The Schengen Information System II Supervision Coordination Group (“SIS II SCG”) is a body set up by the SIS II Regulation and the SIS II Decision (both referred to as “the SIS II legal framework”) to ensure a coordinated supervision in the area of personal data protection of the SIS II large-scale information system. The SIS II SCG consists of representatives of the National Supervisory Authorities of the Member States responsible for data protection and the European Data Protection Supervisor.
The SIS II SCG replaced the Schengen Joint Supervisory Authority (JSA) after the second generation SIS (the “SIS II”), entered into force on 9 April 2013 – playing a similar role. In the Archive section you can find the webpage of the JSA.
The SIS II framework is also going to evolve: three proposals of Regulations were tabled in December 2016 by the European Commission – respectively regarding border control, law enforcement and vehicle registration. The European Parliament’s LIBE committee for Civil Liberties and Home Affairs adopted its position on 6th November and discussions between co-legislators are ongoing.
• What we do
• What we have done
The SIS II Regulation provides persons with a right of access and a right to correction of inaccurate data and deletion of unlawfully stored data.
If you want to know which personal data are processed in the SIS II or if you want to correct or delete your data, because they were wrongfully entered in the SIS II, you can make a relevant request in any Schengen country, by contacting the competent authority. If you are currently outside the Schengen Area you can also contact the consulate of a Schengen country in the country in which you currently live. You will be informed about the follow-up of your request within three months at the latest.
The Group has adopted a Guide for exercising the right of access which provides you with detailed information on your rights under the SIS II legal framework. The Guide also lists all the competent authorities in the Member States and contains two model letters, one for the right of access and one for the right of correction or deletion.
The next meeting of the SIS II SCG will take place on 19 June 2019 in Brussels.
Secretariat of the Schengen Information System II Supervision Coordination Group
Rue Wiertz 60
Office: Rue Montoyer 30,
Tel. +32 2 283 19 13
Fax +32 2 283 19 50
National Supervisory Authorities
Here you can find a list with the contact details of all the national Supervisory Authorities.
European Data Protection Supervisor
Rue Wiertz 60
Office: Rue Montoyer 30, 6th floor
Tel. +32 2 283 19 00
Fax +32 2 283 19 50
“Data protection supervision is vital to guarantee the rights of the individuals.”
The SIS II SCG is a platform to improve the supervision of the SIS II large scale information system. The Group made up of representatives of the national Supervisory Authorities of the Member States and the European Data Protection Supervisor meets at least twice a year to:
- Share its experiences,
- Discuss problems regarding the interpretation or the application of the SIS II legal framework;
- Analyse difficulties regarding the supervision or the exercise of the rights of data subject. - - assist each other when carrying out audits and inspections,
- Daw up harmonised proposals for joint solutions and promotes awareness of data protection rights.
The working methods of the SIS II SCG are laid down in the Rules of Procedure.
After every meeting the Group publishes a summary of the outcomes of the meeting on this website (see Summary meetings). Moreover, the Group draws up a biannual Activity Report, which contains an overview of the Groups’ work of the last two years. The Activity Reports are also published on this website (see Activity Reports).
So far the SIS II SCG has adopted a number of reports and common positions. These include among others:
- A Report on an overview of access to the SIS II,
- A Report on the exercise of the rights of data subjects
- A Common Position on the deletion of alerts on stolen cars.
Moreover, the Group closely follows all legislative proposals which may directly affect the SIS II. If the SCG deems it appropriate, it may decide to take a joint position in order to contribute with its knowledge and expertise to the development of personal data protection policy and legislation in the European Union. All the adopted documents can be found here.
The Schengen Information System (SIS II) is a large-scale information system that facilitates cooperation between national border control, customs and police authorities in the Schengen Area. The SIS II is in operation in 30 European countries, namely 26 EU Member States (only Ireland and Cyprus are not yet connected to SIS) as well as in Iceland, Liechtenstein, Norway and Switzerland.
The SIS II enables the competent authorities of the Schengen States to enter and consult alerts about persons and for objects. The reasons for issuing an alert include to refuse entry to a person who does not have the right to enter or stay in the Schengen territory, to find and detain a person for whom a European Arrest Warrant has been issued, to find a missing person, or to find stolen or lost property, such as a car or a passport.
