BDAR
gdpr

Schengen Agreement

WHAT IS SCHENGEN?

Schengen is a place in Luxembourg where five member states (Belgium, Netherlands, Luxembourg, France and Germany) in 1985, entered an agreement to gradually abolish border controls. A couple of years later, in 1990, the countries established a convention with detailed rules concerning how the Schengen agreement would be applied and what the cooperation would include.

Nowadays, 26 EU-countries participate fully in the cooperation. The UK and Ireland participate only to a limited extent.

WHAT IS LEGAL FRAMEWORK?

The technical aspects and the operation of the SIS II, the conditions for issuing alerts on refusal of entry or stay for non-EU nationals, the processing of data relating to alerts and conditions of data access and protection are laid down in the:

Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second-generation Schengen Information System (SIS II).
The necessary legislative basis for governing SIS II for matters regarding alerts on persons and objects entered in SIS II for facilitating police and judicial cooperation in criminal matters is laid down in the:

Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System (SIS II).

WHAT IS THE SIS II?

The Schengen Information System (and the second generation of the system – SIS II) is at the heart of Schengen cooperation. As a key compensatory measure for the abolition of internal border checks the SIS II therefore continues to play crucial role in facilitating the free movement of people within the Schengen area.

SIS II allows competent national authorities to issue and consult alerts on persons who may have been involved in a serious crime or may not have the right to enter or stay in the EU. It also contains alerts on missing persons, in particular children, as well as information on certain property, such as banknotes, cars, vans, firearms and identity documents, that may have been stolen, misappropriated or lost.

Being a state-of-the-art IT system and one of the largest of its kind worldwide, it will ensure strong data protection.

It will consist of three components: a Central System, Schengen States’ national systems and a communication infrastructure (network) between the Central and the national systems.

WHICH AUTHORITIES HAVE ACCESS TO INFORMATION IN THE SIS?

Access to SIS II is limited to the national border control, police, customs, judicial, visa and immigration and vehicle registration authorities. These authorities may only access the SIS II data that they need for the specific performance of their tasks. The European Agencies EUROPOL and EUROJUST have limited access rights to carry out certain types of queries.

WHO MAY BE REGISTERED IN THE SIS?

SIS II provides information on individuals who do not have the right to enter or stay in the Schengen area, or on those who are sought in relation to criminal activities. SIS II also contains information on missing persons, in particular children or other vulnerable individuals who are in need of protection, or in order to prevent threats. Details of certain objects are also recorded in SIS II, for example, cars, firearms, boats, and identity documents that may have been lost or stolen or used to carry out a crime.

WHAT TYPE OF ALERTS CAN BE ISSUED?

  • Refusal of entry or stay of third country nationals
  • Persons in order to assist with a judicial procedure
  • Persons wanted for arrest
  • Missing persons
  • Persons and objects for discreet or specific checks
  • Falsified documents
  • Objects for seizure or use as evidence in criminal procedures

WHY IS DATA ENTERED INTO THE SIS?

In essence, the relevant national authority in one country may issue an ‘alert’ which describes the person or object being sought. Reasons for issuing an alert are:

  • To refuse entry to persons who do not have the right to enter or stay in Schengen territory.
  • To find and detain a person for whom a European Arrest Warrant has been issued.
  • To assist in locating individuals or objects as requested by judicial or law enforcement authorities.
  • To find and protect a missing person.
  • To find stolen or lost property.

WHAT KIND OF INFORMATION CAN BE ENTERED ABOUT A PERSON IN THE SIS?

In particular, the following data sets may be processed in the Schengen Information System: forenames and surnames; names at birth; former names; aliases; place and date of birth; sex; any specific physical characteristics not subject to change, photographs, fingerprints, nationality; whether the person concerned is armed or violent or has escaped from detention; the reason for the alert; the authority issuing the alert; information relating to the decision and the nature of the offence, on which the alert is based; action to be taken; as well as number(s) and date(s) of issue of identification documents relating to the person involved.

WHAT KIND OF INFORMATION CANNOT BE ENTERED IN THE SIS?

The SIS may not contain information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information concerning health or sex life.

WHO IS RESPONSIBLE FOR THE SIS?

The Ministry of the Interior of the Republic of Lithuania, as data controller, is responsible for the personal data in the Lithuanian section of the SIS.

