments and dynamics" (Tsianos & Kuster, 2016, p. 239). Before the 2015 "refugee crisis," there were still harsh restrictions for law enforcement wishing to search EURODAC. However, after the Brussels bombings in 2016, the Commission urged for a speedier development of inter-connecting databases that could "strengthen security," and, in 2019, Regulations 2019/817 and 2019/818 "established a framework for interoperability among EU-wide information systems for third-country nationals" (Vavoula, 2020a, p. 132). Additional substantial changes are in the pipeline, for instance, to lower the age of collecting fingerprints from 14 to six and to include more categories of data, such as facial images (Orav, 2021;Vavoula, 2020a). Such modifications and enhanced interoperability are not only established through legal means, but also through technical possibilities of transmitting data across different systems and expanding its use, which, in the case of most EU databases, was a possibility built-in already from the beginning. This may lead to so-called function creep that enables IT systems to be applied differently than what was their original intent. To ensure the technical possibility for such an expansion, eu-LISA ensures data compatibility, including a matching algorithm (BMS matcher) that enables the linking of data entries across systems . In addition, new centralised databases are underway, storing information on, for instance, the entry and exit of all third-country nationals admitted for a short stay in the Schengen area and criminal records and convictions.

Review Method and Thematic Analysis
This article is based on a scoping review and follows the PRISMA-ScR protocol (Tricco et al., 2018), which provides a checklist for the review process. The scoping review procedure is as rigorous and systematic as a systematic review in its approach to synthesising knowledge (Munn et al., 2018;Peters et al., 2021;Tricco et al., 2018). The methodology emphasises transparency and the possibility to replicate a study (Arksey & O'Malley, 2005), but whereas systematic reviews tend to answer specific questions and evaluate evidence, scoping reviews generally present a broader map of existing research and do not necessarily assess the quality of each study. Scoping reviews are also useful to "identify key characteristics or factors related to a concept" (Munn et al., 2018, pp. 3-4).
We identify the "main concepts, theories, sources, and knowledge gaps" (Tricco et al., 2018, p. 1) in social science research on EURODAC; "EURODAC" is, therefore, our only search term. The search was conducted in April 2021 in the following databases: Scopus (n = 43), Academic Search Complete (n = 223), and Web of Science (n = 27). In total, 43 + 223 + 27 = 293 database hits have composed the initial sample with no restrictions on dates, as we wanted to examine possible shifts over time.
After eliminating duplicates, we ended up with a total of 254 publications, published between the years 1994 and 2020.
The review was pursued as a two-step process. In the first step, all three researchers read and evaluated each abstract independently and excluded (n = 68) hits when these were: written in a language other than English (n = 32); not involving original research, e.g., conference proceeding, policy brief, or book review (n = 31); not social science (n = 1); when there was a search term mismatch (n = 4).
In the second step, the researchers screened the remaining (n = 186) full-text publications. In this screen-ing phase, we discovered and excluded additional titles due to "EURODAC" not being mentioned in the body text (n = 23). The remaining publications were grouped as category A (n = 38) or B (n = 125). The main distinction between categories A and B was that the argument on EURODAC in a category A publication was more in-depth and elaborated on than in a category B publication. For instance, in many of the category B publications, EURODAC was only referred to as part of the CEAS, or as a contextual background, whereas in most category A articles, EURODAC was the main focus of attention or part of a larger empirical or theoretical investigation. Category A is therefore considered to be key publications in this study. Reliability was ensured by discussion between the coders to reach a consensus regarding which articles should be included in each category. Since the scoping review methodology aims to explore and map a research field, we did not assess the quality or originality of the publications. The key publications, followingly, represent a wide variety of social science research from many genres with different conceptual and empirical focuses.
After these steps in the review process, research entered the process of coding and thematic analysis (Braun & Clark, 2006;Ryan & Bernard, 2003). Concerning the key publications, we inductively identified themes according to the different arguments made about EURODAC and coded main themes and sub-themes for each publication. The sub-themes often overlapped with the main themes, but they also allowed for a wider articulation with more nuances.
