top of page
german case study.jpg

Digital negotiations in Student Migration: Infrastructures and impact

by Rohan Pai, Sameer Bajaj, Amrita Nanda and Supratik Mitra

Migration Stage:

DEVELOPMENT

INTEGRATION

This case study explores the digital journey of an 'international student' or 'student migrant' when moving from India to Germany for higher education—depicting the existing inequities within the global knowledge economy by mapping digital systems and data infrastructures that a student interacts with during their migratory trajectory. The study draws from existing literature, online surveys, focus group discussions and expert interviews to highlight the impact of digital migration infrastructures on international students.

This report was produced by Aapti Institute in partnership with the Robert Bosch Stiftung GmbH

Overview

Mixed Migration

Which seeks to capture the intertwined and multifaceted drivers of movement of all people, regardless of status. A mixed migration lens helps to enlarge the protection space for people on the move who may not qualify for refugee status, or may not have left their countries for reasons laid out in the 1951 Refugee Convention, or regional refugee instruments, but who still might have felt compelled to leave for a combination of interrelated factors, including economic, political, social and religious or ethnic ones.[1]

Internationally mobile students

Individuals who have physically crossed an international border between 2 countries to participate in educational activities in the country of destination, where the country of destination of a given student is different from their country of origin.[2]

Migration Infrastructure

The natural and architectural features utilised for travelling; the material resources and knowledge required to navigate these; and the organised structures (administrations, businesses, NGOs) that hold such resources and provide information or services with regards to migration and the individuals (individual actors) who populate nature, structures, and organisations.[3]

Digital Migration Infrastructure

The ensemble of digital technologies including the underlying support structures that facilitate migration processes.[4]

Data Assemblage

Distinct supply chains of data (or set of supply chains) toward a particular end. Kitchin builds on it further defining assemblages a ‘complex socio-technical system, composed of many apparatuses and elements that are thoroughly entwined, whose central concern is the production of data.[5]

Information Bundles

The pre-existing set of online information sources and social networks students rely on time and time again. It does not include occasional visits to a new site but rather sources that are used throughout the different stages of the journey.[6]

Definitions

Introduction

Background

The cross-border mobility of students for further education has been an increasingly significant portion of global migration ever since the conclusion of the Second World War.[7] As suggested by data from the UNESCO Institute for Statistics, there were over 6.4 million international students globally in 2021, as compared to two million in 2000.[8] The number of people choosing to migrate for higher education is known to increase much faster than aggregate global migration.[9] However, in a majority of the cases, education is not often cited as a primary driver of migration,[10] pointing us towards two significant drivers that push people to embark on this journey.

Migration Drivers

First, economic prospects and education are closely related and this can be attributed to the global transition to a post-industrial knowledge economy. As highlighted by She and Wotherspoon,[11] a nation’s “knowledge advantage” in cultivating a well-educated, highly skilled, and flexible workforce is viewed as the most critical asset for economic prosperity. International students having received temporary residence status in these host countries are viewed as suitable candidates for integration into the domestic workforce due to their verified credentials, country-specific experience and skills, and social connections,[12] attained through higher education in the host country. These trends are prevalent in high-income countries even today. Just in the last year, Canada, UK, Australia and Germany have tweaked their immigration policies,[13] to attract highly skilled labour within critical domestic industries. From the perspective of migrants originating within low-income contexts, their movement to high-income countries is directly related to their aspirations for greater financial prospects.


Second, the transnational education industry is embedded within a knowledge economy that is designed to uphold Western hegemony.[14] Historically, there have been significant efforts carried out by Global North institutions to build the perception that Western education is of superior quality, and promises opportunities that are not available in the Global South.[15] The effects of this are substantiated by migration data which shows that out of the 6.4 million international students in 2021, 5 out of 7 were enrolled in educational programmes in high-income countries.[16] 60 percent of these international students were from middle-income countries of origin, with China accounting for 16 per cent followed by India at 8 per cent.[17]

Creation of Digital Migration Infrastructures

The commodification of education in this manner, where individuals (who can afford to) can buy the knowledge capital needed to engage successfully in the global marketplace, incentivises states and educational institutions to create migration infrastructures,[18] that are ancillary to this process. Düvell and Preiss define migration infrastructures as multidimensional, consisting of nature and technology, structure and agency, and knowledge. They break this down into “natural and architectural features utilised for travelling; the material resources and knowledge required to navigate these; and the organised structures (administrations, businesses, NGOs) that hold such resources and provide information or services with regards to migration and the individuals (individual actors) who populate nature, structures, and organisations.”[19]

 

Even though we have identified the main drivers for international student migration, migration infrastructures significantly influence the trajectory and decision-making processes related to the journey. The quality and reputation of universities, availability of scholarships, costs of living, employer-university interactions, labour market considerations, and prospects for residency and citizenship are critical infrastructural levers in the case of international student migration.[20] These are executed through the aforementioned “organised structures” (administrations, businesses, NGOs), that are creating “resources and knowledge” on mediating the migration process by acting on the priorities set by the global knowledge economy. 


The conception of migration infrastructures is nascent, but their digitalisation and the introduction of technologically-mediated processes to aid decision-making are adding a new dimension to international student migration. Each actor deploys these infrastructures to meet certain objectives. Higher education institutions market their programmes through websites, email, social media and online test courses,[21] and use AI-driven surveillance tools to monitor student activity.[22] Education consultancies and other related intermediaries provide key information about immigration, residence permits and financing at the application stage. States are involved in digitising key instruments such as travel visas and amending data protection guidelines, using them to further their policy goals. Even international students are involved in creating online channels and social media groups that can inform potential migrants about their journey through their own lived experiences. However, concerns arise about the implications of drastic digitalisation in this context. The lack of transparency around how data collected through these processes is influencing decision-making that directly impacts the international student community is largely unknown. Additionally, a majority of these technologies are deployed by the state and higher education institutions that wish to maintain control over student migration, thereby feeding into existing power structures created by the knowledge economy. While surveillance conducted through border technologies is well documented,[23] the evolution of higher education institutions into digital state-like entities that track student movement through mandated data collection is an emerging trend that raises significant concerns about the privacy and autonomy of international students.

