Schengen

Development of the Schengen Area

On 14 June 1985, five Member States and The Netherlands, signed an agreement to create a territory without borders and provide a common policy on temporary entry of persons and cross-border police co-operation. This became known as the ‘Schengen Area’. The name was taken from the name of the town in , on the border with and , where such agreement was signed.

Taking as a basis the Schengen Agreement on the gradual abolition of checks at common borders, on 19 June 1990, there was the signature of the Schengen Convention between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic. The contracting parties to the Convention and The Netherlands have decided to fulfil the resolve expressed in the Agreement to abolish checks at their common borders on the movement of persons and facilitate the transport and movement of goods at those borders. The intergovernmental co-operation expanded to include other Member States.

Malta joined Schengen in December 2007 by lifting its sea borders. Subsequently in March 2008, lifted its air borders rendering the Schengen Acquis fully operative. Being part of the Schengen zone means that Maltese citizens are free to travel to any other Schengen country without being subjected to border checks.

Facilitating free movement within internal borders of the Schengen Area had to be reconciled with specific measures aimed to strengthen security both at external borders and within the Schengen zone. This involved improving co-ordination between the police, customs and the judiciary and taking necessary measures to combat important problems such as terrorism and organised crime. In order to make this possible, an information system known as the Schengen Information System was set up to exchange data on people’s identities and descriptions of objects which are either stolen or lost.


The Schengen Information System (SIS)

The SIS is an information system that allows the competent authorities of participating Member States to obtain information regarding certain categories of persons and objects. A second technical version of the system, the SIS II went live on 9th April 2013.

The SIS II is composed of a central system ("Central SIS II"), a national system (the "N.SIS II") in each Member State (the national data systems that will communicate data with the Central SIS II), and a communication infrastructure between the central system and the national systems providing an encrypted virtual network dedicated to SIS II data and the exchange of data, including supplementary information between the authorities responsible for similar data exchanges (SIRENE Bureaux).

The system establishes communication amongst all Member States and provides end-users with access to information in accordance with the applicable legal framework. It is a vital factor in the smooth running of the area of security, freedom and justice. It contributes to the implementation of the provisions on the free movement of persons and to judicial cooperation in criminal matters and police cooperation. 


Legal Basis

The SIS II is regulated by two legal instruments which are applicable depending on the type of alert:

Regulation (EC) 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second-generation Schengen Information System with respect to alert procedures falling under Title IV of the Treaty establishing the European Community (former first pillar), “SIS II Regulation”;

and Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System in what concerns procedures falling under Title VI of the Treaty of the European Union (former third pillar), “SIS II Decision”.


Personal Data Processed in the SIS

Pursuant to the provisions of the SIS II legal framework, particularly Article 24 of SIS II Regulation and Articles 26, 32, 34, 36 and 38 of SIS II Decision, categories of information in the form of alerts concerning persons, objects and vehicles are processed. When the alert concerns a person, the information can include:

(a) surname(s) and forename(s), name(s) at birth and previously used names and any aliases, which may be entered separately;
(b) any specific, objective, physical characteristics not subject to change;
(c) place and date of birth;
(d) sex;
(e) photographs;
(f) fingerprints;
(g) nationality(ies);
(h) whether the person concerned is armed, violent or has escaped;
(i) reason for the alert; (j) authority issuing the alert;
(k) a reference to the decision giving rise to the alert;
(l) action to be taken;
(m) link(s) to other alerts issued in SIS II

The processing of sensitive personal data namely information revealing racial origin, political opinions or religious or other philosophical beliefs, as well as personal data concerning health or sexual life, is not allowed.

The SIS II legal framework lays down the reasons where an alert containing personal data may be inserted in the system.  These are as follows:

  • Alerts issued in respect of third-country nationals for the purpose of refusing entry or stay 
  • Alerts in respect of persons wanted for arrest for surrender or extradition purposes 
  • Alerts on missing persons 
  • Alerts in respect for persons sought for a judicial procedure 
  • Alerts on persons or objects for discreet and specific checks 
  • Alerts on objects for seizure or use as evidence in criminal proceedings

What are your rights in relation to your personal data processed in the SIS? 


The SIS II legal framework lays down the rights of persons in relation to the personal data processed in the system and which could be exercised in accordance with the national law of the respective country, i.e. the Data Protection Act (Cap. 440 of the Laws of Malta). The citizen has the right to:

  • request access to personal data relating to him/her which has been entered in the SIS;
  • request the correction of factually inaccurate personal data relating to him/her or the deletion of his/her personal data in the case of unlawfully stored information;
  • bring before the Courts or the authority competent under the national laws an action to correct, delete or obtain compensation in connection with an alert involving him/her.


How to exercise your rights?

In Malta, any individual has the right to request access, correction or deletion of his/her personal data by contacting directly the data controller which in this case is the authority responsible for the system at national level. Such rights are exercisable by submitting a formal request to the following address. 

 Address 
The Data Protection Officer
Legal Unit
Police Headquarters
Floriana 

 Email
dpu.police@gov.mt 

 Telephone
+356 21224001

In acc​ordance with Maltese law, the request must be submitted in writing and signed by the data subject. The request must be made in Maltese or English. When submitting the request, the data subject should provide a photocopy of the passport, or any other identification document, to ensure proper identification and facilitate dealing with the request by the Competent National Authority.

Refusal or restriction to these requests may only occur when this is justified for the suppression of criminal offences, or where necessary for the protection of the data subjects or the freedoms of other individuals.

In the eventuality of a restriction or refusal, the individual is to be informed in writing of the decision, including reasons for the decision, unless such communication could have a bearing on an investigation of the Police or on the rights and freedoms of other individuals.

What is the role of the Information and Data Protection Commissioner in relation to your personal data processed in SIS?

The Information and Data Protection Commissioner is the national supervisory authority responsible to carry out independent supervision of the data file of the national section of the SIS. The Commissioner is also responsible to check that the processing and use of data entered in the SIS does not violate the rights of the data subject.

Any individual may request the Commissioner to verify the personal data concerning him which is processed in SIS. For this purpose, the Commissioner is empowered to have access and inspect the data file of the national section of the SIS.

Where a request for access, correction or deletion, is restricted or refused by the Competent National Authority, the individual has a right to file an appeal with the Commissioner within thirty (30) days from when the decision is communicated to the individual or when the individual may reasonably be deemed to know about such a decision. In considering the appeal, the Commissioner reviews the case to ensure that a refusal or restriction is reasonable and well founded.

The Office of the Commissioner may be reached on the following contact details:

Address Information and Data Protection Commissioner
Floor 2, Airways House
High Street
Sliema, SLM 1549
Malta.

 Telephone
+356 2328 7100

 Email
idpc.info@gov.mt 

SIS SUPERVISION COORDINATION GROUP

The SIS Supervision Coordination Group is a platform in which the data protection authorities responsible for the supervision of SIS, according to Article 46 of the SIS II Regulation and Article 62 of the SIS II Decision cooperate in the framework of their responsibilities in order to ensure a coordinated supervision of SIS.

The Coordination Group is composed of representatives from the national data protection authorities supported by a secretariat which is provided by the European Data Protection Supervisor.

Click here​ to view the latest Activity Report of the Group 


GUIDE FOR EXERCISING THE RIGHT OF ACCESS

The SIS Supervision Coordination Group has updated the guide for exercising the right of access in order to reflect the current legal framework. Similar guidance gives a comprehensive overview of the procedures applicable in exercising data subjects’ rights in each Member State.

Click here ​to view the Guide for Exercising the Right of Access