The analysis resulted in eleven main themes (see Table 1) which together capture how EURODAC is articulated in social science research. In addition to the main themes and sub-themes, we made notes on method and specific locations for all key articles (see Table 1). This allowed us to (a) get an overview, (b) assess whether particular member states feature more than others in the literature, and (c) observe gaps or trends in methodological approaches. The analysis below describes the themes in greater detail and pays attention to conceptual tensions within each theme. In the analysis, the themes are clustered into three sections: the reconfiguration of borders (summarising "border control," "digitisation," "biometrics," and "surveillance"); EU migration policy and multi-level governance (summarising "securitisation," "member state variation," "deportation," and "migrant agency"); and fundamental rights and discrimination (summarising "data protection," "fundamental rights," and "cross-border police cooperation"). All key publications are referenced in these sections.
Category B publications were coded in the form of a condensed statement that captures the premise for how EURODAC appeared in the publication. Some of the statements enabled us to identify gaps in key literature, which we will return to in the discussion. All statements are listed in the scoping review protocol (see Supplementary File) that provides detailed information about each publication included in our study.

Analysis
In the following three sections, we synthesise the results from our thematic analysis of the key publications. Together, they present an illustrative picture of existing social science research on EURODAC. In the ensuing discussion, we highlight gaps and general trends in the literature and point to the implications of our findings for other areas of the CEAS, such as asylum evaluation and reception.

The Reconfiguration of Borders
In the aftermath of 9/11, the EU began "re-engineering and rescaling" border management, introducing "smart border" technologies to deterritorialize "the external EU border and potentially extending it to the whole Schengen area" (Tsianos & Kuster, 2016, p. 236). This led to a transformation of the territorial border demarcating a sovereign state into a border stretching both outwards and inwards to remotely control migration and mobility flows, as well as internal migration control. EURODAC fits well into this scheme, and the changing practises of border control have also generated a "conceptual transformation of European borders" (Fragapane & Minaldi, 2018, p. 906) where exclusion also takes place through identification within the territorial borders. One example is the concept of a "digital border.' ' Broeders (2007, p. 89), for instance, argues that EURODAC together with VIS and SIS-II will eventually lead to "a new digital border that will survey the immigrant population, rather than the territorial border," and emphasises that the "digitisation" of borders implies an increasing interest in an internationally mobile population rather than a population within a specific territory. Indeed, in a co-authored article published six years later, Broeders and Hampshire (2013) argue that previous research has all too narrowly focused on the post-9/11 migration policy of "securitisation." The article describes how mobility and migration management are re-moulded in the face of possibilities offered by ICT social sorting mechanisms for "detecting" and "effecting" flows of people. Here, three modes are presented, which are either intended to hinder the entry of unwelcome persons, fast-track border passages for desired persons, or deeply scrutinise passengers who match specific risk indicators through data-mining and profiling. Broeders and Hampshire (2013) also argue that commercial travel and the ICT industry contribute to increased digitisation. Besters and Brom (2010) take it one step further and claim that the digitisation of society is a self-driven process where information technology is inherently "greedy" and "elicits a dynamic of its own in which the political ends become to depend heavily on technical means" (Besters & Brom, 2010, p. 457). In their understanding, IT technology works as a machine that produces policy rather than the contrary, as function creep is part of the system. They rhetorically ask (Besters & Brom, 2010, p. 463): "Indeed, why would an information system be developed with a wide range of functions if only a few of these functions will be used in the end?" The gradual interconnectedness of EURODAC and law enforcement (Roots, 2015) relies upon a design that stores information that could be useful for crime prevention. The lack of democratic control of such a self-generating system is one of the main critiques that the authors highlight.
Another concept, launched by König (2016), is the "socio-digital border," which the author suggests captures how EURODAC functions as "social sorting," a concept developed by Lyon (2003). König (2016, p. 3) describes how "social sorting systems put the collected data into risk categories," profiled "according to race, gender, ethnic, national or religious criteria." The categories draw upon patterns extracted from big data including information stored in EURODAC. This social sorting leads to discrimination and exclusion. The socio-digital border shares similarities with "the biopolitical border" (see Walters, 2002) and "the biometric border" (see Amoore, 2006). The latter problematises the strong "truth claim" of biometrics-seen in migration policy as a reliable tool for establishing identity-and links it to the matter of digital technologies as one of the cultural means upon which our understanding of human beings is produced. Van der Ploeg (1999, p. 295) points to how biometrics generates a "readable" body. However, a readable body relies upon a notion of identities as pre-established, i.e., the system verifies who you are, and does not consider that any practice of identification concurrently is a practice of establishing identity (see also Lyon, 2008). Van der Ploeg emphasises the importance of analysing the context in which biometrics is used to understand its effects-the vulnerability of asylum seekers, for instance, makes the use of fingerprints in EURODAC different to other smart technologies designed to enable privileged travellers to move smoothly across borders.
