European Data Protection Supervisor
European Data Protection Supervisor

Schengen Information System

Schengen Information System

/file/sisiiscglogopng_ensisiiscg_logo.png

About the SIS II SCG

The Schengen Information System II Supervision Coordination Group (“SIS II SCG”) is a body set up by the SIS II Regulation and the SIS II Decision (both referred to as “the SIS II legal framework”) to ensure a coordinated supervision in the area of personal data protection of the SIS II large-scale information system. The SIS II SCG consists of representatives of the National Supervisory Authorities of the Member States responsible for data protection and the European Data Protection Supervisor.
The SIS II SCG replaced the Schengen Joint Supervisory Authority (JSA) after the second generation SIS (the “SIS II”), entered into force on 9 April 2013 – playing a similar role. In the Archive section you can find the webpage of the JSA.
The SIS II framework is also going to evolve: three proposals of Regulations were tabled in December 2016 by the European Commission – respectively regarding border control, law enforcement and vehicle registration. The European Parliament’s LIBE committee for Civil Liberties and Home Affairs adopted its position on 6th November and discussions between co-legislators are ongoing.
•    What we do
•    What we have done

Your rights

The SIS II Regulation provides persons with a right of access and a right to correction of inaccurate data and deletion of unlawfully stored data.
If you want to know which personal data are processed in the SIS II or if you want to correct or delete your data, because they were wrongfully entered in the SIS II, you can make a relevant request in any Schengen country, by contacting the competent authority. If you are currently outside the Schengen Area you can also contact the consulate of a Schengen country in the country in which you currently live. You will be informed about the follow-up of your request within three months at the latest.
The Group has adopted a Guide for exercising the right of access which provides you with detailed information on your rights under the SIS II legal framework. The Guide also lists all the competent authorities in the Member States and contains two model letters, one for the right of access and one for the right of correction or deletion.

Latest News

The next meeting of the SIS II SCG will take place on 19 June 2019 in Brussels.

Contact

Secretariat of the Schengen Information System II Supervision Coordination Group
Rue Wiertz 60
1047 Bruxelles/Brussel
Office: Rue Montoyer 30,
Tel. +32 2 283 19 13
Fax +32 2 283 19 50
E-Mail: EDPS-sis@edps.europa.eu

National Supervisory Authorities
Here you can find a list with the contact details of all the national Supervisory Authorities.

European Data Protection Supervisor
Rue Wiertz 60
1047 Bruxelles/Brussel
Office: Rue Montoyer 30, 6th floor
Tel. +32 2 283 19 00
Fax +32 2 283 19 50
E-Mail: edps@edps.europa.eu 

Legislation

The Schengen Information System II Supervision Coordination Group

What we do

“Data protection supervision is vital to guarantee the rights of the individuals.”
The SIS II SCG is a platform to improve the supervision of the SIS II large scale information system. The Group made up of representatives of the national Supervisory Authorities of the Member States and the European Data Protection Supervisor meets at least twice a year to:
- Share its experiences,
- Discuss problems regarding the interpretation or the application of the SIS II legal framework;
- Analyse difficulties regarding the supervision or the exercise of the rights of data subject. - - assist each other when carrying out audits and inspections,
- Daw up harmonised proposals for joint solutions and promotes awareness of data protection rights.
The working methods of the SIS II SCG are laid down in the Rules of Procedure.
After every meeting the Group publishes a summary of the outcomes of the meeting on this website (see Summary meetings). Moreover, the Group draws up a biannual Activity Report, which contains an overview of the Groups’ work of the last two years. The Activity Reports are also published on this website (see Activity Reports).

What we have done

So far the SIS II SCG has adopted a number of reports and common positions. These include among others:
- A Report on an overview of access to the SIS II,
- A Report on the exercise of the rights of data subjects
- A Common Position on the deletion of alerts on stolen cars.
Moreover, the Group closely follows all legislative proposals which may directly affect the SIS II. If the SCG deems it appropriate, it may decide to take a joint position in order to contribute with its knowledge and expertise to the development of personal data protection policy and legislation in the European Union. All the adopted documents can be found here.

About the Schengen Information System

What is the Schengen Information System (SIS II)?

The Schengen Information System (SIS II) is a large-scale information system that facilitates cooperation between national border control, customs and police authorities in the Schengen Area. The SIS II is in operation in 30 European countries, namely 26 EU Member States (only Ireland and Cyprus are not yet connected to SIS) as well as in Iceland, Liechtenstein, Norway and Switzerland.
The SIS II enables the competent authorities of the Schengen States to enter and consult alerts about persons and for objects. The reasons for issuing an alert include to refuse entry to a person who does not have the right to enter or stay in the Schengen territory, to find and detain a person for whom a European Arrest Warrant has been issued, to find a missing person, or to find stolen or lost property, such as a car or a passport.
An SIS II alert contains information about a particular person or object and clear instructions on what to do when the person or object has been found.
You can find a visual representation of how the SIS II works and how the new Regulations would change the framework in this European Commission factsheet.

How is the SIS II organised?