The India-Germany Corridor for Student Migration

Our research aims to unpack these questions on the implications of digitalisation and data-driven decision-making by narrowing it down and examining student migration within the Indo-German corridor. As international student migration is witnessing an upward trend globally, the India-Germany corridor has developed into a major site of interest. Demographic shifts in Germany—an ageing population and low birth rate, are feeding into a growing skills shortage,[24] with the Federal Government being prompted to take proactive measures to offset this trend. The German-Indian Migration and Mobility Agreement 2022,[25] marks this shift in the Federal Government's outlook towards attracting skilled labour, with a focus on implementing legal processes and policy measures to incentivise the movement of qualified young Indians to Germany.


As a result, it is not surprising that the number of Indian students migrating to Germany has doubled over the last five years.[26] Indian students are now the largest international community on German campuses,[27] and this is reinforced by developing digital migration infrastructures within an evolving regulatory environment. The GDPR,[28] the EU AI act,[29] the Interoperable Europe Act,[30] the convening of the Eurodac group,[31] the database infrastructure being implemented through the EU Agency for large-scale IT systems (eu-LISA),[32] and the Entry/Exit System (EES) (which is an automated IT system for the registration of travellers from third-countries)[33] that is yet to come into force, will have strong intersections with the journey of a student migrating to Germany from India.

This case study explores the interlinkages between digital migration infrastructures in both countries, and how these affect the migratory trajectories of Indian students moving to Germany for higher education. An added emphasis has been placed on deconstructing the data flows that have been observed when students interact with digital migration infrastructures in their journey, to inform readers about the implications it could have on the migrant when stakeholders have access to information about migrants through various data sources.

Methodology

Our ongoing study, evaluating the intersection of mixed migration and digital migration infrastructures is led by four case studies. Informed by research about the mixed migration experience across these cases, we were able to conceptualise the journey of a migrant to be associated with three broad stages: crisis, development and integration. To a large extent, we observed that the stage of mixed migration has a direct impact on stakeholder responses and systems that are managing the migrant. 


Based on our criteria, we identified this case study on student migration in the Indo-German corridor between the development and integration stages. The highly established formal processes to assist in mediating the student’s journey from India to Germany, with safeguards in place for grievance redressal and legal aid strongly support the notion that the student migrant is not in crisis at any stage in the migratory trajectory. However, due to an evolving ecosystem of digital infrastructures to manage migration, along with accompanying regulation of technologies that is still at a nascent phase, it can be argued that a large part of the journey is under development. Finally, integration in student migration can be of two types, short-term and long-term. The short-term, refers to the period of study for which the student is allowed to reside temporarily in the host country. In this scenario, participating in the local economy and exercising their freedom in availing social benefits provided to them can be viewed as international students integrating into the host country. On the other hand, the long-term, is guided by aspirations to undergo a shift in status from students to work permit holders to permanent residents, with an eventual goal to officially settle in the host country through naturalisation. These vary based on the preferences of the migrant, and the skill compatibility of the migrant to participate in the labour market.

 

For the research process, this study adopted an evidence-based, mixed-methods approach to track the journey of the student migrant from India to Germany, with an emphasis on deconstructing data flows that arise out of migrant interactions with digital migration infrastructures. As the conceptualisation of migration infrastructures is still evolving, we contributed to developing this discourse through our research and framed it by bringing together previously established terminologies on information bundles, data assemblages and data infrastructures. Therefore, the study is heavily anchored on these conceptual frameworks, and is complemented by research on digital migration infrastructures in the context of student mobility in the Indo-German corridor. The following methods were employed for the study:

Desk Research

This work relies on an extensive review of academic and grey literature to better understand the history of student migration, and the state relations between Germany and India. For this, sources such as academic research papers, government publications, and media reports have been referenced. This enabled reading and understanding of the existing literature that has largely covered the historical trends in student migration in relation to immigration and labour force policy and regulation. However, the use of digital infrastructure and ICT, and the implications on student migrants remain largely unexplored. Therefore, this case study aims to plug a critical gap and create new knowledge on the impact of digitally mediated processes on student migrants.

Expert Interviews

To address the dearth of literature on digital migration infrastructures in the Indo-German context, this study relied on the knowledge of a couple of experts within academia involved in similar themes of research, to form a deeper understanding of student interactions with digital infrastructure.

Online Survey

Due to the lack of information on how data-driven decision-making has affected the lived experiences of Indian student migrants in Germany, we disseminated an online survey that collected information about student interaction with digital infrastructure in the application and integration phases of their journey. An entire section of the survey was dedicated to breaking down data-related experiences, covering the agency to negotiate with institutions that are collecting data, and the participant’s understanding of their data-related rights provisioned through the GDPR.

Acknowledgement

We would like to thank our survey respondents for taking the time and effort to provide valuable insights through the online questionnaire. We are also really grateful for Dr Sazana Jayadeva and Dr Derya Ozkul, for their inputs during the course of our research

Situation

Covert Data Collection Practices

Mixed migration journeys are deeply influenced by the impetus of the state to maintain control over population inflows. The use of state apparatus to meet these objectives have been observed in the past in the context of international student migration for higher education. Due to international student migration being a product of the knowledge economy led by Western countries, transnational education has roots in discrimination and control, including imperialist bordering practices against international students.[34] In a paper titled Higher Education Institutions as Eyes of the State, Brunner highlights how even higher education institutions have long been involved in surveillance through data collection, assessment, and evaluation of students, adding that they have a history of ‘state spying, recruitment and surveillance’ and sharing personal data for security purposes.[35] The underlying issues with systems being designed in this manner is the lack of visibility into how data that is collected by institutions at different points of the journey is stored, shared with other stakeholders and used in turn to govern the international student community.