Different definitions of the digital border thus highlight different aspects of the social effects of EURODAC. However, Kuster and Tsianos (2016) argue that the multitude of different definitions of digital borders risks "blackboxing" EURODAC's functions and reproducing the "success" of digitisation (Kuster & Tsianos, 2016, p. 48). Instead of addressing the border per se, four of the key texts analysed EURODAC as a surveillance technique. Pugliese (2013) discusses surveillance as a state's way of seeing through its laws and technologies, what he refers to as "statist regimes of visuality." Characteristics for the analysis of EURODAC as surveillance is how it is not understood in isolation but rather as an "interoperable surveillance grid" (Pugliese, 2013, p. 584). Statist surveillance through EURODAC, Pugliese (2013, p. 585) argues, is violent as it leads to the mutilation of fingers to escape identification. The intimate link between risk categories and longer histories of racial profiling is another example. According to Mirzoeff (2020), EURODAC should be understood as a distributed form of racial surveillance capital that, in an automated approach, registers migrants as sets of biometric data. As such, it polices the "white space" and produces spaces of disappearance to which asylum seekers are expedited. Asylum seekers have thus lost the "right to have rights." By theorising biometric border control through Agamben's concept of biopolitics and "the management of life," Ajana (2013) illustrates how lives are at stake through the complex mechanisms of exclusion and inclusion that surveillance techniques give rise to. "In cases such as the EURODAC system," she argues, and in "the detention and even death of asylum seekers and irregular migrants we can clearly witness the actualization of biopolitical sovereignty and discipline" (Ajana, 2013, p. 592). Finally, Tsianos and Kuster (2016) employ a Deleuzian power perspective and see EURODAC as part of a "surveillance assemblage." In their view, the digital border lacks a multi-perspectival lens that considers both the making of borders-the de-making and re-making of bordersthat are diffused to multiple sites, and the "technology work" where technology leads the way and "optimises communication and flow." From this perspective, the authors argue, EURODAC represents "a continuous space of 'smart' environments, i.e., the most secure and non-porous border-and the most dystopian at the same time" (Tsianos & Kuster, 2016, p. 293).

EU Migration Policy and Multi-Level Governance
Rather than centring on the reconfiguration of borders, other publications analysed the development of EU migration policy including both multi-level governance and migrant agency. Almost all the included studies recognised, in some way, that EU migration policy had undergone a change in the past 20 years towards increasing "securitization" (Huysman, 2006), and that the development of biometric IT systems such as EURODAC enables the EU to "manage the flow" of migrants (see, e.g., Den Boer, 2015;Ferreira, 2010;Mészáros, 2017Mészáros, , 2018. In this discourse, migration has turned into "risk management," Besters and Brom (2010) argue. The logic is that "the more information, the better the profiling of risk groups," and that "absolute visibility of the migration flow implies complete control" (Besters & Brom, 2010, p. 460). If the above cluster has illustrated the effects of this development as border reconfiguration, this cluster of research puts migration policy development at the centre stage. This highlights how the EU-wide system appears "absolute," at first glance, but is in fact enacted differently in different member states and by different actors. Already before its inception, Hurwitz (1999) pointed to how national asylum structures will lead to different interpretations and practices of EU regulations. Soysüren and Nedelcu (2020) show this by focusing on the system of deportation within the EU. Even though EURODAC is considered "hard evidence" regarding the first country of entry, the sys-tem does not work as intended because of its complexity. Administrative bodies are, for instance, required to respect several deadlines, and migrants avoid deportation to countries with worse conditions (Soysüren & Nedelcu, 2020, p. 14; see also Fullerton, 2016). Another example of variation between member states is how some of the countries that serve as the main geographical entrance to the Union-in particular Greece and Italy-have developed strategies to avoid enrolling data in EURODAC. Fragapane and Minaldi (2018) discuss the non-compliance among some, primarily southern, countries in a more critical manner. Comparing Italy and Spain, the authors argue that national and EU immigration policies are important for how EURODAC is implemented, and they see it as a form of "communitarisation." These authors also describe how, in 2015, the EU agreed to relocate migrants, whilst concurrently implementing the new "hotspot approach." The hotspots led frontline member states to fulfil their responsibilities to identify and register fingerprints of incoming migrants as evidenced by a drastic increase of EURODAC registrations in southern countries in 2016 (Fragapane & Minaldi, 2018, p. 916). Tazzioli (2018Tazzioli ( , p. 2775) discusses the relation between EURODAC and the EU hotspot system as a response to the failure of the relocation scheme. Rather than being a systematic Europeanisation, she argues, however, that the hotspot system continued to establish a distinct North-South relationship with Italy and Greece as frontline states.
