Key Takeaways
- Three recent investigations expose how visa processing, refugee registration, and humanitarian aid systems collect and mishandle sensitive data under coercive conditions.
- Consent is often a condition of access, not a choice, leaving vulnerable populations—and ultimately everyone—at risk.
- Technical fixes alone won't address the underlying power imbalance; structural reform is needed.
Within a fortnight, three investigations illuminated the operating logic of border and humanitarian infrastructure from three different angles.
Lighthouse Reports documented how a company called VFS Global built a lucrative "visa empire" targeting applicants from countries with weaker passports – coercively upselling paid services, and mishandling biometric and personal data. A separate inquiry uncovered an exploitative website, UK Visa Portal, that exposed over 100,000 passport scans on an unsecured server, ensnaring applicants who believed they were navigating an official channel. Days later, The New Humanitarian revealed a cyber-attack on the World Food Programme that compromised names, phone numbers, and location data for 600,000 households in Gaza – the largest known breach of humanitarian beneficiary data to date.
These incidents have sparked calls for stricter outsourcer accountability, clearer data-use policies, or improved cybersecurity practices. These measures may be needed, but they address the symptoms and not the imbalances at the heart of the system.
The Architecture of Coercion
Visa processing, refugee registration, and large-scale humanitarian assistance are all facilitated by digital infrastructures that outsource sensitive personal data to non-state entities that are not accountable to the individuals whose data they process. These infrastructures centralise data in systems designed for re-use, interoperability, and increasingly, algorithmic analysis and automation.
Consent is not a choice. Responsibility is scattered down the chain. Those who are most vulnerable bear the biggest risks, but make no mistake: We are all affected by this digital outsourcing, no matter our passport.
Consent as a Condition of Access
From third-party visa processors to humanitarian aid, states have outsourced public functions through a chain of intermediaries that stand at a distance from domestic scrutiny.
VFS demonstrates how public authority is operationalised through private infrastructures, while WFP's Gaza breach shows how humanitarian registration systems consolidate critical information in a digital getaway susceptible to attacks. The UK Visa Portal breach reveals what grows in the shadow of systems that are defined by opacity, asymmetry, and commercial dependency.
The human cost begins with the fiction of choice. A Schengen applicant cannot bypass a visa outsourcer, just as a family in Gaza cannot bypass registration to access food aid. Coercion is an inbuilt feature of the architecture.
A person seeking a visa can be pulled towards a similar portal because the authorised route is difficult to navigate. This leads to the populations most intensively datafied sitting at the weakest end of every decision these systems make. Visa applicants from the Global Majority, refugees, and aid recipients in conflict zones must hand over biometrics, financial histories, and location data due to lack of an alternative. Value travels upward through the system while vulnerability stays where it began.
Fragmented Accountability
Formal responsibility resides with states or with an international organisation's internal policy. Yet day‑to‑day decisions on security and the exploratory use of data and analytics are taken by institutions whose incentives differ vastly from those of a public administration subject to domestic law.
Migrants and refugees live with the consequences of architectures designed without their participation.
Legal frameworks acknowledge parts of this system without resolving its contradictions. Visa outsourcers appear merely as processors under privacy legislation like GDPR, while dozens of client governments issue privacy notices. The UN's refugee agency, UNHCR, relies on internal data protection policies and codes of conduct to govern its biometric registries.
In practice, accountability is fragmented. Corporate processors respond to a patchwork of regulators who only see a slice of their global operations. International organisations answer to internal review bodies shielded by immunities from domestic courts.
Consider the case of Rohingya biometric data. UNHCR shared fingerprints and facial recognition data with Myanmar authorities based on claimed informed consent. Later documentation by Human Rights Watch revealed that refugees did not understand their data would be transferred to the government they had fled. Who is held accountable for this harm?
The person moving encounters systems that hold decisive power over their data, yet offer only self-regulation or diluted oversight in return. When breaches occur, those individuals absorb the impact. The WFP cyber‑attack in Gaza exposed identity info tied to 600,000 households; families must now live with the possibility of targeting or surveillance based on information they submitted for a basic need. Visa applicants whose records sit on unencrypted discs carry similar risks of identity fraud and opaque risk-scoring.
AI Deepens the Asymmetry
Artificial intelligence deepens this asymmetry. VFS talks about "AI-driven document recognition, biometric authentication, and predictive analytics" streamlining visa workflows. Humanitarian agencies increasingly explore analytics built on datasets that encode the vulnerabilities of displaced populations. A concerning pattern emerges where data is collected under structural non‑consent, centralised in insecure environments, used to train analytical models, and ultimately redeployed to assess and triage those same populations.
Technical Fixes Do Not Repair the Power Structure
The harm persists because sensitive data is concentrated in centralised systems, community oversight is absent, and data maximisation is prioritised in the name of efficiency and AI readiness.
The distribution of value and risk follows existing lines of global inequality. The regions generating the densest migration‑related datasets – South Asia, Africa, and West Asia – face the most restrictive visa regimes, the highest fees, and the greatest exposure during data leaks. Their residents pay in money and data, so destination states can gain certainty and control at zero political cost.
Mobile populations endure intense datafication yet are seldom consulted on the norms governing their information. Scholars call this data colonialism: the extraction of data from vulnerable groups to fuel systems that entrench advantage elsewhere. Efficiency and protection narratives direct benefits upward to states and contractors, while directing risk downward. As long as the same actors decide what gets collected and who audits high-risk deployments, each new safeguard will function merely as a patch on a system designed to leak power away from those who pass through it.
The Questions We Should Be Asking
The dilemma is not how to make the current system more secure: security fixes leave the fundamental power structure intact. Instead, ask how this loop of collecting under duress – and mishandling without consequence – can be structurally interrupted.
- Who designs, owns, and benefits from digital borders?
- If governments must retain data controllership when outsourcing processing, how can accountability be made to travel with the contract?
- When an AI system is trained on data collected under captive-consent conditions, what would mandated independent audits look like?
These questions, and their possible answers, affect all of us.
It is tempting to read a data breach in Gaza, or a visa scandal concentrated among applicants with weaker passports, as a problem belonging exclusively to precarious populations. But the infrastructures exposed in these three investigations are not exceptional arrangements. They form the blueprint for how states intend to govern identity, mobility, and welfare. Every person who has ever handed their data to a system they did not design, in exchange for the right to move, is already caught in this architecture.
Whether privileged or persecuted, it's time for us all to demand better.