The International Student as a Digital Unit

Additionally, as highlighted by Cranston and Esson, the digitalisation of borders allows states to use the capabilities of digital systems to exert control at the unitary level, enabling them to categorise individuals crossing the border.[36] The categorisation of the ‘international student’ is carried out using criteria that are informed by government policies, their administrative capacity to manage the population and institutional forces that are placed to reinforce these categories (such as regulations to automate border data collection, or mandates on universities for those eligible to be sponsored for visas).[37]

 

Such a regime leaves student migrants vulnerable to the expectations of immigration authorities. From the perspective of the state, this is a highly effective biopolitical technique for migration management because, “to secure a student visa, the individual has little choice but to ensure their declared aspirations and subsequent actions align with the visa conditions, that is, map onto what immigration authorities deemed constitutive of an ‘international student’”.[38] The receiving state configures the mobile subject regarding health, wealth, labour/leisure, and risk,[39] ensuring the individual is capable of learning in a specific language, is financially self-sufficient, and poses a low risk to the health and security of the nation.[40] Information like this is pre-programmed into digital screening systems to ensure these criteria are being met by student migrants.


Additionally, higher education institutions adopting the terminology of ‘overseas’ and ‘home’ as fee categories emphasise the role that geographical location, or residency, has in producing the international student as a population category. This further undermines the identity of the student migrant, failing to acknowledge that international students are not a homogenous population. In fact, they are prone to internal tensions due to differing types of mobility, country contexts, and socioeconomic backgrounds.[41] Nevertheless, these categorisations see resistance from students due to their self-perceived identity that may not completely align with the categorisation tendered by higher education institutions—prompting them to rely on other forms of digitally-mediated communication that serve their specific needs (for instance, through community social media groups).

Journey Mapping

For our study, we aimed to cultivate a deeper understanding of the implications of digital migration infrastructures along a student’s journey from India to Germany. These have largely been deployed by higher education institutions, state actors and other intermediaries that are involved in digital mediation of the migratory trajectory through the application, journey and integration phases. The following information should inform readers about the type of digital interactions that take place, and the data-sharing practices and agreements associated with these infrastructures. This sheds light on how data flows between institutions are used to make decisions regarding the treatment of international students in the host country:

View on Miro

  • Is it GDPR Compliant?

    GDPR Compliant

    Is there conclusive evidence available on data governance practices?

    Conclusive Evidence

    Definition

    The DAAD[42] supports the internationalisation of German universities, promotes German studies and the German language abroad. It is a registered association and its members include German institutions of higher education and their student bodies. DAAD relies on a network of Regional Offices, Information Centres and Information Points with coverage in more than 70 countries, to provide applicants up-to-date information on educational institutions and programs in Germany.

    Data collected

    Personal Data

    • Name

    • Email address

    • Country of origin

    • Country of residence

    • Current level of education

    • Subject area

    • Age

    • Gender

    • Graduation year

    • How you became aware of the DAAD

    • IP address
       

    Non-Personal Data

    • Date and time of access

    • Duration of visit

    • Operating system

    • Volume of data sent

    • Type of access

    • Domain name

    Mapping data flows and interactions

    The DAAD website includes social media plug-ins that collect information upon user engagement.

    • Social media websites can connect user information to accounts and track IP addresses.

    • Google Analytics is used, with data stored on Google servers in the United States.

    • Third-party cookies used by other providers can display adverts or integrate social media content.

    • External data recipients:

      • Processors for improving technical infrastructure.

      • Public bodies (e.g., prosecutors, courts, fiscal authorities) for legal reasons.

      • Private bodies based on consent or mandatory requirements.

    • Data processing in third countries has verification and guarantees through EU-US Privacy Shield or agreements.

    • DAAD’s cookie data is erased after 7 days unless exceptional circumstances apply.

    • Third-party providers, social media platforms, and public institutions in Germany and third countries can add to student data assemblages.

    • Students have minimal knowledge of other data sources and their impact.

  • Is it GDPR Compliant?

    GDPR Compliant

    Is there conclusive evidence available on data governance practices?

    Conclusive Evidence

    Definition

    For international prospective students, uni-assist[43] offers a central point of contact for applying to universities in Germany. Its core responsibility is the evaluation of international student applications and determining their eligibility for target universities.
     

    Uni-assist operates its own IT development department, which develops in-house software solutions to support the highly specialised application processes, and ensures seamless interfacing with all common university systems.

    Data collected

    Personal Data

    • Name

    • Address

    • Telephone number

    • Email address

    • Banking details

    • Financial income data

    • Scholarship information

    • Educational records

    • School transcripts

    • References

    • Language proficiency (TOEFL or IELTS) provided through Educational Testing Service (ETS)
       

    Non-Personal Data

    • None identified

    Mapping data flows and interactions

    • The website uses Matomo (formerly Piwik) software. Matomo saves a small text file ("cookie") on the user's device. The data collected is analysed under a pseudonym.

    • The IP address is anonymised before processing. Data cannot be combined with other data to identify visitors and is deleted after 3 months.

    • User’s application documents are deleted after 3 years.

    • Public authorities and offices also have access to the data.

    • A connection to YouTube servers is only established when the user engages with embedded YouTube videos.

    • Payment data is transmitted to uni-assist payment service providers at the time of payment.

    • Depending on the payment method, data may be transferred to online payment services, financial institutions, banks, and credit card companies.

    • Data relevant for accounting is deleted after 10 calendar years as per tax and commercial law.

    • Certain data may be transmitted to the applicant’s country of origin or other countries outside the EU/EEA which may not have adequate data protection.

    • The student has limited agency in knowing who is tracking their movement within the EU and their residing country.

    • Financial institutions may use data assemblages created during the payment process to measure financial capabilities and mobility.

  • Is it GDPR Compliant?

    GDPR Compliant

    Is there conclusive evidence available on data governance practices?

    Conclusive Evidence

    Definition

    The entity referred to here is the Goethe Institut,[44] a leading provider for German language courses and examinations globally. The institution is supported by the German Federal Foreign Office, non-profit foundations and companies in Germany and the EU.

    Data collected

    Personal Data

    • Name

    • Email ID

    • Course

    • User-generated content on blogs and discussion forums

    • Third-party payment information
       

    Non-Personal Data

    • None identified

    Mapping data flows and interactions

    • Data processing is carried out by a third party located within the EU or EEA.

