General information on Schengen and the Schengen Information System

Development of the Schengen area

On 14 June 1985, five Member States, Belgium, France, Germany, Luxembourg and The Netherlands, signed an agreement to create a territory without borders and provide a common policy on temporary entry of persons and cross-border police co-operation. This became known as the ‘Schengen Area’. The name was taken from the name of the town in Luxembourg, on the border with France and Germany, where such agreement was signed.
Taking as a basis the Schengen Agreement on the gradual abolition of checks at common borders, on 19th June 1990, there was the signature of the Schengen Convention between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic. The contracting parties of the Convention, Belgium, Germany, France, Luxembourg and The Netherlands have decided to fulfil the resolve expressed in the Agreement to abolish checks at their common borders and on the movement of persons and facilitate the transport and movement of persons and facilitate the transport and movements of goods at those borders. The intergovernmental co-operation expanded to include other Member States.
Malta joined Schengen in December 2007 by lifting its sea borders. Subsequently in March 2008, Malta lifted its air borders rendering the Schengen Acquis fully operative. Being part of the Schengen zone means that Maltese citizens are free to travel to any Schengen country without being subjected to border checks.
Facilitating free movement within internal borders of the Schengen Area has to be reconciled with specific measures aimed to strengthen security both at external borders and within the Schengen zone. This involved improving co-ordination between the police, customs and the judiciary and taking necessary measures to combat important problems such as terrorism and organised crime. In order to make this possible, an information system known as the Schengen Information System was set up to exchange data on people’s identities and descriptions of objects which are either stolen or lost.
The Schengen Information System (SIS)

The SIS is an information system that allows the competent authorities of participating member states to obtain information regarding certain categories of persons and objects. A second technical version of the system, the SIS II went live on 9th April 2013.

The SIS II composed of a central system (Central SIS II), a national system (N.SIS II) in each Member State (the national data systems that will communicate data with the Central SIS II), and a communication infrastructure between the central system and the national systems providing an encrypted virtual network dedicated to SIS II data and the exchange of data, including supplementary information between the authorities responsible for similar data exchanges (SIRENE Bureaux).
Legal Basis

The SIS Ii is regulated by two legal instruments which are applicable depending on the type of alert;

Regulation (EC) 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of second-generation Schengen Information System with respect to alert procedures falling under Title IV of the Treaty establishing the European Community (formal first pillar), ‘’SIS II Regulation’’;

And Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System in what concerns procedures falling under Title VI of the Treaty of the European union (former third pillar), ‘’SIS II Decision’’.
Personal Data Processed by the SIS

Pursuant to the provisions of the SIS II legal framework, particularly Article 24 of SIS II Regulation and Articles 26, 32, 34, 36 and 38 of SIS II Decision, categories of information in the form of alerts concerning persons, objects and vehicles are processed. When the alert concerns a person, the information can include;
a) Surname(s) and forename(s), name(s) at birth and previously used names and any aliases, which may be entered separately;
b) Any specific, objective, physical characteristics not subject to change;
c) Place and date of birth;
d) Sex
e) Photographs;
f) Fingerprints;
g) Nationality(ies);
h) Whether the person concerned is armed, violent or has escaped;
i) Reason for the alert;
j) Authority issuing the alert;
k) A reference to the decision giving rise to that alert;
l) Action to be taken;
m) Link(s) to other alerts issued in SIS II

The processing of sensitive personal data namely information revealing racial origin, political opinions or religious or other philosophical believes, as well as personal data concerning health or sexual life, is not allowed.
The SIS II legal framework lays down the reasons where an alert containing personal data may be inserted in the system. These are as follows:

     Alerts issued in respect of third-country nationals for the purpose of refusing entry or stay.
     Alerts in respect of persons wanted for arrest for surrender or extradition purposes.
     Alerts on missing purposes.
     Alerts in respect of persons sought for judicial procedure.
     Alerts on persons or objects for discreet and specific checks.
     Alerts on objects for seizure or use as evidence in criminal proceedings.
What are your rights in relation to your Personal Data processed in the SIS?

The SIS II legal framework lays down the rights of persons in relation to the personal data processed in the system and which could be exercised in accordance with national law of the respective country, i.e. the Data Protection Act (Chapter 586 of the Laws of Malta).
The Citizen has the right to;

     Request access to personal data relating to him/her which has been entered in the SIS;
     Request correction of factually inaccurate personal data relating to him/her or the deletion of his/her personal data in the case the unlawfully stored information;
     Bring before the Courts or the authority competent under the national laws an action to correct, delete or obtain compensation in connection with an alert involving him/her.
Access to information may be delayed, restricted or omitted, for as long as it constitutes a necessary and proportionate measure in a democratic society with due regard for the fundamental rights and the legitimate interest of the natural person concerned, in order to:

a) Avoid obstruction official or legal inquiries, investigations or procedures,
b) Avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties,
c) Protect public security,
d) Protect national security,
e) Protect the rights and freedoms of others.

In the eventuality of a restriction or refusal, the individual is to be informed in writing of the decision, including the reasons, unless such communication could have a bearing on an investigation of the Police or on the rights and freedoms of other individuals.
How to exercise your rights?

In Malta, any individual has the right to request access, correction or deletion of his/her personal data by contacting directly the data controller which in this case is the authority responsible for the system at national level. Such rights are exercisable by submitting a formal request to the following address.

The Data Protection Officer
Legal Office,
Police General Headquarters,
Pjazza San Kalcodonju,
Floriana, FRN1531
Telephone: (+356) 2122 4001
     In accordance with Maltese Law, the request must be submitted in writing and signed by the data subject.
     The request must be made in Maltese or English, using one of the forms available on this website.
     When submitting the request, the data subject must provide a photocopy of his/her passport or any other official identification document to ensure proper identification and facilitate communication.
     Requests submitted by electronic means will be replied through the same means. Sender is to ensure the security of such electronic means before submitting the request.
What is the Role of the Information and Data Protection Commissioner in relation to your Personal Data Processed in SIS?
The Information and Data Protection Commissioner is the national supervisory authority responsible to carry out independent supervision of the data file of the national section of the SIS.
The Commissioner is also responsible to check that the processing and use of data entered in the SIS does not violate the rights of the data subject. Any individual may request the Commissioner to verity the personal data concerning him/her which is processed in SIS. For this purpose, the Commissioner is empowered to have access and inspect the data file of the national section of the SIS.
Where a request for access, correction or deletion is restricted or refused by the Competent National Authority, the individual has a right to file an appeal with the Commissioner within thirty (30) days from when the decision is communicated to the individual or when the individual may reasonably be deemed to know about such a decision. In considering the appeal, the Commissioner reviews the case to ensure that a refusal or restriction is reasonable and well founded.
Contact details;
Information and Data Protection Commissioner
Airways House, Floor 2
High Street
Sliema, SLM1549
Telephone: (+356) 2328 7100
  Indirizz tal-Kuntatt 
Pjazza San Kalċidonju
Floriana FRN 1530
2122 4001