Record numbers of migrants and refugees fleeing violence and poverty in parts of Africa and the Middle East present the European Union with unprecedented challenges, including in determining their identity. In recent years problems of identifying immigrants have been addressed in order to fight identity fraud and illegal entry. As a result, a wide variety of digital systems have been introduced to orchestrate an effective, preventative modus of identification of migrants, including to select those who (are about to) commit identity fraud or who enter EU territory illegally. Although the key aim of the digital systems is framed to protect the geographic and legal borders of member states and the safety of their population, empirically based studies demonstrate that these systems bring new risks for migrants. Against the background of many migrants finding themselves at risk in their home country and of the two legislative frameworks mentioned above, this article addresses first, how migrants are perceived by digital monitoring practices: are they themselves at risk, non-risk or do they pose a risk? In the EU, migrants must prove that their case is worthy of asylum status because they are ‘at risk’ from political unrest or other life-threatening circumstances in their home country. Yet, empirical data gathered through semi-structured interviews show that simply abiding by the standards during an enrolment process of the INS console, rather than being ‘at risk’, a migrant can easily be categorised as ‘posing a risk’ (La Fors-Owczynik & Van der Ploeg, 2015). Second, this article investigates the capacity of the new data protection regime in protecting migrants from being framed as a ‘misfit’. Given this second aim, the discussion explores how the European Convention on Human Rights can provide additional legal remedy for migrants being digitally categorised in a manner that is detrimental to them.