    • Data collected by cookies is anonymised and deleted after the session ends.

    • For carrying out contracts with users, data is collected and stored in central management systems accessible to the Goethe institutes network.

    • After the contract is finished, the data is blocked for further use and kept only for mandatory retention periods under tax and commercial law.

    • Payment data is accessible to the respective commissioned banks and payment service providers during payment processing.

    • Engaging with Google Maps features on the website transfers some visitor data to Google companies in countries outside the EEA, where adequate data protection is not ensured.

    • External service providers include Mailchimp and Web Beacon for the newsletter, both following GDPR guidelines.

    • Goethe Institute retains collected information only for the required time.

    • Google Maps can access students' locations, which can be integrated into different digital systems of Google and its partners, potentially not following GDPR.

  • Is it GDPR Compliant?

    GDPR Compliant

    Is there conclusive evidence available on data governance practices?

    Inconclusive Evidence

    Definition

    ETS,[45] a non-profit organisation, is the world's largest private educational testing and assessment organisation. It is the author and provider of TOEFL, an English language proficiency test, and GRE, a standardised aptitude test. Based on the university and course of choice, applicants are required to provide their scores to universities.

    Data collected

    Personal Data

    • Biometric data: Fingerprint, Photograph, Voiceprint

    • Writing samples

    • Types of tests that you want to take

    • School affiliation

    • Expected degree and graduation date

    • Demographic data: Age, sex, place of residence

    • Language proficiency

    • Test registration records

    • Test administration records

    • Purchase history

    • Order information

    • Audio and video recordings in test centers
       

    Non-Personal Data

    • None identified

    Mapping data flows and interactions

    • Personal information is shared with service providers and contractors such as:

      • Telecommunications providers

      • Payment processors

      • Auditors

      • Government agencies

    • Other third parties with access include:

      • Companies assisting with IT programs (e.g., website hosting companies)

      • Companies administering promotions and aiding with security and fraud prevention

    • Biometric identifiers are disclosed to cybersecurity firms, law firms, or government agencies.

    • Personal information is used for research initiatives, where it is anonymised, pseudonymised, or de-identified.

    • Pixel tags (tracking pixels, web beacons, clear GIFs) are embedded on the website and in emails, transmitting information to ETS and their service providers or partner servers.

    • The website uses tracking and analytics tools such as:

      • Canvas fingerprinting

      • Mouse movement tracking

      • Keystroke analytics

    • These tools help ETS recognise devices even if cookies are rejected, and are used for security and fraud detection.

    • Links to third-party websites can collect information only after user interaction.

    • Third-party websites’ information collection and processing do not follow ETS’s policies.

    • ETS uses social media to collect personal information for interest-based ads.

    • ETS, its websites, and servers are located in the United States, so all information is transferred to the U.S.

    • Information may also be transferred to other countries providing processing services to ETS.

    • Despite anonymisation, data is accessible to both state and private actors.

  • Is it GDPR Compliant?

    Not Compliant

    Is there conclusive evidence available on data governance practices?

    Inconclusive Evidence

    Definition

    The Passport Seva Project[46] has been implemented in India, through Public Private Partnership (PPP) with Tata Consultancy Services, selected through a public competitive procurement process. Under this program, the sovereign and fiduciary functions like verification, granting and issuing of passport have been retained by the Ministry of External Affairs in India, maintaining ownership and strategic control over core data and information assets.

    Data collected

    Personal data

    • Biometric data: Name, Fingerprints, Digital photograph

    • Proof of age: Birth certificate, School leaving certificate

    • Proof of residence: Aadhaar card, Voter ID card, Electricity bill,

    • Proof of nationality: Birth certificate, Voter ID Card

    • Family details

    • Criminal record history
       

    Non-Personal data

    • None identified

    Mapping data flows and interactions

    • Specific due processes allow government agencies to access data collected by Passport Seva Kendra.

    • The site does not identify users or their browsing activities unless law enforcement agencies exercise a warrant to inspect the service provider's logs.

    • The site does not use any cookies.

    • Passport Seva Kendra provides limited information about:

      • What information is collected

      • How it engages with other digital systems

  • Is it GDPR Compliant?

    GDPR Compliant

    Is there conclusive evidence available on data governance practices?

    Conclusive Evidence

    Definition

    When visa holders enter the Schengen Area, border control authorities can verify traveller identity using the Visa Information System (VIS)[47]—a central IT system and a communication infrastructure that links to national systems in the Schengen Zone. Biometric data will be stored in the VIS database and can be accessed for 59 months (5 years). It is available to law enforcement agencies operating in the Schengen Zone.

    Data collected

    Personal Data

    • Biometric data: name, fingerprints, digital photograph

    • Demographic data: place of residence, age, sex

    • Passport identification

    • Bank account statement

    • University and college acceptance information, including major, duration of studies, financial status, place of residence, and contact details
       

    Non-Personal Data

    • None in the provided list

    Mapping data flows and interactions

    • Data is accessible to authorities at external borders and within national territories to:

      • Verify the identity of the person

      • Verify the authenticity of the visa

      • Check if the person meets the requirements for entering, staying in, or residing within national territories

    • Asylum authorities have limited access to the VIS to determine the EU State responsible for examining an asylum application.

    • National authorities and Europol may request access to data in the VIS to prevent, detect, and investigate terrorist and criminal offenses, but only in specific cases.

    • Certain websites of the Commission on Europa use 'first-party cookies' set and controlled by the Commission.

    • Authorities and officials with access to student information can act on personal biases.

    • The system profiles individuals from third countries.

  • Is it GDPR Compliant?

    GDPR Compliant

    Is there conclusive evidence available on data governance practices?

    Inconclusive Evidence

    Definition

    Under EU regulations, governments can retain PNR[48] data for a maximum of five years, to allow law-enforcement officials to access it if necessary. The regulations state that after six months, the data is masked out or anonymised.