The SIS II consists of a central system (“Central SIS II”), a national system (the "N.SIS II") in each Member State and a communication infrastructure that links the central system to the different national systems.
The responsibilities for the operation and management of SIS II are divided between the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA) and the Member States. While eu-LISA is responsible for the operational management of the Central SIS II and the communication infrastructure, Member States are responsible for their national systems. Moreover, each Member State has to designate a national authority, which is responsible for the smooth operation and security of its national system and has to ensure the access of the competent authorities to SIS II. The designated national authorities in the various Member States can be found here.

How does it work?

The competent authorities of the Member States enter, update or delete data in the SIS II via their national systems. Before a competent authority issues an alert, it has to determine whether the case is relevant enough to warrant its entry. The competent authorities are also responsible for ensuring that the data is accurate, up-to-date and lawfully entered into SIS II. When the alert is issued in the SIS II, only the relevant Member State is authorised to modify, correct, update or delete the data.
Alerts in the SIS II should not be kept longer than the time required to fulfil the purposes for which they were issued. For instance, after a missing person is found the relevant alert is deleted from the SIS II. However, alerts are also automatically erased from the SIS II. As a general principle, alerts on persons are automatically erased after a period of three years, while alerts on objects are erased after a period of five to ten years.

Who has access to SIS II data?

The SIS II is accessible to authorised users within the competent authorities of Member States, such as national border control, police, customs, judicial, visa, vehicle registration authorities and some European agencies, including Europol. These authorities may only access the SIS II data which they need for the specific performance of their tasks. A list of the competent national authorities, which have access to the SIS II is published annually in the Official Journal of the European Union.

How is the protection of personal data ensured?

The national Supervisory Authorities oversee the application of the data protection rules in their respective countries, while the European Data Protection Supervisor (EDPS) monitors the application of the data protection rules for the Central SIS II managed by eu-LISA. Both levels cooperate to ensure a coordinated supervision.
When data of a person are stored in the SIS II, this person has the right to request access to these data and make sure that they are accurate and lawfully entered. If this is not the case, the individual has the right to request this data be corrected or deleted. Further information on data protection rights under the SIS II Regulation can be found here.

Further Information

• General Information on SIS
• Information of the European Commission on SIS

Summary meetings

Adopted Documents

•    Common Position No. 1/2016 on the deletion of alerts on stolen vehicles
•    Report on the exercise of the rights of the data subject in the Schengen Information System (SIS) 
•    Report on an overview of access to the SIS II

Activity Reports

Archive

Archived webpage of the former Schengen Joint Supervisory Authority

List of the National Supervisory Authorities

Austria

Österreichische Datenschutzbehörde

Wickenburggasse 8

1080 Wien
Tel. +43 1 52152 2550
E-Mail: dsb@dsb.gv.at
Website: www.dsb.gv.at

Belgium

Autorité de la protection des données

Rue de la Presse 35

1000 Bruxelles
Tel. +32 2 274 48 00
Fax +32 2 274 48 10
E-Mail: commission@privacycommission.be
Website: www.privacycommission.be

Bulgaria

Commission for Personal Data Protection
2, Prof. Tsvetan Lazarov blvd.
Sofia 1592
Tel. + 359 2 915 3580
Fax +359 2 915 3525
E-Mail: kzld@cpdp.bg
Website: www.cpdp.bg

Croatia

Croatian Personal Data Protection Agency
Martićeva 14
10000 Zagreb
Tel. +385 1 4609 000
Fax +385 1 4609 099
E-Mail: azop@azop.hr
Website: www.azop.hr

Czech Republic

Office for Personal Data Protection
Pplk. Sochora 27
170 00 Prague 7
Tel. +420 234 665 111
Fax +420 234 665 444
E-Mail: posta@uoou.cz
Website: www.uoou.cz

Denmark

Datatilsynet
Borgergade 28, 5
Tel. +45 33 1932 00
Fax +45 33 19 32 18
E-Mail: dt@datatilsynet.dk
Website: www.datatilsynet.dk

Estonia

Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Tatari 39
10134 Tallinn
Tel. +372 6274 135
E-Mail: info@aki.ee
Website: www.aki.ee

Finland

Office of the Data Protection Ombudsman
P.O. Box 800
FIN-00521 Helsinki
Tel. +358 29 56 66700
Fax +358  29 56 66735
E-Mail: tietosuoja@om.fi
Website: www.tietosuoja.fi

France

Commission Nationale de l'Informatique et des Libertés - CNIL
3 Place de Fontenoy
TSA 80715 – 75334 Paris, Cedex 07
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
Website: www.cnil.fr

Germany

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstraße 30
53117 Bonn
Tel. +49 228 997799 0; +49 228 81995 0
Fax +49 228 997799 550; +49 228 81995 550
E-Mail: poststelle@bfdi.bund.de
Website: www.bfdi.bund.de

In Germany, the competence in the field of data protection is split among different data protection supervisory authorities. Competent authorities can be identified according to the list provided under: https://www.bfdi.bund.de/bfdi_wiki/index.php/Aufsichtsbeh%C3%B6rden_und_Landesdatenschutzbeauftragte

