SIS: Schengen Information System

The Schengen Information System (SIS) is the most widely used and largest information exchange system for border security and management in Europe. As there are no internal borders between Schengen countries in Europe, the SIS compensates for border controls and is the most effective cooperation tool for border and immigration authorities, police, customs and judicial authorities in the EU and Schengen associated countries.

The competent national authorities, such as police and border guards, can enter and consult alerts on persons and objects in a common database. These persons and objects can be located anywhere in the EU and the Schengen area during border checks, police checks or other legal controls.

On March 7, 2023, SIS-RECAST became operational as a replacement for SIS II, including several security enhancements in line with the new European regulations governing the Schengen area:

  • Increased information exchange and cooperation
  • New possibilities to locate and identify wanted persons, unknown wanted persons and to reinforce controls at external borders.
  • Additional tools to combat organized crime, terrorism, and irregular immigration.

 

Learn more

Rights granted to individuals whose data are protected in the SIS II

In accordance with data protection principles, all individuals whose data are processed in the SIS II are granted specific rights by the SIS II Regulation and the SIS II Decision4, which will be analysed below. Anyone exercising any of these rights can apply to the competent authorities in the State of his choice where SIS II is operated. This option is possible because all national databases (N.SIS II) are identical to the central system database. Therefore, these rights can be exercised in any country that operates SIS II, regardless of the Member State that issued the alert.

When an individual exercises his/her right of access, correction of inaccurate data and deletion of unlawfully stored data, replies by competent authorities are due within a strict deadline. Thus, the individual shall be informed as soon as possible and, in any event, not later than 60 days from the date on which he applies for access, or sooner if national law so provides6. Also, the individual shall be informed about the follow-up given to the exercise of his rights of correction and deletion as soon as possible and in any event not later than three months from the date on which he applies for correction or deletion, or sooner if national law so provides.7.

Right of access

The right of access is the possibility for anyone who so requests to have knowledge of the information relating to him or her stored in a data file as referred to in national law. This is a fundamental principle of data protection which enables data subjects to exercise control over personal data kept by third parties. This right is expressly provided for in Article 41 of SIS II Regulation and in Article 58 of SIS II Decision.

The right of access is exercised in accordance with the law of the Member State where the request is submitted. The procedures differ from one country to another, as well as the rules for communicating data to the applicant. When a Member State receives a request for access to an alert not issued by itself, that State must give the issuing country the opportunity to state its position as to the possibility of disclosing the data to the applicant8. The information shall not be communicated to the data subject if it is indispensable for the performance of the legal task connected to the alert, or to protect the rights and freedoms of other people.

There are currently two types of system governing the right of access to data processed by law enforcement authorities, and thus also applicable to SIS data. In some Member States the right of access is direct, in others it is indirect.

In the case of direct access, the person concerned applies directly to the authorities handling the data (police, gendarmerie, customs, etc.). If national law allows, the applicant may be sent the information relating to him.

In the case of indirect access, the person sends his or her request for access to the national data protection authority of the State to which the request is submitted. The data protection authority conducts the necessary verifications to handle the request and replies to the applicant.

Right to correction and deletion of data

The right of access is complemented by the right to obtain the correction of the personal data when they are factually inaccurate or incomplete, and the right to ask for their deletion when they have been unlawfully stored (Article 41(5) of SIS II Regulation and 58(5) of SIS II Decision).

Under the Schengen legal framework only the State which issues an alert in the SIS II may alter or delete it (See Article 34(2) of SIS II Regulation and 49(2) of SIS II Decision). If the request is submitted in a Member State that did not issue the alert, the competent authorities of the Members States concerned cooperate to handle the case, by exchanging information and making the necessary verifications. The applicant should provide the grounds for the request to correct or delete the data and gather any relevant information supporting it.

Remedies: the right to complain to the data protection authority or initiate a judicial proceeding

Articles 43 of SIS II Regulation and 59 of SIS II Decision provide for the remedies accessible to individuals when their request has not been satisfied. Any person may bring an action before the courts or the authority competent under the law of any Member State to access, correct, delete or obtain information or to obtain compensation in connection with an alert relating to him.

In case they have to deal with a complaint with a cross-border element, national data protection authorities should cooperate with each other to guarantee the rights of the data subjects.

Forms

These rights can be exercise before the Ministry of Interior, D.G. National Police, at the following address:

MINISTERIO DEL INTERIOR - DIRECCION GENERAL DE LA POLICIA. DIVISION DE COOPERACION INTERNACIONAL –OFICINA SIRENE - Avda. PIO XII nº 50, 28016, MADRID

For exercising of these rights, the following forms can be used:

Descargas