    Data collected

    Personal data

    • Name and Contact Details

    • Demographics: Age, Sex, Address, Nationality

    • Payment transaction details

    • Travel agency details

    • Passport number

    • Visa status

    • Frequent flyer status

    • Travel itinerary

    • Flight preferences for seat, meals, baggage allowance, travel partners
       

    Non-Personal data

    • None identified

    Mapping data flows and interactions

    • Currently, PNR data is not well-protected and can be accessed by travel agents and governments.

    • The data collected is archived and retained in Computer Reservation Data and You (CRS) and/or Global Distribution Data and You (GDS).

    • PNR data can be viewed even if a ticket was never purchased or reservations were canceled.

    • In the United States, PNRs are stored in the Automated Targeting System-Passenger (ATS-P):

      • Data is part of an active database for up to 5 years.

      • After 5 years, data is transferred to a dormant database for up to 10 more years.

      • Data remains available for counter-terrorism purposes for the full 15-year retention period.

    • PNR data can be linked to different data assemblages to find in-depth information about the student and their activities.

    • According to research by the European Digital Rights (EDRi), records are not necessarily anonymised or encrypted, and, in fact, the data can be easily re-personalised.

  • Is it GDPR Compliant?

    GDPR Compliant

    Is there conclusive evidence available on data governance practices?

    Inconclusive Evidence

    Definition

    Upon arrival in Germany, students needs to register their place of residence at the registry office[49] (the “Bürgeramt” / “Einwohnermeldeamt”, / “Kreisverwaltungsreferat” or other names depending on the region).

    To complete this process, the housing registration form needs to be obtained from the landlord.

    Data collected

    Personal data

    • Passport

    • Rental contract (Mietvertrag)

    • Confirmation of housing provider (Wohnungsgeberbestätigung)

    • Registration form (Anmeldüng)

    • Bank account and other financial details
       

    Non-Personal data

    • None identified

    Mapping data flows and interactions

    • Data storage and processing follow:

      • EU General Data Protection Regulation (GDPR)

      • Hessian Data Protection and Freedom of Information Act (HDSIG)

      • Telemedia Act (TMG)

    • Information collected through cookies is deleted when the session ends.

    • The Residents' Registration Office uses Matomo for statistical analysis.

    • Matomo uses cookies and stores data after anonymisation.

  • Is it GDPR Compliant?

    GDPR Compliant

    Is there conclusive evidence available on data governance practices?

    Conclusive Evidence

    Definition

    A Student Residence Permit Card allows international students to live in Germany while pursuing their studies in a German university. It is issued by the Ausländerbehörde[49] (Foreigner’s Authority) and is valid for one to two years.

    Data collected

    Personal data

    • Name

    • Demographic details: Age, Sex, Address

    • Passport

    • Visa

    • Rental contract (Mietvertrag)

    • Confirmation of housing provider (Wohnungsgeberbestätigung)

    • Registration form (Anmeldüng)

    • Bank account and other financial details

    • University acceptance letter
       

    Non-Personal data

    • Date and time of visit

    • Browser type and operating system

    • Pages visited and referral source

    • IP address (anonymised by not storing the last block of digits)

    Mapping data flows and interactions

    • Matomo is used to assess website activities

    • Temporary cookies are placed to provide and optimise the website and make it secure

    • Data is not used for:

      • Profiling

      • Advertising purposes

    • Data is not shared with third parties except:

      • To provide publications (address data given to sender)

      • When asserting legal interests, particularly if data is linked to an IT structure attack

    • User rights:

      • Information: Users can request information about stored data

      • Erasure: Users can request data erasure if storage is no longer permitted

      • Correction: Users can request corrections if stored data is incorrect

      • Objection: Contact the Data Protection Commissioner for objections

  • Is it GDPR Compliant?

    GDPR Compliant

    Is there conclusive evidence available on data governance practices?

    Conclusive Evidence

    Definition

    Health insurance[50] is a mandatory requirement by law for all residents in Germany. International students under the age of 30 and pursuing a regular degree program, are eligible to enrol in the public health insurance system. To apply for public health insurance, students can choose from various statutory health insurance providers in Germany.

    Data collected

    Personal data

    • Name and Contact Details

    • Demographic details: age, sex, address

    • Passport

    • Past medical records (if requested)

    • Bank account details

    • University acceptance letter

    • Registration form (Anmeldüng)
       

    Non-Personal data

    • None identified

    Mapping data flows and interactions

    • Companies operate in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act.

    • Companies have developed their own code of conduct for processing personal data, aligned with the code of conduct of the Gesamtverband der Deutschen Versicherungswirtschaft e. V. (GDV, German Insurance Association).

    • User data is encrypted using Secure Sockets Layer (SSL).

  • Is it GDPR Compliant?

    GDPR Compliant

    Is there conclusive evidence available on data governance practices?

    Conclusive Evidence

    Definition

    To open a German bank account,[51] having a residence permit and a city registration letter is mandatory, but students are required to create a blocked bank account before arrival.

    Data collected

    Personal data

    • Name and Contact Details

    • Demographic details: Age, sex, address

    • Passport

    • Visa or Residence Permit

    • IBAN of domestic banking account

    • University acceptance letter
       

    Non-Personal data

    • None identified

    Mapping data flows and interactions

    • Information provided by the user on the website is transferred to the Deutsche Bank AG division.

    • Data is not shared with third parties unless necessary to answer the user’s queries (e.g., leaflets dispatched by vendors).

    • The website uses the encryption module of the user’s browser for encoding.

    • Additional state-of-the-art security measures are added to protect accounts.

    • An electronic identifier is generated at the time of data transfer to safeguard information.

  • Is it GDPR Compliant?

    GDPR Compliant

    Is there conclusive evidence available on data governance practices?

    Inconclusive Evidence

    Definition

    When activating a SIM card,[52] it is necessary to complete an identification process. The identification process can be completed using the passport and German address* either online via video chat or at a German post office (Post-Ident).

    Data collected

    Personal data

    • Name and Contact Details

    • Passport

    • Bank Account Details
       

    Non-Personal data

    • None identified

    Mapping data flows and interactions

    • Plug-ins used include ReadSpeaker, intended to improve site accessibility.

    • Social media plug-ins store information on the device if the user is not logged into any accounts; if logged in, data is connected to the respective account.