The differences in asylum systems between memberstates are well known, and migrants navigate this knowledge about approval rates in their hopes to "move on" within Europe. Following the experiences of young men from Afghanistan who are in Paris, France, Schuster (2011b, p. 402) recognises that EURODAC and the Dublin Regulation are the "two elements that cause most difficulty to asylum seekers who arrive overland." Migrants whose fingerprints are registered in the "wrong country" experience difficulties. In Greece, Schuster writes, migrants are, for instance, afraid of police harassment and of being sent to Turkey. In Italy, they felt that racism against them was strong. Schuster's informants also witness that they find it hard to believe that their fingerprints will in fact follow them wherever they go in Europe (Schuster, 2011b, p. 409). In another article the author contends that EURODAC serves as a tool for states to abandon their legal responsibilities-e.g., ensuring the right to seek asylum-as well as punish asylum seekers that try to take control over their own life (Schuster, 2011a). Schuster (2011a) also states that the system transforms refugees into undocumented migrants.
Schuster's studies evince that migrants find ways of resisting even the most repressive systems. Some of her informants had, for instance, been deported several times, even all the way to Afghanistan, yet returned again and again to the EU. Many also kept away from authorities for the maximum 18 months that the Dublin Regulation is valid, to be able to seek asylum in the country of choice. Light et al. (2017) notice how communities of asylum seekers and undocumented migrants develop "digital care" practices to find ways of helping themselves and others to avoid registration. The emphasis on migrants' agency is a core theme in the final two articles reviewed in this chapter, which both put forward the concept of autonomy of migration as a critique of the more system-oriented approach of securitisation. Tazzioli (2018) researches the EU hotspot approach, which seeks to contain asylum seekers by relocating and redistributing them across the member states. By refusing the spatial traps of the Relocation Scheme and the Dublin Regulation, migrants undermine the image of asylum seekers as subjects who need to accept protection under any condition by practising spatial disobedience (Tazzioli, 2018(Tazzioli, , p. 2765. Migrants, Tazzioli argues, claim freedom of choice regarding the place to stay and where to move. Scheel (2013), however, emphasises that, while migrants will always find ways to transgress boundaries, the present "ever-more pervasive and intrusive governmental technologies that seek to control and regulate migration" makes the central tenants of the autonomy of migration important to rethink. The digital data doubles that databases such as EURODAC create, which makes a person traceable based on the biometrics of the body, are part of a new playing field that significantly alters the conditions for the control of a person's migration history-one that cannot be compared to the passport burning practice, but rather one that affords fingertip mutilation. Scheel thus argues that while critics must not fall prey to the idea that all migrants are subjects of a totalising securitisation scheme, biometrics nevertheless challenge the idea of borders as a negotiation zone, and thus, Scheel argues, "autonomy" must be rethought as a relational concept.

Fundamental Rights and Discrimination
By collecting and storing sensitive personal information, EURODAC is subjected to data protection laws, and the problems therein are addressed in the third chapter of this analysis. Already before its inception, Brouwer (2002, p. 231) asserted that EURODAC is special in that it would routinely collect sensitive personal information about a whole group regardless of their individual behaviour. This, Brouwer (2002, p. 243) argues, is problematic as "the governments seem to apply lower standards for respecting individuals' private life" when it comes to migrants and asylum seekers. The author also draws attention to the fact that while all persons have the right to be informed about each instance of recorded personal data, including how long it will be stored, and how it can be rectified, erased, or blocked, it is highly likely that many individual refugees or irregular migrants are not fully aware of their rights (see European Union Agency for Fundamental Rights, 2018). If one considers that biometrics are in general seen as reliable sources of knowledge, it is highly likely that mistakes are not resolved even if an asylum seeker would object. Yet, there are reasons for questioning the strong emphasis on reliability as not all fingerprints are easily recorded, for instance, those of children and the elderly (Besters & Brom, 2010; see also Vavoula, 2020b). Besters and Brom (2010) also point to the matter of migrants having little interest in a harmonised EU migration system unless the reasons for being rejected on their asylum application are harmonised as well. Thus, from a migrant's perspective, EU IT systems such as EURODAC do not serve their interests irrespective of data protection laws.