Greece

Hellenic Data Protection Authority
Kifisias Av. 1-3, PC 11523
Ampelokipi Athens
Tel. +30 210 6475 600
Fax +30 210 6475 628
E-Mail: contact@dpa.gr
Website: www.dpa.gr

Hungary

Hungarian National Authority for Data Protection and Freedom of Information

Szilágyi Erzsébet fasor 22/C
H-1125 Budapest
Tel. +36 1 3911 400
E-Mail: ugyfelszolgalat@naih.hu
Website: www.naih.hu

Iceland

The Icelandic Data Protection Authority

Rauðarárstígur 10

105 Reykjavík

Tel. +354 510 9600

E-mail: postur@personuvernd.is

Website: www.personuvernd.is

Italy

Garante per la protezione dei dati personali
Piazza di Monte Citorio, 121
00186 Roma
Tel. +39 06 69677 1
Fax +39 06 69677 3785
E-Mail: garante@garanteprivacy.it
Website: www.garanteprivacy.it

Latvia

Data State Inspectorate
Blaumana str. 11/13-15
1011 Riga
Tel. +371 6722 3131
Fax +371 6722 3556
E-Mail: info@dvi.gov.lv
Website: www.dvi.gov.lv

Liechtenstein

Liechtensteinische Datenschutzkommission

Landstrasse 40

Postfach 137

FL-9495 Triesen

Tel. +423 231 20 90

Fax +423 231 20 91

Email: dsk@adon.li

Website: www.datenschutzkommission.li

Lithuania

State Data Protection Inspectorate
A. Juozapaviciaus str. 6
LT-09310 Vilnius
Tel. + 370 5 279 14 45
Fax +370 5 261 94 94
E-Mail: ada@ada.lt
Website: www.ada.lt

Luxembourg

Commission Nationale pour la Protection des Données
1, avenue du Rock’n’Roll
L-4361 Esch-sur-Alzette
Tel. +352 2610 60 1
Fax +352 2610 60 29
E-Mail: info@cnpd.lu
Website: www.cnpd.lu

Malta

Office of the Information and Data Protection Commissioner
Second Floor, Airways House
High Street, Sliema SLM 1549
Tel. +356 2328 7100
Fax +356 2328 7198
E-Mail: idpc.info@idpc.org.mt
Website: www.idpc.org.mt

Netherlands

Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30
P.O. Box 93374
2509 AJ Den Haag/The Hague
Tel. +31 70 888 8500
Fax +31 70 888 8501
Website: https://autoriteitpersoonsgegevens.nl/nl

Norway

Datatilsynet

Tollbugata 3

P.O. Box 8177 Dep.

0034 Oslo

Tel. + 47 22 39 69 00

E-Mail: postkasse@datatilsynet.no

Website: www.datatilsynet.no

Poland

The Bureau of the Inspector General for the Protection of Personal Data
ul. Stawki 2
00-193 Warsaw
Tel. +48 22 53 10 440
Fax +48 22 53 10 441
E-Mail: kancelaria@giodo.gov.pl
Website: www.giodo.gov.pl

Portugal

Comissão Nacional de Protecção de Dados – CNPD

Av. D. Carlos I, 134, 1.º

1200-651 Lisboa
Tel. +351 21 392 84 00
Fax +351 21 397 68 32
E-Mail: geral@cnpd.pt
Website: www.cnpd.pt

Romania

The National Supervisory Authority for Personal Data Processing
B-dul Magheru 28-30
Sector 1, BUCUREŞTI
Tel. +40 31 805 9211
Fax +40 31 805 9602
E-Mail: anspdcp@dataprotection.ro
Website: www.dataprotection.ro

Slovakia

Office for Personal Data Protection of the Slovak Republic
Hraničná 12
820 07 Bratislava 27
Tel. + 421 2 32 31 32 14
Fax: + 421 2 32 31 32 34
E-Mail: statny.dozor@pdp.gov.sk
Website: www.dataprotection.gov.sk

Slovenia

Information Commissioner of the Republic of Slovenia
Ms Mojca Prelesnik
Zaloška 59
1000 Ljubljana
Tel. +386 1 230 9730
Fax +386 1 230 9778
E-Mail: gp.ip@ip-rs.si
Website: www.ip-rs.si

Spain

Agencia Española de Protección de Datos (AEPD)
C/Jorge Juan, 6
28001 Madrid
Tel. +34 91399 6200
Fax +34 91455 5699
E-Mail: internacional@agpd.es
Website: www.agpd.es

Sweden

Datainspektionen
Drottninggatan 29
5th Floor
Box 8114
104 20 Stockholm
Tel. +46 8 657 6100
Fax +46 8 652 8652
E-Mail: datainspektionen@datainspektionen.se
Website: www.datainspektionen.se

Switzerland

Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter

Feldeggweg 1

3003 Bern

Tel. +41 58 462 43 95

Fax: +41 58 465 99 96

Website: www.edoeb.admin.ch

United Kingdom

The Information Commissioner’s Office
Wycliffe House, Water Lane

Wilmslow - Cheshire SK9 5AF
Tel. +44 1625 545 745
E-Mail: casework@ico.org.uk
Website: https://ico.org.uk