The Supervisory Body is also responsible for a number of international activities such as monitoring data processing by Europol and by the Schengen Information System (SIS).
Monitoring processing by Europol
The Supervisory Body forms part of the Joint Supervisory Body (JSB or the “Europol Cooperation Board”) which seats the Data Protection Authorities of the Member States of the European Union. The JSB is responsible for monitoring the activities of Europol and for guaranteeing that the personal data stored by Europol do not violate data subjects’/citizens’ rights.
In addition, the JSB checks the legitimacy of the transmission of personal data by Europol, more specifically by carrying out inspections at Europol itself. In that context, the members or the members of staff of the JSB may be asked to take part in these inspections which are carried out by the European Data Protection Supervisor (“EDPS”). Other than that, the JSB is mandated to appraise whether Europol abides by the data protection principles in a number of well-defined areas.
As part of its brief, the EDPS must ensure that the rights of the individual are respected.
The COC is responsible for preparing and following up the meetings of the JSB and, as Belgium’s representative, for monitoring and implementing the decisions of the EDPS (in Belgium). The COC also plays a role within the framework of requests from citizens to access the Europol databases, insofar as these requests can be submitted to the COC. In this respect, the COC sees to it that any such requests are transmitted to Europol and are indeed processed by the latter.
What is the Schengen Information System (SISII)?
The Schengen Information System (SIS) was set up to ensure a high level of security within the area of freedom, security and justice of the European Union, in particular by safeguarding public policy and public safety and, in that sense, allows the authorities in charge of border control and other police and customs checks to cooperate.
SIS II is operational in 30 European countries, i.e. in 26 Member States of the EU (only Ireland and Cyprus are not linked to the SIS), and in Iceland, Liechtenstein, Norway and Switzerland. Council Decision 2007/533/JHA and Regulation (EC) No 1987/2006 established the second generation SIS (SIS II).
SIS II forms part of the achievements the Schengen Agreements (Schengen Agreement and the Convention implementing the Schengen Agreement of 14 June 1985) brought about. These achievements include:
- The disappearance of controls on the internal borders between the Member States, otherwise known as the “Schengen area”
- The strengthening and harmonisation of surveillance at the external borders of the Schengen area
- The implementation of a common visa policy
- Police and judicial cooperation between the Schengen States
SIS II is composed of a central system, a national system and a communication infrastructure. Each Schengen State is responsible for setting up, operating and maintaining its national system, and for connecting it to the central system.
A European Management Authority, eu-LISA, is responsible for the operational management of the central system.
The Schengen States supply SIS II with data and information about persons, objects and means of transport and with instructions that must be followed and measures that must be taken when a given person, object or means of transport is listed in the database.
Council Decision 2007/533/JHA and Regulation (EC) No 1987/2006 strictly define the categories of data that may be entered into and stored in SIS II, as well as the time limits for the retention of these data.
Who has access to the SIS II data?
SIS II can be accessed by the authorised users of the competent authorities of the Member States, such as the national border control authorities, the police, customs, the judicial authorities, the authorities responsible for issuing visas and vehicle registrations and by a number of European agencies, including Europol. These authorities can only access the data stored in SIS II for the specific task they have been entrusted with. Every year, a list of the national authorities authorised to access SIS II is published in the Official Journal of the European Union.
Rights under SIS II
Subjects whose data are processed in SIS II have a right of access to the data relating to them, to have any inaccurate data corrected and to have any unlawfully stored data deleted.
These rights can be exercised in any Schengen State and this in accordance with the national legislation of the State in question: The Guide for Exercising the Right of Access to SIS II gives a detailed description of the procedure to be followed and also features the contact details of the competent authorities in each Schengen State.
In Belgium, Schengen alerts are either issued by the Immigration Office (administrative decision denying leave to enter or stay within Schengen territory) or by the police services, as part of their official duties.
Requests relating to an alert on a refusal of entry or stay within the Schengen area in virtue of an administrative decision by the Belgian Immigration Office (art. 24 of Regulation (EC) No 1987/2006) must be sent to the following address:
Boulevard Pachéco 44, 1000 Brussels
If the Immigration Office (IO) does not respond to your request within one month of receipt or if its response is unsatisfactory, you are free to lodge a complaint with the Data Protection Authority.
Requests relating to another alert issued by the Belgian authorities (in the context of police and judicial cooperation in criminal matters), must be sent to the COC:
These would include alerts:
- In respect of persons wanted for arrest for surrender or extradition purposes (art. 26 of Council Decision 2007/533/JHA)
- On missing persons (art. 32 of Council Decision 2007/533/JHA)
- On persons sought to assist with a judicial procedure (art. 34 of Council Decision 2007/533/JHA)
- On persons and objects for discreet checks or specific checks (art. 36 of Council Decision 2007/533/JHA)
Requests to the Supervisory Body for Police Information Management must be sent to the following address:
Supervisory Body for Police Information Management (COC)
Rue de Louvain 48, 1000 Brussels
Article 42 of the Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data, also known as the Data Protection Act (DPA), stipulates that the rights of the data subject shall be exercised indirectly, i.e. via the COC.
This means that it is the Supervisory Body for Police Information Management who checks your personal data to ensure the legality of their processing within SIS II.
On completion of that check you will merely be notified that ‘‘the necessary checks have been carried out’’.
Important: Requests submitted to the Immigration Office and the Supervisory Body for Police Information Management are subject to a number of admissibility requirements:
- Requests must be made in writing, dated and signed by the data subject or his/her lawyer.
- Data subjects must also furnish proof of identity by enclosing a (recto verso) copy of an identity document with their request.
- Lawyers must prove their capacity and, on request, enclose the power of attorney they received from their client.
- The purpose of the request must be clearly stated, including the type of alert it relates to.
Failing that, the request may be declared inadmissible.
Who monitors SIS II?
The national supervisory authorities
Each Member State must appoint an independent supervisory authority to monitor the lawfulness of the processing of personal data in the context of SIS II within its territory, including the transmission of those personal data by that Member State.
In Belgium, this competence lies with two authorities:
- The Data Protection Authority, which deals with alerts on refusal of entry or stay within Schengen territory
- The Supervisory Body for Police Information Management, which deals with all other alerts.
The European Data Protection Supervisor
The European Data Protection Supervisor checks whether the personal data processing activities of the Management Authority (eu-LISA) are carried out in accordance with the applicable rules.
The SIS II SCG
In the context of Council Decision 2007/533/JHA and Regulation (EC) No 1987/2006, a Schengen Information System II Supervision Coordination Group (SIS II SCG) was set up to ensure that the national supervisory authorities and the European Data Protection Supervisor actively cooperate within the scope of their respective responsibilities and ensure the coordinated supervision of SIS II.
The group meets at least twice a year to:
- Share experiences
- Discuss problems regarding the interpretation or the application of the SIS II legal framework
- Analyse difficulties regarding the supervision or the exercise of the rights of data subjects
- Assist each other when carrying out audits and inspections
- Draw up harmonised proposals for joint solutions and promote awareness of data protection rights
Sources and useful links
To read more and to complete the form, see also our section 'Citizens': Access to the Schengen information system (SIS).