That data protection laws are insufficient for the categories of people subjected to EURODAC has been raised by several other authors. Van der Ploeg (1999) argues that, prior to its inception, several countries claimed EURODAC would violate national laws due to disproportionate and routine fingerprint gathering (see also Ajana, 2013). Adding irregular immigrants as a fingerprinting category was questioned in the early years. It was considered a separate matter and critics argued that it risked criminalising asylum seekers (Ajana, 2013, p. 583).
In the reviewed literature there are, however, some authors who suggest that data protection laws have been strengthened over the years, even if not enough to fully embrace the above-mentioned issues (e.g., Ippolito & Velluti, 2011). While most authors employed critical perspectives, a few leaned on the idea that, despite the lack of transparency, the digitalisation of border control also offers a certain measurability. In these publications, EURODAC is evaluated as a tool to implement the Dublin Regulation and can, as such, be both efficient and inefficient (Dóczi, 2013;Pedersen, 2015).
An adjacent question has been the function creep whereby the use of data stored in EURODAC is increasingly being employed in other fields. Interoperability with law enforcement is particularly sensitive. In 2005, Thomas (2005, p. 393) wrote that EURODAC did not develop legal protection against comparing EURODAC information with criminal databases since "access was limited for the sole purpose for which it was originally intended." However, as described in the background section, the recasting of EURODAC in 2013 and 2019 opened the doors for an increasing interoperability with both national law enforcement authorities and Europol. Vavoula (2015Vavoula ( , 2020aVavoula ( , 2020b has evaluated how such interoperability complies with respect for private life and the protection of data. Vavoula argues that the system is flawed, which threatens individual privacy when national and EU systems do not comply (see also Boehm, 2012aBoehm, , 2012b. The permission to use EURODAC data for risk assessment (i.e., to combat terrorism) equally weakens the protection provided by law. EURODAC also contains information on minors, which represents another weak point in the legislation.
Finally, fundamental rights and data protection are also connected to the discrimination of migrants. For one, such discrimination concerns the fact that migrants are the "primary targets" of databases such as EURODAC and thus by default become subjected to more surveillance than other groups (Baldaccini, 2008;Thomas, 2005). Similarly, Besters and Brom (2010) point to how asylum seekers and other categories of migrants have become a "test lab" for new security and surveillance technologies, and Vavoula (2020a) argues that more prosecutions and convictions "of third-country nationals may take place, merely because a pool of information exists, since no equivalent EU-wide catalogue of records on EU-citizens exists." In a discussion about the potentially invasive practices of medical age assessment, Abbing (2011) notes that regulations and databases with age limits for data registration, such as EURODAC, can affect the role of age determination beyond asylum cases. Another discriminatory aspect is that those subjected to fingerprinting may find this particularly difficult if they have fled coercive authorities as refugees. People may also experience fingerprinting as stigmatising, since it is associated with a practice for criminals (Thomas, 2005). As a consequence of increased interoperability with law enforcement, third-country nationals, including asylum seekers, are implicitly seen as potential criminals. Mitsilegas (2008) also points out that the way the commission defined interoperability as a primarily technical issue disguised its socio-political nature.

Discussion
Through this scoping review, our basic aim was to map social science research on EURODAC. The above analysis describes the accumulated knowledge that academic research has produced over the past 20 years, corresponding to our first research question (RQ 1). In addition to the main themes and sub-themes of each key publication in our study, we also made notes about locations studied in the publications and the method used for the analyses (Table 1). Drawing upon this information, together with our qualitative analysis, we seek to answer our second and third research questions below, which relate to gaps and trends in the literature (RQ 2) and to the wider implications for other areas of the CEAS (RQ 3).
