What is Schengen information system (SIS)?
The Schengen Information System is key compensatory measure for the abolition of internal border checks. The SIS II therefore continues to play crucial role in facilitating the free movement of people within the Schengen area. SIS is large database shared between member states helping to maintain public security, support police and judicial co-operation and manage external border control. SIS contains extensive information on persons and things, including personal data.
SIS allows competent national authorities to issue and consult alerts on persons who may have been involved in a serious crime or may not have the right to enter or stay in the EU. It also contains alerts on missing persons, in particular children, as well as information on certain property, such as banknotes, cars, vans, firearms and identity documents, that may have been stolen, misappropriated or lost.
In order to make Schengen area even more secure and provide more an effective tool for cooperation between all member states including new ones it was necessary to adjust the former SIS. On the day of 9th April 2013 the new SIS of the second generation (SIS II) with enhanced facilities started operating. Being a state-of-the-art IT system and one of the largest of its kind worldwide, it ensures strong data protection.
More information available here.
What are the possible reasons for issuing an alert in the SIS II?
In essence, the relevant national authority in one country may issue an alert which describes the person or object being sought. Reasons for issuing an alert are:
What are the rights of data subject?
From the viewpoint of personal data protection, it is important to guarantee certain rights of individuals who can exercise these rights in order to actively participate in protection of their rights and, thus, also their privacy. The SIS II legal framework places great emphasis on securing these rights in relation to processing of personal data in the Schengen Information System.
Every person has the right to know what information about them has been entered in the SIS II and also has the right to demand correction or deletion of data if they are incorrect or unlawfully stored in the system. These rights are exercised always in compliance with the national legislation of the country in which they are claimed, the relevant procedures in individual Member States may therefore differ.
Right for information
Everyone has the right to ask for the information on whether and what personal data concerning him/her were entered into the SIS II, for what reason) and by which authority of which specific member state they were entered.
Right for correction or deletion
Everyone has the right to have factually inaccurate data (i.e. inaccurately entered) processed in the SIS II concerning you corrected and any unlawfully stored data deleted from the SIS II.
Right to file a complaint to the data protection authority
In some countries (e.g. the Czech Republic) when the data subject must first contact the controller of the system (competent law enforcement authority) and in the case he/she is not satisfied with the answer provided, it is possible to contact national data protection authority with applying the right on verification of processing of personal data in the SIS II.
Any person may bring an action before the court or the authority competent under the law of any member state to access, correct, delete or obtain information or to obtain compensation in connection with an alert relating to him.
How to proceed when exercising these rights in the Czech Republic?
The data subject has a right of direct access to the data. The data subject should primarily exercise his/her rights in respect of the SIS II vis-a-vis the data controller, i.e. the Police of the Czech Republic.
Police Presidium of the Czech Republic (Policejní Prezidium České republiky)
P. O. Box 62/K-SOU
170 89 Praha 7
Any data subject is entitled to send a written request to the Police of the Czech Republic (address given above) asserting his/her right to information on and deletion or correction of his/her data processed in the SIS II. Information about the processing of personal data in the SIS II is to be revealed only to the data subject concerned (or his/her representative). The request must contain identification of the applicant – all first name/s, surname, date and place of birth and address. The Police is obliged to answer within 60 days. Exercise of the right of access is free of charge.
When to contact the Office for Personal Data Protection?
The Office for Personal Data Protection is competent to review personal data processing within the national part of the SIS at the request of data subjects in cases where there is suspicion of an unlawful procedure or where the controller (the Police of the Czech Republic) has not provided a satisfactory response. That is why we recommend contacting the Office after the Police have already been asked for the information. If the data subject contacts the Office first, the request will be forwarded to the controller (Police of the Czech Republic).
Because the execution of the rights may differ from state to state the Guide providing complete information is available here.
The technical aspects and the operation of the SIS II, the conditions for issuing alerts on refusal of entry or stay for non-EU nationals, the processing of data relating to alerts and conditions of data access and protection are laid down in the:
The necessary legislative basis for governing SIS II for matters regarding alerts on persons and objects entered in SIS II for facilitating police and judicial cooperation in criminal matters is laid down in the:
Mode No graphics is currently switched on. Therefore you see the web page with no decorative graphics as well as any advanced formatting. If your browser supports CSS2, you can switch a graphic mode on.