    • Commissioned data processors work within the legally defined scope of GDPR.

    • User data is processed in Germany and other European countries.

    • In exceptional cases where data is processed in third countries, adequate measures are taken to ensure it meets GDPR standards.

    • State authorities can only access data if there are legal obligations.

  • These community-led and community-oriented infrastructures are built around ethics of support, providing aspiring international students with the agency to negotiate with information asymmetry present in infrastructure deployed by the state and other high education institutions.[53] Examples include WhatsApp and Facebook groups. These groups are more accessible, though in some cases, membership relies on existing social and economic capital. Instances such as ‘Study in Germany’ Facebook and WhatsApp groups highlight their function, which provides constant support throughout the different phases of the journey with discussions of the pros and cons of Germany, the various types of universities in Germany, the admission requirements, and employment outcomes.[55] These groups have also been more successful in providing localized knowledge and specific information about visa officers and organizing of important papers and finances. Some members offer 1-on-1 assistance and support for a small fee—resembling traditional consultants—and also have YouTube channels, where they provide insights into the lifestyle and experience of living in Germany.[56] The groups thus create an accessible network that helps provide new information through national networks, which aid integration (for example, insurance, permits, accommodation, etc.). The different infrastructures are much more inclusive not only in terms of the kind of information they provide but also in other mediums of communication. The networks these groups create become a way of democratising aspiration and knowledge by making information more accessible which may have been previously gatekept.[57] The information it provides helps overcome apprehension and isolation created by administrative systems, leading to increasing mobility for people who may have not been able to access it in the past.

    Unpacking each of these migration digital infrastructures shows how it produces data assemblages that can be combined—with their intentions and analytical frameworks—forming a migration infrastructure with a stronger technological capacity. The infrastructure created by the systems consists largely of state institutions with limited presence of private actors and works with the intent of not just establishing ground truth about flows of people but profiling, forecasting, and conceptualising migration.[58] Thus, power in the systems emerges with the state institutions through the generation of data, control of access to data, and the merging of various data, but also through their analysis and interpretation.[59] The international student who continues to occupy the category of the user becomes a data subject whose rights are dependent upon their behaviour within the digital infrastructure. Moreover, the lack of knowledge about the systems and the creation of the opaque infrastructure offers minimal visibility to international students into how their data is being processed.[60] Thus creating vulnerabilities in the form of the inability to protect themselves from the negative effects of imposed visibility and action from these entities.

    53. Jayadeva Interview

    54. Jayadeva, Sazana. “Keep Calm and Apply to Germany: How Online Communities Mediate Transnational Student Mobility from India to Germany.” Journal of Ethnic and Migration Studies 46, no. 11 (2020): 2240–57. doi:10.1080/1369183X.2019.1643230.

    55. Jayadeva, Sazana. “Keep Calm and Apply to Germany: How Online Communities Mediate Transnational Student Mobility from India to Germany.” Journal of Ethnic and Migration Studies 46, no. 11 (2020): 2240–57. doi:10.1080/1369183X.2019.1643230.

    56. Jayadeva, Sazana. “Keep Calm and Apply to Germany: How Online Communities Mediate Transnational Student Mobility from India to Germany.” Journal of Ethnic and Migration Studies 46, no. 11 (2020): 2240–57. doi:10.1080/1369183X.2019.1643230.

     

Analysis and Emerging Frameworks

Digital Infrastructures and Information Bundles

By studying the digital journey map, we developed a framework that explains the interactions of students with digital migration infrastructures, the resulting data assemblages and data infrastructures, and the decision-making process that is dictated by the impetus of stakeholders in these positions.

 

The digital infrastructures that we have mapped in the case of international students moving from India to Germany can be categorised into formal and informal digital migration infrastructures. 


Formal migration infrastructures consist of systems that are primarily deployed by state, higher education institutions and private sector actors. These are usually preceded by legal or regulatory backing to manage migration, and provide student migrants with key sources of information to aid in mediating the journey. Examples include the Visa Information System, Air Passenger Information System, Passenger Name Records, German Academic Exchange Service (DAAD), Uni-Assist, German Language Centres, standardised testing institutions, health insurance and residence permit authorities among others at different stages of the journey.

Informal migration infrastructures consist of systems that can be deployed by a wide range of actors, but the foundation of these technologies remains community-oriented or community-led. These can be used by students as a form of resistance against impositions made by formal migration infrastructures, to derive further visibility into information that is gatekept by formal institutions. Examples include, but are not limited to social media groups on Facebook, WhatsApp and Reddit, YouTube channels that act as student guides, and clubs and societies originating within the universities.

sudent.png

While student migrants interact with a range of formal and informal infrastructures that exist across the journey from application to integration, each individual’s experience differs based on their context (first-generation learners, language barriers, choice of program) and socioeconomic background. To accommodate these differences in access to digital infrastructure, we categorise an individual’s use of a set of digital systems as their information bundle—a digital bundle of information sources includes the sources that a person relies on repeatedly and does not include occasional visits to a new site.[61] 


Conceptualising usage of digital infrastructure as information bundles helps to view digital systems from the individual's perspective, providing us insights on how each migrant’s activity may differ. For instance, an individual who comes from an urban, English-speaking background might not be required to provide standardised tests to prove language proficiency, and may rely on education consultancies to complete parts of their application. However, a student from a rural, non-English speaking background may have to rely heavily on WhatsApp communities for translating information on websites and helping them understand mandatory processes as they might not have access to individuals in their social network who have travelled to Germany before. It would also be of relevance to acknowledge that when international students move across national borders, they often do not automatically make the digital move to new sources of information. Many international students do not always make a corresponding digital move and continue to rely on previously established bundles of information sources.[62]

Information Bundles and Data Assemblages: How do they differ?

Information bundles refer to the set of formal and informal digital infrastructures used by any individual during the migration journey. These are highly visible to the migrant user, and they retain the agency to pick which systems they choose to interact with during the process, unless they are acting due to existing legal mandates like in the case of border technologies. 