It is noteworthy that many of the key questions that appeared on the agenda some ten years into its use, such as the consequences of function creep and increasing interoperability, were already identified in the literature published before EURODAC's inception (e.g., Brouwer, 2002;van der Ploeg, 1999). In parallel, a normalisation seems to have taken place where the application of sophisticated biometrics no longer is seen as a conspicuous act but as part of everyday reality. Some of the key questions that caused much debate in the literature from the late 1990s-such as the questionable ethics of storing fingerprints from people not subjected to a major criminal offence-appear in present scholarship as a point of departure rather than a future worst-case scenario. These results support Tsianos and Kuster (2016, p. 242) who, in addition, point to that, despite substan-tial criticism against the Dublin system, the operation of "the database system per se has paradoxically remained unaffected from these disputes." We observed several research gaps that we believe could be researched in the future. One such gap concerned diversity in terms of methodology. As shown in Table 1, only five of the 38 key publications employed ethnographic methods. Ethnographic methods are particularly useful to capture lived experience and the complexities of everyday life. By extension, we argue, ethnographic methods could further problematise the de-politicisation of technology that portrays EURODAC as simply a means of Dublin Regulation implementation. Among the screened category B publications, some studies could guide the way, e.g., studies showing how failed registrations in a southern member state can open up windows for rights for the individual (Franck, 2017); how street-level bureaucrats navigate the system (Rozakou, 2017); and how EURODAC registrations make individuals both present and, at the same time, absent in society (Sigvardsdotter, 2013). There is also some new research, published after we performed our study, that employs ethnographic methods. These show how asylum seekers navigate fingerprinting (Metcalfe, 2022) and strive for transparency and accountability (Amelung, 2021). To continue along this line, we argue, is an important task also for critical research on EURODAC to affect public awareness.
Another gap identified in our study is the lack of gender and intersectional perspectives in the literature.
While several studies emphasised that the sorting of different categories of migrants are intrinsic to EURODAC, distinguishing between, for instance, asylum seekers and irregular migrants, a broader take on heterogeneity was surprisingly absent in the literature. Age was identified in some category B publications, for instance one that observed how EURODAC affects older children in migration processes (Drywood, 2010). We believe that research that explored differences in terms of gender, able-bodiness, sexuality, class, race, ethnicity, and nationality would generate new and important knowledge to the field. Moreover, while member state variation did receive some attention in the key publications-in particular the southern member states Italy, Greece, and Spain (see Table 1)-there were not many that provided in-depth studies of national legal frameworks. Vavoula's (2015) discussion about member states' different national automated fingerprinting identification systems affecting the local EURODAC practices is an important exception. Such approaches become even more important with the increasing interoperability with law enforcement. In a recent article, Amelung (2021, p. 153) points out how "asymmetric engagements of member states' data practices with EURODAC interacts with how migrants are made suspicious (of crime) in different ways," and we agree that this is an important area for further research. The temporal dimension of EURODAC could also be developed further in future studies, for instance by focusing on interruptions caused by delayed registrations and missed asylum applications .
In addition, we were also surprised that none of the key publications in our review addressed how EURODAC affects asylum cases in specific member states. Fundamental rights were discussed in relation to general data protection, but not in relation to asylum. This leads us to ask if studies on the asylum process in different member states neglect to explore the impact of EURODAC on individual cases. If so, we believe that this is an important area to address in social science, an area that also partly answers our third research question on possible wider implications of EURODAC for other areas of CEAS concerning, for instance, quality and fairness in asylum decisions and living conditions for asylum seekers across the EU. Aforementioned research on fundamental rights has shown how it is next to impossible for an asylum seeker (or an irregular migrant) to challenge information stored in EURODAC. The information stored in EURODAC may thus have significant consequences for the individual asylum seeker, affecting for instance their trustworthiness in court in cases where a person's flight route is under question. Minors who are mistakenly registered as adults in the database, a practice not too uncommon (European Union Agency for Fundamental Rights, 2018), also illustrate this point. Such registrations affect a person's life far beyond rulings in relation to the Dublin Regulation. Everything, from the asylum claim to social rights (housing, education, work) may become dependent upon that faulty piece of knowledge. With the increasing interoperability with law enforcement, information stored in EURODAC may have even vaster effects on a person's life (Amelung, 2021). Moreover, in the light of how CEAS has failed in its goal of harmonising the asylum system in the EU, the effects of having fingerprints registered in EURODAC may be a question of a liveable life or a life in despair. Exploring EURODAC is thus to open a Pandora's box, and far from being simply a technological tool that facilitates the Dublin Regulation, research needs to continue to unpack its socio-political underpinnings and its centrality to the CEAS.