 

WHAT RIGHTS DOES A PERSON HAVE CONCERNING THE DATA PROCESSED IN THE SIS II?

Any person may bring an action before the courts or authority competent under the law of any Member State to access, correct, delete or obtain information or to obtain compensation in connection with an alert relating to him.

WHAT IS THE RIGHT OF ACCESS?

Any person has the right to access data related to them and entered in the SIS II. The rules on access are exercised in accordance with the national law of the Member State concerned. Access may only be refused when this is indispensable for the performance of a lawful task related to an alert and to protect the rights and freedoms of other people.

WHAT IS THE RIGHT OF RECTIFICATION AND DELETION?

If a person believes that their personal information has been misused, needs to be corrected or deleted, they can request access in any Schengen country, by contacting the competent authority (in general the national data protection authority or the authority responsible for the quality of national data entered in SIS II). If they are outside of the Schengen area they may contact the consulate of a Schengen country in the country in which they currently live. They will be informed about the follow-up of their request within three months at the latest.

WHAT IS THE RIGHT OF INFORMATION?

Subject to certain exceptions the third country nationals who are the subject of an alert have the right to be informed about it in writing.

WHAT HAPPENS IF MY NAME IS MISUSED BY SOMEONE INVOLVED IN A CRIME OR ILLEGAL ENTRY IN THE SCHENGEN AREA?

Sometimes a false identity is used when carrying out crimes or attempting to enter or stay in the Schengen area. This misuse often involves lost or stolen identity documents. If such a situation results in an alert being entered in the SIS II, it can cause difficulties for the innocent person whose identity has been stolen. However, detailed procedures have been put in place to protect the interests of these innocent persons.

HOW TO PROCEED WHEN EXERCISING THESE RIGHTS IN THE REPUBLIC OF LITHUANIA?

The data subject has a right of direct access to the data. The data subject should primarily exercise his/her rights in respect of the SIS II vis-a-vis the data controller, i.e. the Ministry of the Interior of the Republic of Lithuania.

Contact address:
Ministry of the Interior of the Republic of Lithuania
Šventaragio str. 2, LT-01510 Vilnius
Lithuania
Phone +370 5 271 7130, fax +370 5 271 8551
Email [email protected]

Requests have to be submitted in writing and signed. They have to include the identity of the person wishing to have access to data concerning him or her, or to have data concerning him or her corrected/deleted (surname(s) and first name(s), personal identification number (if he does not have a personal identification number, date of birth), place of residence, contact details (phone or email address)). The applicant must provide the data controller with a document certifying his or her identity. Exercise of the rights is free of charge.

If you have complaints on how your request for information is dealt with or if you have other doubts as regards the processing of data in the SIS and its compliance with applicable law, you may file a complaint with the State Data Protection Inspectorate.

WHAT DOES THE DATA PROTECTION AUTHORITY DO IN REGARD TO THE SIS?

National supervisory authority aims to monitor independently the lawfulness of the processing of SIS II personal data on their territory and its transmission from their territory, and the exchange and further processing of supplementary information.

The State Data Protection Inspectorate was designated as responsible for independently monitoring of the lawfulness of the processing of personal data stored in national SIS II. One of functions of the State Data Protection Inspectorate is to carry out control of the lawfulness of the processing of national SIS II personal data.

The State Data Protection Inspectorate is also participating in the Schengen II Supervision Coordination Group, consisting of two representatives from each national data protection authority and the European Data Protection Supervisor.

The national supervisory authorities and the European Data Protection Supervisor, will each act within the scope of its respective competences, and are to: 

  • Exchange relevant information;
  • Assist each other in carrying out audits and inspections, examine difficulties of interpretation or application of the Council Decision (the Regulation);
  • Study problems with the exercise of independent supervision or in the exercise of the rights of data subjects;
  • Draw up harmonised proposals for joint solutions to any problems and 
  • Promote awareness of data protection rights, as necessary. 

If you require more information, please contact:

State Data Protection Inspectorate
L.Sapiegos str. 17,
LT-10312 Vilnius
Lithuania
Phone + 370 5 271 2804
Fax. + 370 5 261 9494
https://vdai.lrv.lt
Email [email protected]

Last updated: 17-12-2019