International activities
The Supervisory Body is also responsible for a number of international activities such as monitoring data processing by Europol and by the Schengen Information System (SIS).
Monitoring processing by Europol
The Supervisory Body forms part of a Joint Supervisory Body, the Coordinated Supervision Committee (CSC), which seats the Data Protection Authorities of the Member States of the European Union. The CSC is responsible for monitoring the activities of Europol and for guaranteeing that the personal data stored by Europol do not violate data subjects’/citizens’ rights.
In addition, the CSC checks the legitimacy of the transmission of personal data by Europol, more specifically by carrying out inspections at Europol itself. In that context, the members or the members of staff of the Supervisory Body may be asked to take part in these inspections which are carried out by the European Data Protection Supervisor (“EDPS”). Other than that, the CSC is mandated to appraise whether Europol abides by the data protection principles in a number of well-defined areas.
As part of its brief, the EDPS must ensure that the rights of the individual are respected.
The Supervisory Body is responsible for preparing and following up the meetings of the CSC and, as Belgium’s representative, for monitoring and implementing the decisions of the EDPS (in Belgium). The Supervisory Body also plays a role within the framework of requests from citizens relating to their rights vis a vis Europol, insofar as these requests can be submitted to the Supervisory Body. These requests can also be submitted directly to Europol. If the citizen chooses to exercise his rights via the Supervisory Body, the Supervisory Body will then ensure that the application is further forwarded to and processed by Europol. The Supervisory Body will no longer intervene in this procedure. We also refer in this respect to the guide for exercising data subjects’ rights compiled by the CSC.
What is the Schengen Information System (SIS)?
The Schengen Information System (SIS) was set up to ensure a high level of security within the area of freedom, security and justice of the European Union, in particular by safeguarding public policy and public safety and, in that sense, allows the authorities in charge of border control and other police and customs checks to cooperate.
SIS forms part of the achievements the Schengen Agreements (Schengen Agreement and the Convention implementing the Schengen Agreement of 14 June 1985) brought about. These achievements include:
- The disappearance of controls on the internal borders between the Member States, otherwise known as the “Schengen area”
- The strengthening and harmonisation of surveillance at the external borders of the Schengen area
- The implementation of a common visa policy
- Police and judicial cooperation between the Schengen States
SIS is composed of a central system, a national system and a communication infrastructure. Each Schengen State is responsible for setting up, operating and maintaining its national system, and for connecting it to the central system.
A European Management Authority, eu-LISA, is responsible for the operational management of the central system.
The Schengen States supply SIS with data and information about persons, objects and means of transport and with instructions that must be followed and measures that must be taken when a given person, object or means of transport is listed in the database.
The SIS framework (new SIS framework enters into force on 7 March 2023) strictly defines the categories of data that may be entered into and stored in SIS, as well as the time limits for the retention of these data.
Who has access to the SIS data?
SIS can be accessed by the authorised users of the competent authorities of the Member States, such as the national border control authorities, the police, customs, the judicial authorities, the authorities responsible for issuing visas and vehicle registrations and by a number of European agencies, including Europol. These authorities can only access the data stored in SIS for the specific task they have been entrusted with. Every year, a list of the national authorities authorised to access SIS is published in the Official Journal of the European Union.
Rights under SIS
Subjects whose data are processed in SIS have a right of access, rectification of inaccurate data and erasure of unlawfully stored data.
These rights can be exercised in any Schengen State and this in accordance with the national legislation of the State in question. The Guide for Exercising the Right of Access to SIS gives a detailed description of the procedure to be followed and also features the contact details of the competent authorities in each Schengen State.
In Belgium, Schengen alerts are either issued by the Immigration Office (administrative decision denying leave to enter or stay within Schengen territory) or by the police services, as part of their official duties.
Requests relating to an alert for refusal of entry and stay on third-country nationals or for return in virtue of an administrative decision by the Belgian Immigration Office (Regulations 2018/1860 and 2018/1861) must be sent to the following address:
Immigration Office
CSIS Office
Boulevard Pachéco 44, 1000 Brussels
E-mail: csis@ibz.fgov.be
If the Immigration Office (IO) does not respond to your request within one month of receipt or if its response is unsatisfactory, you are free to lodge a complaint with the Data Protection Authority.
Requests relating to another alert issued by the Belgian authorities (in the context of police and judicial cooperation in criminal matters), must be sent to the Supervisory Body for Police Information (COC):
These would include alerts:
- In respect of persons wanted for arrest for surrender or extradition purposes (art. 26 of Regulation 2018/1862)
- On missing persons (art. 32 of Regulation 2018/1862)
- On persons sought to assist with a judicial procedure (art. 34 of Regulation 2018/1862)
- On persons and objects for discreet checks, inquiry checks or specific checks (art. 36 of Regulation 2018/1862)
- On objects for seizure or use as evidence in criminal proceedings (art. 38 of Regulation 2018/1862)
- On unknown wanted persons for the purposes of identification under national law (art. 40 of Regulation 2018/1862)
Requests to the Supervisory Body for Police Information must be sent to the following address:
Supervisory Body for Police Information (COC)
Rue de Louvain 48, 1000 Brussels
E-mail: info@organedecontrole.be - info@controleorgaan.be
Concerning the purposes of police and judicial cooperation in criminal matters, Belgium has a system of indirect access. This signifies that the request must be sent to the Supervisory Body, which will verify the data to ensure the legality of their processing within SIS. According to the Belgian data protection Act (July 30th2018), the Supervisory Body can and will only communicate to the person concerned that “the necessary checks have been carried out”.
The system of indirect access also signifies that a request cannot be addressed directly to a Belgian police service or to the Belgian SIRENE Bureau.
Important: Requests submitted to the Immigration Office and the Supervisory Body for Police Information are subject to a number of admissibility requirements:
- Requests must be made in writing, dated and signed by the data subject or his/her lawyer.
- Data subjects must also furnish proof of identity by enclosing a (recto verso) copy of an identity document with their request.
- Lawyers must prove their capacity and, on request, enclose the power of attorney they received from their client.
- The purpose of the request must be clearly stated, including the type of alert it relates to.
Failing that, the request may be declared inadmissible.
Who monitors SIS?
The national supervisory authorities
Each Member State must appoint an independent supervisory authority to monitor the lawfulness of the processing of personal data in the context of SIS within its territory, including the transmission of those personal data by that Member State.
In Belgium, this competence lies with two authorities:
- The Data Protection Authority, which deals with alerts on refusal of entry or stay within Schengen territory
- The Supervisory Body for Police Information Management, which deals with all other alerts.
The European Data Protection Supervisor
The European Data Protection Supervisor checks whether the personal data processing activities of the Management Authority (eu-LISA) are carried out in accordance with the applicable rules.
SIS Coordinated Supervision Committee
Under the new SIS framework, the SIS Coordinated Supervision Committee replaces the Schengen Information System Coordination Group (SIS CCG) and aims to ensure that the national supervisory authorities and the European Data Protection Supervisor actively cooperate within the scope of their respective responsibilities and ensure the coordinated supervision of SIS.
The group meets at least twice a year to:
- Share experiences
- Discuss problems regarding the interpretation or the application of the SIS legal framework
- Investigate problems that have arisen in the exercise of independent supervision or in the exercise of the data subject's rights
- Assist each other when carrying out audits and inspections
- Draw up harmonised proposals for joint solutions and promote awareness of data protection rights.
Sources and useful links
Website of the Data Protection Authority
Website of the SIS European Data Protection Supervisor
To read more and to complete the form, see also our section 'Citizens': Access to the Schengen information system (SIS).