Exercise your rights for SIS II
Development of the Schengen Area
On 14 June 1985, five Member States and the Netherlands, signed an agreement to create a territory without borders and provide a common policy on temporary entry of persons and cross-border police co-operation. This became known as the ‘Schengen Area’. The name was taken from the name of the town in, on the border with and, where such agreement was signed.
Taking as a basis the Schengen Agreement on the gradual abolition of checks at common borders, on 19 June 1990, there was the signature of the Schengen Convention between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic. The contracting parties to the Convention and the Netherlands have decided to fulfil the resolve expressed in the Agreement to abolish checks at their common borders on the movement of persons and facilitate the transport and movement of goods at those borders. The intergovernmental co-operation expanded to include other Member States.
Malta joined Schengen in December 2007 by lifting its sea borders. Subsequently in March 2008, lifted its air borders rendering the Schengen Acquis fully operative. Being part of the Schengen zone means that Maltese citizens are free to travel to any other Schengen country without being subjected to border checks.
Facilitating free movement within internal borders of the Schengen Area had to be reconciled with specific measures aimed to strengthen security both at external borders and within the Schengen zone. This involved improving co-ordination between the police, customs and the judiciary and taking necessary measures to combat important problems, such as terrorism and organised crime. In order to make this possible, an information system known as the Schengen Information System was set up to exchange data on people’s identities and descriptions of objects which are either stolen or lost.
The Schengen Information System (SIS)
The SIS is the most widely used and largest information sharing system for security and border management in Europe that allows the competent authorities of participating Member States to enter and consult alerts on persons or objects.
A second technical version of the system, the SIS II went live on 9th April 2013. The SIS II is composed of a central system ("Central SIS II"), a national system (the "N.SIS II") in each Member State (the national data systems that will communicate data with the Central SIS II), and a communication infrastructure between the central system and the national systems providing an encrypted virtual network dedicated to SIS II data and the exchange of data, including supplementary information between the authorities responsible for similar data exchanges (SIRENE Bureaux).
The system establishes communication amongst all Member States and provides end-users with access to information in accordance with the applicable legal framework. It is a vital factor in the smooth running of the area of security, freedom and justice. It contributes to the implementation of the provisions on the free movement of persons and to judicial cooperation in criminal matters and police cooperation.
The system assists the competent authorities in Europe to preserve internal security in the absence of internal border checks. The scope of SIS is defined in three legal instruments:
Regulation (EC) No 1987/2006 (Border control cooperation): SIS enables border guards and visa issuing and migration authorities to enter and consult alerts on third-country nationals for the purpose of refusing their entry into or stay in the Schengen area.
Council Decision 2007/533/JHA (Law enforcement cooperation): SIS supports police and judicial cooperation by allowing competent authorities to create and consult alerts on missing persons and on persons or objects related to criminal offences.
Regulation (EC) No 1986/2006 (Cooperation on vehicle registration) Vehicle registration services may consult SIS in order to check the legal status of the vehicles presented to them for registration. They only have access to SIS alerts on vehicles, registration certificates and number plates.
Regulation (EU) 2018/1860, Regulation (EU) 2018/1861 and Regulation (EU) 2018/1862 came into force entered into force on the 28th December 2019 and they will be completely operational as from December 2021. The new functionalities in the SIS are currently being implemented in different stages and these are expected to be completed by 2021.
Personal data processed in the SIS
Pursuant to the provisions of the SIS II legal framework, particularly Article 24 of Regulation 1987/2006 and Articles 26, 32, 34, 36, and 38 of Council Decision 2007/533/JHA, categories of information in the form of alerts concerning persons, objects, vehicles and documents are processed. When the alert concerns a person, the information can include:
(a) surname(s) and forename(s), name(s) at birth and previously used names and any aliases, which may be entered separately;
(b) any specific, objective, physical characteristics not subject to change;
(c) place and date of birth;
(h) whether the person concerned is armed, violent or has escaped;
(i) reason for the alert;
(j) authority issuing the alert;
(k) a reference to the decision giving rise to the alert;
(l) action to be taken;
(m) link(s) to other alerts issued in SIS II
The processing of sensitive personal data namely information revealing racial origin, political opinions or religious or other philosophical beliefs, as well as personal data concerning health or sexual life, is not allowed.
