Development of the Schengen Area
On 14 June 1985, five Member States and The Netherlands, signed an agreement to create a territory without borders and provide a common policy on temporary entry of persons and cross-border police co-operation. This became known as the ‘Schengen Area’. The name was taken from the name of the town in , on the border with and , where such agreement was signed.
Taking as a basis the Schengen Agreement on the gradual abolition of checks at common borders, on 19 June 1990, there was the signature of the Schengen Convention between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic. The contracting parties to the Convention and The Netherlands have decided to fulfil the resolve expressed in the Agreement to abolish checks at their common borders on the movement of persons and facilitate the transport and movement of goods at those borders. The intergovernmental co-operation expanded to include other Member States.
Malta joined Schengen in December 2007 by lifting its sea borders. Subsequently in March 2008, lifted its air borders rendering the Schengen Acquis fully operative. Being part of the Schengen zone means that Maltese citizens are free to travel to any other Schengen country without being subjected to border checks.
Facilitating free movement within internal borders of the Schengen Area had to be reconciled with specific measures aimed to strengthen security both at external borders and within the Schengen zone. This involved improving co-ordination between the police, customs and the judiciary and taking necessary measures to combat important problems such as terrorism and organised crime. In order to make this possible, an information system known as the Schengen Information System was set up to exchange data on people’s identities and descriptions of objects which are either stolen or lost.
The Schengen Information System (SIS)
The SIS is an information system that allows the
competent authorities of participating Member States to obtain information
regarding certain categories of persons and objects. A second technical version
of the system, the SIS II went live on 9th April 2013.
The SIS II is composed of a central system
("Central SIS II"), a national system (the "N.SIS II") in
each Member State (the national data systems that will communicate data with
the Central SIS II), and a communication infrastructure between the central system
and the national systems providing an encrypted virtual network dedicated to
SIS II data and the exchange of data, including supplementary information
between the authorities responsible for similar data exchanges (SIRENE
The system establishes communication amongst all Member
States and provides end-users with access to information in accordance with the
applicable legal framework. It is a vital factor in the smooth running of the
area of security, freedom and justice. It contributes to the implementation of
the provisions on the free movement of persons and to judicial cooperation in
criminal matters and police cooperation.
The SIS II is regulated by two legal instruments which are applicable depending
on the type of alert:
Regulation (EC) 1987/2006 of the European Parliament and
of the Council of 20 December 2006 on the establishment, operation and use of
the second-generation Schengen Information System with respect to alert
procedures falling under Title IV of the Treaty establishing the European
Community (former first pillar), “SIS II Regulation”;
and Council Decision 2007/533/JHA of 12 June 2007 on the
establishment, operation and use of the second generation Schengen Information
System in what concerns procedures falling under Title VI of the Treaty of the
European Union (former third pillar), “SIS II Decision”.
Personal Data Processed in the
to the provisions of the SIS II legal framework, particularly Article 24 of SIS II Regulation and Articles 26, 32,
34, 36 and 38 of SIS II Decision, categories of information in the form of
alerts concerning persons, objects and vehicles are processed. When
the alert concerns a person, the information can include:
(a) surname(s) and forename(s), name(s) at birth and previously used names and
any aliases, which may be entered separately;
(b) any specific, objective, physical characteristics not subject to change;
(c) place and date of birth;
(h) whether the person concerned is armed, violent or has escaped;
(i) reason for the alert; (j) authority issuing the alert;
(k) a reference to the decision giving rise to the alert;
(l) action to be taken;
(m) link(s) to other alerts issued in SIS II
The processing of sensitive personal data namely
information revealing racial origin, political opinions or religious or other
philosophical beliefs, as well as personal data concerning health or sexual
life, is not allowed.
The SIS II legal framework lays down the reasons where an alert containing
personal data may be inserted in the system.
These are as follows:
- Alerts issued in respect of third-country
nationals for the purpose of refusing entry or stay
- Alerts in respect of persons wanted for arrest for surrender or extradition
- Alerts on missing persons
- Alerts in respect for persons sought for a judicial procedure
- Alerts on persons or objects for discreet and specific checks
- Alerts on objects for seizure or use as evidence in criminal proceedings
What are your rights in relation to your personal data processed in the SIS?
The SIS II legal framework lays down the rights of persons in relation to
the personal data processed in the system and which could be exercised in
accordance with the national law of the respective country, i.e. the Data
Protection Act (Cap. 440 of the Laws of Malta). The citizen has the right to:
- request access to personal data relating
to him/her which has been entered in the SIS;
- request the correction of factually
inaccurate personal data relating to him/her or the deletion of his/her
personal data in the case of unlawfully stored information;
- bring before the Courts or the authority
competent under the national laws an action to correct, delete or obtain
compensation in connection with an alert involving him/her.
Address The Data Protection Officer
How to exercise your rights?
In Malta, any individual has the right to request access, correction or
deletion of his/her personal data by contacting directly the data controller
which in this case is the authority responsible for the system at national
level. Such rights are exercisable by submitting a formal request to the
In accordance with Maltese law, the request must be submitted in writing and signed by the data subject. The request must be made in Maltese or English. When submitting the request, the data subject should provide a photocopy of the passport, or any other identification document, to ensure proper identification and facilitate dealing with the request by the Competent National Authority.
Refusal or restriction to these requests may only occur when this is justified for the suppression of criminal offences, or where necessary for the protection of the data subjects or the freedoms of other individuals.
In the eventuality of a restriction or refusal, the individual is to be informed in writing of the decision, including reasons for the decision, unless such communication could have a bearing on an investigation of the Police or on the rights and freedoms of other individuals.
What is the role of the Information and Data Protection Commissioner in relation to your personal data processed in SIS?
The Information and Data Protection Commissioner is the national supervisory authority responsible to carry out independent supervision of the data file of the national section of the SIS. The Commissioner is also responsible to check that the processing and use of data entered in the SIS does not violate the rights of the data subject.
Any individual may request the Commissioner to verify the personal data concerning him which is processed in SIS. For this purpose, the Commissioner is empowered to have access and inspect the data file of the national section of the SIS.
Where a request for access, correction or deletion, is restricted or refused by the Competent National Authority, the individual has a right to file an appeal with the Commissioner within thirty (30) days from when the decision is communicated to the individual or when the individual may reasonably be deemed to know about such a decision. In considering the appeal, the Commissioner reviews the case to ensure that a refusal or restriction is reasonable and well founded.
The Office of the Commissioner may be reached on the following contact details:
Information and Data Protection Commissioner
Floor 2, Airways House
Sliema, SLM 1549
+356 2328 7100
SIS SUPERVISION COORDINATION GROUP
The SIS Supervision Coordination Group is a platform in which the data protection authorities responsible for the supervision of SIS, according to Article 46 of the SIS II Regulation and Article 62 of the SIS II Decision cooperate in the framework of their responsibilities in order to ensure a coordinated supervision of SIS.
The Coordination Group is composed of representatives from the national data protection authorities supported by a secretariat which is provided by the European Data Protection Supervisor.
to view the latest Activity Report of the Group
GUIDE FOR EXERCISING THE RIGHT OF ACCESS
The SIS Supervision Coordination Group has updated the guide for exercising the right of access in order to reflect the current legal framework. Similar guidance gives a comprehensive overview of the procedures applicable in exercising data subjects’ rights in each Member State.
Click here to view the Guide for Exercising the Right of Access