The Office for Personal Data Protection

What is Schengen information system (SIS)?

The Schengen Information System is key compensatory measure for the abolition of internal border checks. The SIS II therefore continues to play crucial role in facilitating the free movement of people within the Schengen area. SIS is large database shared between member states helping to maintain public security, support police and judicial co-operation and manage external border control. SIS contains extensive information on persons and things, including personal data.

SIS allows competent national authorities to issue and consult alerts on persons who may have been involved in a serious crime or may not have the right to enter or stay in the EU. It also contains alerts on missing persons, in particular children, as well as information on certain property, such as banknotes, cars, vans, firearms and identity documents, that may have been stolen, misappropriated or lost.

In order to make Schengen area even more secure and provide more an effective tool for cooperation between all member states including new ones it was necessary to adjust the former SIS. On the day of 9th April 2013 the new SIS of the second generation (SIS II) with enhanced facilities started operating. Being a state-of-the-art IT system and one of the largest of its kind worldwide, it ensures strong data protection.

More information available here.

 

What are the possible reasons for issuing an alert in the SIS II?

In essence, the relevant national authority in one country may issue an alert which describes the person or object being sought. Reasons for issuing an alert are:

• to refuse entry to persons who do not have the right to enter or stay in Schengen territory,

• to find and detain a person for whom a European Arrest Warrant has been issued,

• to assist in locating individuals or objects as requested by judicial or law enforcement authorities,

• to find and protect a missing person,

• to find stolen or lost property.

 

What are the rights of data subject?

From the viewpoint of personal data protection, it is important to guarantee certain rights of individuals who can exercise these rights in order to actively participate in protection of their rights and, thus, also their privacy. The SIS II legal framework places great emphasis on securing these rights in relation to processing of personal data in the Schengen Information System.

• The right to access the data

Every person has the right to know what information about them has been entered in the SIS II and also has the right to demand correction or deletion of data if they are incorrect or unlawfully stored in the system. These rights are exercised always in compliance with the national legislation of the country in which they are claimed, the relevant procedures in individual Member States may therefore differ.

            Right for information

Everyone has the right to ask for the information on whether and what personal data concerning him/her were entered into the SIS II, for what reason) and by which authority of which specific member state they were entered.

            Right for correction or deletion

Everyone has the right to have factually inaccurate data (i.e. inaccurately entered) processed in the SIS II concerning you corrected and any unlawfully stored data deleted from the SIS II.

            Right to  file a complaint to the data protection authority

In some countries (e.g. the Czech Republic) when the data subject must first contact the controller of the system (competent law enforcement authority) and in the case he/she is not satisfied with the answer provided, it is possible to contact national data protection authority with applying the right on verification of processing of personal data in the SIS II.

•   Remedies

Any person may bring an action before the court or the authority competent under the law of any member state to access, correct, delete or obtain information or to obtain compensation in connection with an alert relating to him.

 

How to proceed when exercising these rights in the Czech Republic?

The data subject has a right of direct access to the data. The data subject should primarily exercise his/her rights in respect of the SIS II vis-a-vis the data controller, i.e. the Police of the Czech Republic.

Contact address:

Police Presidium of the Czech Republic (Policejní Prezidium České republiky)

P. O. Box 62/K-SOU

Strojnická 27

170 89 Praha 7

Any data subject is entitled to send a written request to the Police of the Czech Republic (address given above) asserting his/her right to information on and deletion or correction of his/her data processed in the SIS II. Information about the processing of personal data in the SIS II is to be revealed only to the data subject concerned (or his/her representative). The request must contain identification of the applicant – all first name/s, surname, date and place of birth and address. The Police is obliged to answer within 60 days. Exercise of the right of access is free of charge.

More information on the website of the Police of the Czech Republic and Ministry of Interior or EU webpage.

 

When to contact the Office for Personal Data Protection?

The Office for Personal Data Protection is competent to review personal data processing within the national part of the SIS at the request of data subjects in cases where there is suspicion of an unlawful procedure or where the controller (the Police of the Czech Republic) has not provided a satisfactory response. That is why we recommend contacting the Office after the Police have already been asked for the information. If the data subject contacts the Office first, the request will be forwarded to the controller (Police of the Czech Republic).

Because the execution of the rights may differ from state to state the Guide providing complete information is available here.

 

!! The Office brings to attention that applicants should always clearly state the correct and up-to-date return address. The Police of the Czech Republic, as the data controller, sends with regard to the protection of your data, written replies by registered post. If you provide an incorrect or outdated address, the reply to your request will fail to be delivered. !!

LEGAL FRAMEWORK

The technical aspects and the operation of the SIS II, the conditions for issuing alerts on refusal of entry or stay for non-EU nationals, the processing of data relating to alerts and conditions of data access and protection are laid down in the:

• Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second-generation Schengen Information System (SIS II).

The necessary legislative basis for governing SIS II for matters regarding alerts on persons and objects entered in SIS II for facilitating police and judicial cooperation in criminal matters is laid down in the:

• Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System (SIS II)

 

More information about the Schengen Information System available on the SIS II Supervision Coordination Group official website.