 

Data assemblages are produced as exhaust from the interactions between student migrants and digital systems, and these are only visible to stakeholders deploying, maintaining and governing these systems. International students have minimal clarity about how their data is stored and shared among these assemblages, unless this information is published in the public domain by actors deploying this infrastructure. A set of data assemblages form a data infrastructure, and these are used by stakeholders to make decisions pertaining to migration management. 

61. Chang, Shanton. (2017). Digital Journeys: A Perspective on Understanding the Digital Experiences of International Students. Journal of International Students. 7. 347-366. 10.32674/jis.v7i2.385.

62. Chang, Shanton. (2017). Digital Journeys: A Perspective on Understanding the Digital Experiences of International Students. Journal of International Students. 7. 347-366. 10.32674/jis.v7i2.385.

Complications

The evolution of digital migration infrastructures depicts how they are no longer created to only record migration flows or limited to a single stakeholder. They are extensible through data assemblages, and the formation of data infrastructures envisioned by various stakeholders with differing logic for understanding and controlling migration. These digital infrastructures and the implications of the data they collect and operationalise cannot be understood in isolation, and it is important to analyse how these systems engage with one another through constant data sharing. The outcome is a multiplicity of data flows working towards differing ends depending on the stakeholders' intent and accessibility to the data. In the case of migration infrastructure for international students, there is a larger presence of state institutions through the prominence of infrastructure like the Visa Information System, as it is a central agency coordinating with other actors involved in the mediation of the journey. The digital migration infrastructure is conceptualised to reinstate the intra-government policies through the different institutions and bureaucracies, creating digital personas or data doubles of the international student. These personas can be constantly surveilled and analysed, giving limited agency to the international student to negotiate how their data will be used and by whom. To ensure the digital persona meets the premises set by the state, generating constant digital flows becomes important. Thus, it is important to understand how the data assemblages are used to create data infrastructures that are representing the student at different phases during the journey.

The Use of State Apparatus to Sustain the Knowledge Economy

Large-scale digital infrastructure such as the Visa Information System,[63] are supported by institutional mechanisms that enable seamless data sharing across multiple stakeholders. These processes are expedited by the ability to screen migrants and asylum seekers who are considered undesirable by the state, using information they have derived through a techno-political assemblage of multiple databases.[64]

 

For instance, the European Commission’s Migration and Home Affairs department has recently reached a political agreement,[65] to facilitate the flow of air passengers entering the Schengen area:

A. Setting a mandatory list of Advanced Passenger Information (API) data to be collected by air carriers from passengers on all flights to, from and within the EU.

B. Collecting data using “automated means” to increase the “reliability and efficiency of data collection”,

C. and the central management of data flows through an “EU-LISA router” that will “replace the current system of multiple connections between air carriers and national authorities,”[66]to form a GDPR-compliant interoperable system.[67]

 

These regulations being deliberated by state actors display the possibilities for datafication that have emerged through digitalisation and automation of migration control, putting into question the veracity of these systems to fairly manage the cross-border mobility of migrants and asylum-seekers through digital migration infrastructures. As denoted by our survey, 55% of migrants who studied in Germany reported that lack of information regarding how entities are processing personal data is proving to be a major point of concern for international students as it renders them vulnerable to arbitrary action from these entities. This could have far-reaching implications based on the identity of the migrant—often a critical factor in determining how international students are treated by institutions surveilling them.

 

Concerns arise around the ability of these systems to manage migration without discriminating against marginalised populations. Clear distinctions can be witnessed between how the state treats migrants and asylum-seekers based on their origin country—using the visa and its corresponding data infrastructure as an instrument to exclude those considered undesirable by the receiving country.[68] The ease of global travel is functionally divided along North-South lines—while visa-free travel has increased between Global North states and within regional free mobility regimes like the EU’s Schengen Area, tight Global North visa regimes limit options for large portions of the world’s population, preventing people with mobility aspirations from fulfilling them regularly.[69] For instance, citizens of countries who are members of the industrial‐country Organization for Economic Cooperation and Development (OECD) have gained mobility rights; those rights for other regions have stagnated or even diminished—particularly for citizens from African countries.[70]


Additionally, there is an emerging state-private sector nexus that is emerging from digitalisation. These private sector companies collect critical, personal data on their systems about individuals crossing the border through advanced technologies and systems that are key components of immigration enforcement in today’s day and age.[71] These systems are opaque, and there is negligible information available on how they process data, who they share it with, and for how long and what purposes they store it for.

The University as a Digital Surveillance State

Civil society organisations in Germany are making concerted efforts to bring to the limelight the use of various technologies within the classroom and on university premises. During the COVID-19 pandemic, some German universities began to use proctoring software to monitor students taking their exams. There were concerns about the software violating fundamental rights by processing a large amount of personal data, including identity, location, videos of movements, and the student’s room.[72] While the GDPR contains provisions to prevent misuse of video surveillance in schools, the threat of constant identification through cameras can exacerbate the existing power structures between a Global North institution and a Global South immigrant. These instances have been observed in other institutions in the Global North, such as in UCLA when administrators proposed using facial recognition software for security surveillance on campus.[73] In response, Fight for the Future ran facial recognition technology on more than 400 photos of UCLA faculty members and athletes and found the software incorrectly matched 58 of those with photos in a mugshot database—majority of those misidentified by the database being people of colour.[74]


More recently, as student demands for universities to divest from financial investments in Israel’s ongoing offensive have taken the form of protests, facial recognition technologies and social media monitoring tools have been used extensively by law enforcement officials deployed on university premises.[75] In the United States, 1,900 people on at least 43 college campuses were arrested at pro-Palestine protests in the last two weeks.[76] It is reported that in the past, at least 37 colleges have used Social Sentinel, a social media monitoring tool to surveil student protesters on campuses.[77] These instances prove to be a major point of concern, as law enforcement offices have a history of disproportionately deploying surveillance technology against marginalised communities, effectively blurring the lines between border security, immigration control, law enforcement and higher education institutions. The freedom of expression of individuals belonging to marginalised groups is constantly curtailed through nefarious data sharing practices amongst these entities. As higher education institutions are viewed as the sites of control to uphold the post-industrial knowledge economy, they are incentivised to cooperate with state authorities who wish to control population inflows based on their requirements. Decision-making for migration management is dictated by state intentions, and this is perpetuated by higher education institutions closely monitoring and tracking student movement and behaviour within their campuses. Eventually, international students remain tied to pre-existing power structures that undermine their lived experience in the host country.

