The Visa Information System (VIS) is established
under Regulation 2008/767EC for the purpose of facilitating the visa
application procedure, prevent visa shopping and fraud, and facilitate border
checks as well as identity checks within the territory of the Member States and
to contribute to the prevention of threats to the internal security of the
Member States. To this end, the VIS provides a central repository of data on
all short-stay Schengen visa. This data can be accessed by authorities issuing
visas such as consulates of Member States, by checkpoints at the Schengen
border to verify the identity of visa holders, as well as for the purpose of
identifying third-country nationals apprehended within the Schengen Area with
fraudulent or without documents.
The VIS Regulation sets out which data shall be
included in the database at the various stages of processing a visa. Apart from
data on the visa application (such as planned travel itinerary, inviting
persons etc.) it also includes a photograph of the applicant and fingerprints.
Supervision over the national units is allocated to
the DPAs in the respective Member State, while the central VIS is supervised by
the EDPS. For the purposes of coordinating supervision, the VIS Regulation
provides that national DPAs and the EDPS both acting within their respective
assist each other in
carrying out audits and inspections;
examine difficulties of
interpretation or application of this Regulation;
study problems with the
exercise of independent supervision or with the exercise of the rights of data
draw up harmonised
proposals for joint solutions to any problems and promote awareness of data
For such purposes, the VIS Supervision Coordination
Group (VIS SCG) has been set up and meets twice a year. The VIS SCG is composed
of representatives from the national DPAs and the EDPS.
What are your rights in relation to personal data processed in the VIS?
The VIS legal framework lays down the rights of individuals in relation to the personal data processed in the system and which could be exercised in accordance with the national law of the respective country, i.e. the Data Protection Act (Cap. 440 of the Laws of Malta). The citizen has the right to:
- request access to personal data relating to him/her which has been entered in the VIS;
- request the correction of factually inaccurate personal data relating to him/her or the deletion of his/her personal data in the case of unlawfully stored information;
- bring an action or complaint before the Courts or the authority competent under the national laws, where the rights of access, correction or deletion, are refused.
HOW TO EXERCISE YOUR RIGHTS?
In Malta, any individual has the right to request access (click here to download model letter EN / MT), correction or deletion of his/her personal data (click here to download model letter EN / MT) by contacting directly the data controller which in this case is the authority responsible for the administration of the system at national level. Such rights are exercisable by submitting a formal request to the following address:
The Data Protection Officer
Ministry of Foreign Affairs
Valletta, VLT 2000
Applicants should provide the following identification details in order to facilitate the responsible authority in dealing with the request:
· Name and surname of applicant;
· ID Card or Passport No;
∙ Visa No/Application No.;
· What particular details he/she would like to see.
In accordance with Maltese law, the request must be submitted in writing and signed by the data subject. The request must be made in Maltese or English. Refusal to these requests may occur if this is indispensable for the performance of a lawful task in connection with the data or for the protection of the rights and freedoms of third parties.
What is the role of the Information and Data Protection Commissioner in relation to your personal data processed in SIS?
The Information and Data Protection Commissioner is the national supervisory authority responsible to monitor the lawfulness of data processing carried out by national authorities within the VIS. For this purpose, the Commissioner is empowered to have access and inspect any personal data processed by national authorities in connection with VIS. In the eventuality that a request for access, correction or deletion, is refused, the individual may seek assistance and advice from the Information and Data Protection Commissioner. In considering the case, the Commissioner will assess whether the refusal was reasonable and in accordance with the relevant legal framework.
The Office of the Commissioner may be reached on the following contact details:
Information and Data Protection Commissioner
Floor 2, Airways House
Sliema, SLM 1549
+356 2328 7100