The SIS II legal framework lays down the reasons where an alert containing personal data may be inserted in the system. These are as follows:
- Alerts issued in respect of third-country nationals for the purpose of refusing entry or stay
- Alerts in respect of persons wanted for arrest for surrender or extradition purposes
- Alerts on missing persons
- Alerts in respect for persons sought for a judicial procedure
- Alerts on persons or objects for discreet and specific checks
- Alerts on objects for seizure or use as evidence in criminal proceedings
What are your rights in relation to your personal data processed in the SIS?
The SIS II legal framework lays down the rights of persons in relation to the personal data processed in the system and which could be exercised in accordance with the national law of the respective country, i.e. Data Protection (Processing of Personal Data by Competent Authorities for the Purposes of the Prevention, Investigation, Detection or Prosecution of Criminal Offences or the Execution of Criminal Penalties) Regulations (Link here) and Regulation (EU) 2016/679 (Link here) for purposes other than the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties . The citizen has the right to:
- request access to personal data relating to him/her which has been entered in the SIS;
- request the correction of factually inaccurate personal data relating to him/her or the deletion of his/her personal data in the case of unlawfully stored information;
- bring before the Courts or the authority competent under the national laws an action to correct, delete or obtain compensation in connection with an alert involving him/her.
How to exercise your rights?
In Malta, any individual has the right to request access, correction or deletion of his/her personal data by contacting directly the data controller which in this case is the authority responsible for the system at national level. Such rights are exercisable by submitting a formal request to the following address.
The Data Protection Officer, Legal Unit, Police Headquarters, Floriana
Email: [email protected]
Telephone: +356 21224001
Personal data may be delayed, restricted or omitted, for as long as this constitutes a necessary and proportionate measure in a democratic society with due regard for the fundamental rights and the legitimate interests of the natural person concerned in terms of the applicable law.
In the eventuality of a restriction or refusal, the individual is to be informed in writing of the decision, including reasons for the decision, unless such communication could have a bearing on the work of the national competent authorities or on the rights and freedoms of other individuals.
What is the role of the Information and Data Protection Commissioner in relation to your personal data processed in SIS?
The Information and Data Protection Commissioner is the national supervisory authority responsible for carrying out independent supervision of the data file of the national section of the SIS. The Commissioner is also responsible for checking that the processing and use of data entered in the SIS does not violate the fundamental human rights of the data subject.
Any individual may exercise his rights through the Commissioner, whereby the Commissioner shall make the necessary verifications concerning the processing of personal data.For this purpose, the Commissioner is empowered to have access and inspect the data file of the national section of the SIS.
The Office of the Commissioner may be reached on the following contact details:
Address: Information and Data Protection Commissioner
Floor 2, Airways House
Sliema, SLM 1549
+356 2328 7100
SIS Supervision Coordination Group
The SIS Supervision Coordination Group is a platform in which the data protection authorities responsible for the supervision of SIS, according to Article 46 of the Regulation (EC) 1987/2006 and Article 62 of Council Decision 2007/533/JHAcooperate in the framework of their responsibilities in order to ensure a coordinated supervision of SIS. The Coordination Group is composed of representatives from the national data protection authorities supported by a secretariat which is provided by the European Data Protection Supervisor. Click here to view the latest Activity Report of the Group
Guide for exercising the right of access
The SIS Supervision Coordination Group has updated the guide for exercising the right of access in order to reflect the current legal framework. Similar guidance gives a comprehensive overview of the procedures applicable in exercising data subjects’ rights in each Member State. Click here to view the Guide for Exercising the Right of Access