Conclusion & Recommendations

The digital systems and the larger infrastructure created or remodified continue to be portrayed by nation-states as efficient and increasing security; but they have led to the rise of technocratic institutions imbued with coloniality which view international students—especially from the Global South—with suspicion. Technocracy is considered neutral or apolitical, even though digital systems and infrastructures are embedded with social biases and have the capacity to reconfigure institutions and vulnerabilities.[78] In the case of digital migration infrastructure for international students, the prevailing technocratic systems undermine social, spatial, historical, and cultural complexities.[79] Thus, creating digital systems which are exclusionary, offering easier access to information—and opportunities—to students belonging to the Global North.


The universalist conceptualization of the infrastructure and policies situates all international students as a homogenous group with access to and prior knowledge of proscribed digital technologies echoes a wider point about the tendency to undermine social inequities.[80] Students often from the global south do not have the prerequisite knowledge to engage with the different digital systems and negotiate how their information is being collected.[81] Therefore it is not just a question of how technology is deployed in migration infrastructure but who it is trying to protect from “risk”, who it is more welcoming for, and what aspects of the migrant it chooses to recognise. To address these challenges, here are a set of recommendations that could act as a starting point for better migration outcomes for international students:

1. Create avenues for negotiation in digital and data regulation:

The GDPR contains multiple provisions that give the data subject access to how their personal data is being processed, shared, used and stored. However, while having knowledge of these data-related aspects may provide the data subject a transparent overview of how their information is being used, there is still minimal negotiating power when it comes to navigating data collection and processing that is mandated by the state. For instance, the adopted framework for interoperability between EU information systems in the field of borders and visa,[82] is not just a bringing together of European security architecture, but the merging of various EU law and policy objectives, such as border checks, asylum, immigration, and police and judicial cooperation. As pointed out by StateWatch, the EU legislator's move to make large-scale IT systems interoperable has raised questions about their governance and the ways to safeguard fundamental rights in this context.[83] Mandating data collection and sharing in this manner leaves international students vulnerable to institutions making decisions about them based on information available on these systems.[84] Adding a layer of choice for the data subject, that allows them to prevent institutions from accessing data under the interoperable framework unless approved by the data subject, could provide migrants agency over which institutions they choose to share their data.Additionally, the recently passed EU AI Act excludes application to dangerous systems such as biometric identification systems, fingerprint scanners, or forecasting tools used to predict, interdict, and curtail migration.[85] Similarly, AI used as part of EU large-scale databases in migration, such as Eurodac, the Schengen Information System, and ETIAS will not have to be compliant with the Regulation until 2030.[86] This comes as a serious threat to immigrants, who are already vulnerable to the inherent biases in these AI systems towards marginalised groups. Regulators will immediately need to reconsider the implications of such a stance on immigrants whose data is being stored in these systems for migration management.

2. Institutionalise an autonomous entity that conducts oversight on the use of surveillance technologies on university campuses and classrooms:

Currently, higher education institutions are incentivised to maintain control over their student body through the use of surveillance technologies and monitoring devices. This sets a dangerous precedent for how international students are treated in the host country, and puts them at high risk from being constantly tracked by their university and other entities who can access this data. In other words, the university premises have become an extension of the state. Such practices not only infringe on students' privacy rights but also contribute to a sense of alienation, particularly for those who already feel vulnerable in a foreign country. The pervasive monitoring can stifle free expression and discourage students from fully participating in campus life, out of fear that their movements and activities are being scrutinised. To prevent surveillance and tracking from higher education institutions, institutionalising an autonomous body for oversight can add a layer of protection for international students and create a separation between state and higher education institutions. The German Academic Exchange Service (DAAD) that is keen on promoting higher education in the country, can house this initiative as part of their commitment to create better outcomes for international students.

3. Enable student collectives to negotiate with university administrators for recognition of various identities under the ‘international student’ category:

The homogenisation of a diverse, foreign student body into a single category, ‘international student’, severely undermines the varying socio-economic positions they come from. By failing to recognise these distinctions, institutions not only overlook the specific support and resources that some students might need but also perpetuate a one-size-fits-all approach that can exacerbate inequities and hinder the true potential of international education. By enabling student collectives that are formed to represent diverse groups to engage with the university administration, higher education institutions can begin to address the unique needs and challenges faced by different segments of the international student body. These collectives can provide valuable insights and advocate for tailored support systems, such as financial aid programs, digital literacy resources, and cultural acclimatisation activities that reflect the varied backgrounds of students. Additionally, fostering a more nuanced understanding of the international student experience can help create a more inclusive and supportive campus environment. To make this possible, it would be required to prevent unlawful social media tracking as these informal channels form the backbone for student collectivisation in the digital age.


78. Sue Timmis & Patricia Muhuro (2019) De-coding or de-colonising the technocratic university? Rural students’ digital transitions to South African higher education, Learning, Media and Technology, 44:3, 252-266, DOI: 10.1080/17439884.2019.1623250

79. Sue Timmis & Patricia Muhuro (2019) De-coding or de-colonising the technocratic university? Rural students’ digital transitions to South African higher education, Learning, Media and Technology, 44:3, 252-266, DOI: 10.1080/17439884.2019.1623250

80. Sue Timmis & Patricia Muhuro (2019) De-coding or de-colonising the technocratic university? Rural students’ digital transitions to South African higher education, Learning, Media and Technology, 44:3, 252-266, DOI: 10.1080/17439884.2019.1623250

81. Sue Timmis & Patricia Muhuro (2019) De-coding or de-colonising the technocratic university? Rural students’ digital transitions to South African higher education, Learning, Media and Technology, 44:3, 252-266, DOI: 10.1080/17439884.2019.1623250

Endnotes

bottom of page