An SIS II alert contains information about a particular person or object and clear instructions on what to do when the person or object has been found.
You can find a visual representation of how the SIS II works and how the new Regulations would change the framework in this European Commission factsheet.
The SIS II consists of a central system (“Central SIS II”), a national system (the "N.SIS II") in each Member State and a communication infrastructure that links the central system to the different national systems.
The responsibilities for the operation and management of SIS II are divided between the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA) and the Member States. While eu-LISA is responsible for the operational management of the Central SIS II and the communication infrastructure, Member States are responsible for their national systems. Moreover, each Member State has to designate a national authority, which is responsible for the smooth operation and security of its national system and has to ensure the access of the competent authorities to SIS II. The designated national authorities in the various Member States can be found here.
The competent authorities of the Member States enter, update or delete data in the SIS II via their national systems. Before a competent authority issues an alert, it has to determine whether the case is relevant enough to warrant its entry. The competent authorities are also responsible for ensuring that the data is accurate, up-to-date and lawfully entered into SIS II. When the alert is issued in the SIS II, only the relevant Member State is authorised to modify, correct, update or delete the data.
Alerts in the SIS II should not be kept longer than the time required to fulfil the purposes for which they were issued. For instance, after a missing person is found the relevant alert is deleted from the SIS II. However, alerts are also automatically erased from the SIS II. As a general principle, alerts on persons are automatically erased after a period of three years, while alerts on objects are erased after a period of five to ten years.
The SIS II is accessible to authorised users within the competent authorities of Member States, such as national border control, police, customs, judicial, visa, vehicle registration authorities and some European agencies, including Europol. These authorities may only access the SIS II data which they need for the specific performance of their tasks. A list of the competent national authorities, which have access to the SIS II is published annually in the Official Journal of the European Union.
The national Supervisory Authorities oversee the application of the data protection rules in their respective countries, while the European Data Protection Supervisor (EDPS) monitors the application of the data protection rules for the Central SIS II managed by eu-LISA. Both levels cooperate to ensure a coordinated supervision.
When data of a person are stored in the SIS II, this person has the right to request access to these data and make sure that they are accurate and lawfully entered. If this is not the case, the individual has the right to request this data be corrected or deleted. Further information on data protection rights under the SIS II Regulation can be found here.
• Common Position No. 1/2016 on the deletion of alerts on stolen vehicles
• Report on the exercise of the rights of the data subject in the Schengen Information System (SIS)
• Report on an overview of access to the SIS II
List of the National Supervisory Authorities
Autorité de la protection des données
Rue de la Presse 35
Commission Nationale de l'Informatique et des Libertés - CNIL
3 Place de Fontenoy
TSA 80715 – 75334 Paris, Cedex 07
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Tel. +49 228 997799 0; +49 228 81995 0
Fax +49 228 997799 550; +49 228 81995 550
In Germany, the competence in the field of data protection is split among different data protection supervisory authorities. Competent authorities can be identified according to the list provided under: https://www.bfdi.bund.de/bfdi_wiki/index.php/Aufsichtsbeh%C3%B6rden_und_Landesdatenschutzbeauftragte
Hungarian National Authority for Data Protection and Freedom of Information
The Icelandic Data Protection Authority
Tel. +354 510 9600
Tel. +423 231 20 90
Fax +423 231 20 91
Office of the Information and Data Protection Commissioner
Second Floor, Airways House
High Street, Sliema SLM 1549
Tel. +356 2328 7100
Fax +356 2328 7198
P.O. Box 93374
2509 AJ Den Haag/The Hague
Tel. +31 70 888 8500
Fax +31 70 888 8501
P.O. Box 8177 Dep.
Tel. + 47 22 39 69 00
Comissão Nacional de Protecção de Dados – CNPD
Av. D. Carlos I, 134, 1.º
The National Supervisory Authority for Personal Data Processing
B-dul Magheru 28-30
Sector 1, BUCUREŞTI
Tel. +40 31 805 9211
Fax +40 31 805 9602
Office for Personal Data Protection of the Slovak Republic
820 07 Bratislava 27
Tel. + 421 2 32 31 32 14
Fax: + 421 2 32 31 32 34
Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter
Tel. +41 58 462 43 95
Fax: +41 58 465 99 96
The Information Commissioner’s Office
Wycliffe House, Water Lane