Schengen Information System (SIS)
What is Schengen information system (SIS)?
The Schengen Information System is key compensatory measure for the abolition of internal border checks. The SIS therefore continues to play crucial role in facilitating the free movement of people within the Schengen area. SIS is a large database shared between member states to maintain public security, support police and judicial co-operation and manage external border control. SIS contains extensive information on persons and objects, including personal data.
SIS allows competent national authorities to issue and consult alerts on persons who may have been involved in a serious crime or may not have the right to enter or stay in the EU. It also contains alerts on missing persons, in particular children, as well as information on certain property, such as banknotes, cars, vans, firearms and identity documents, that may have been stolen, misappropriated or lost.
As a reaction to new security challenges a new version of the Schengen Information System started operating on 7 March 2023. The new version of SIS was designed to make Schengen area even more secure and to provide the member states with further effective means of cooperation. One of the improvements that the recast version of SIS brings are new categories of alerts that can be entered into the system. These new categories include alerts related to vulnerable persons and alerts related to children who are in danger of being kidnapped. These new alerts therefore serve as means to protect children from getting kidnapped and taken away to third countries. In order to help member states in their fight against illegal immigration, the recast version of SIS also introduces new alerts on return of illegally staying third-country nationals and brings improved tools to better identify non-EU nationals.
Legal Framework
The SIS legal framework consists primarily of three EU Regulations:
- Regulation (EU) 2018/1860 of the European Parliament and of the Council of 28 November 2018 on the use of the Schengen Information System for the return of illegally staying third-country nationals,
- Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006,
- Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU.
Together, these three regulations replaced the old legislation, in particular Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second generation Schengen Information System (SIS II), Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System (SIS II) and partly also the Convention implementing the Schengen Agreement of 14 June 1985.
What types of alerts are entered into SIS?
The relevant national authority in one country may issue an alert which describes the person or object being sought. This information is then entered into the SIS. The types of alerts entered into SIS are:
- Alerts on return (entered on third-country nationals subject to a return decision to verify whether the return obligation has been met and to support the enforcement of the return decision),
- Alerts for refusal of entry and stay on third-country nationals (entered on the basis of a national decision taken by the competent administrative authorities or courts),
- Alerts on persons wanted for arrest for surrender or extradition purposes,
- Alerts on missing persons or vulnerable persons who need to be prevented from travelling,
- Alerts on persons sought to assist with a judicial procedure,
- Alerts on persons and objects for discreet checks, inquiry checks or specific checks,
- Information records in the interest of the EU on third-country nationals,
- Alerts on objects for seizure or use as evidence in criminal proceedings,
- Alerts on unknown wanted persons for the purposes of identification under national law.
The extent of personal data entered into SIS on the basis of aforementioned types of alerts is set primarily in article 4 of Regulation (EU) 2018/1860, article 20 of Regulation (EU) 2018/1861 and article 20 of Regulation (EU) 2018/1862. Each type of alert requires a minimum set of personal data to be entered in order for the alert to be put into place, EU law however also mandates that the data entered into SIS only include categories of personal data that are necessary for the fulfilment of the respective purpose for which the alert was created.
National competent authorities eligible to access data in SIS
Every member state shall clearly designate all competent authorities that have the right to access and subsequently search the data entered into SIS. The competent authorities with the right to access data in SIS in the Czech Republic are the Police of the Czech Republic, the Customs Administration, Ministry of Interior - Department for Asylum and Migration Policy, General Inspection of Security Forces, Municipal Offices performing registration of vehicles, State Navigation Authority, and Civil Aviation Authority. The full list of competent national authorities along with any potential changes is reported to eu-LISA (an EU agency that manages the operation of SIS), which in turn publishes a complete list of all national competent authorities in all member states annually. National competent authorities are only eligible to access the data stored in SIS for a specific purpose for which this right was entrusted to them (eg. border control, police and customs checks, the processing of visa applications, the verification of firearms and vehicles during their registration etc.) as can be seen in the list of national competent authorities published by eu-LISA .
What are the rights of data subject?
From the viewpoint of personal data protection, it is important to guarantee certain rights of individuals who can exercise these rights in order to actively participate in protection of their rights and, thus, also their privacy. The SIS legal framework places great emphasis on securing these rights in relation to processing of personal data in the Schengen Information System. Every person has the right to know what information about them has been entered in the SIS and also has the right to demand rectification or erasure of data if they are incorrect or unlawfully stored in the system. These rights are always exercised in compliance with the national legislation of the country in which these rights are claimed, the relevant procedures in individual Member States may therefore differ.
Right to access the data
Everyone has the right to ask for the information on whether and what personal data concerning them were entered into the SIS, for what reason, and by which authority of which specific member state they were entered.
Right to rectification or erasure
Everyone has the right to have factually inaccurate data (i.e. inaccurately entered) processed in the SIS concerning them rectified and any unlawfully stored data erased from the SIS.
How to proceed when exercising these rights in the Czech Republic?
The data subject has a right of direct access to the data. The data subject should primarily exercise their rights in respect of the SIS vis-a-vis the data controller, i.e., the Police of the Czech Republic.
Contact details
Police Presidium of the Czech Republic
P. O. Box 62/K-SOU
Strojnická 27
170 89 Praha 7
Czech Republic
ID DS: gs9ai55
epodatelna.policie@pcr.cz
Any data subject is entitled to send a written request to the Police of the Czech Republic exercising their right to information, rectification or erasure of their data processed in the SIS. Information about the processing of personal data in the SIS is to be revealed only to the data subject concerned (or their representative). The request must contain identification of the applicant – all first name/s, surname, date and place of birth and address. The data subject shall attach a copy of valid identity document and in the case of representation of the applicant a copy of the legal authorization. The Police is obliged to answer without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Police shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.
Exercise of the right of access is free of charge.
More information on the website of the Police of the Czech Republic.
It is recommended to use the contact form:
Request concerning the processing of personal data in the Schengen Information System
!! The Office for Personal Data Protection brings to attention that applicants should always clearly state the correct and up-to-date return address. The Police of the Czech Republic, as the data controller, sends written replies by registered post. If you provide an incorrect or outdated address, the reply to your request will fail to be delivered. !!
Remedies
Any person may bring an action before the court or the authority competent under the law of any member state to access, rectify, erase, or obtain information or to obtain compensation in connection with processing of their personal data in SIS.
When to contact the Office for Personal Data Protection?
The Office for Personal Data Protection is competent to review processing of personal data within the national part of the SIS at the request of data subjects in cases where there is a suspicion of an unlawful procedure or where the controller (the Police of the Czech Republic) has not provided a satisfactory response. That is why we recommend contacting the Office for Personal Data Protection after the Police have already been asked for the information. If the data subject contacts the Office for Personal Data Protection first, the request will be forwarded to the controller (Police of the Czech Republic) which may lead to delays in processing their request.
It is recommended to use the contact form:
Complaint concerning the processing of personal data in the Schengen Information System (SIS)
A Guide for exercising data subjects’ rights
Given that the procedure for exercising rights recognised to individuals whose personal data is processed in SIS may differ in individual member states, a comprehensive guide is available that summarizes the information needed to contact the relevant authorities in each member state and information on how to proceed when exercising these rights.
The full text of the guide is available here.
The new version of the Schengen Information System (SIS) – information campaign