1. What is the Schengen Agreement, the Schengen Information System,the SIRENE Bureaux and the National Record of Undesirable Foreigners
On 14 June 1985 the Schengen Agreement was signed between five members (France, Germany, Belgium, Luxemburg and the Netherlands) and aimed at the removal of all internal border controls. The Convention implementing the Schengen Agreement (Schengen Convention) was signed on 19 June 1990 and was put into effect on 1995. According to the Schengen Convention all internal border controls are removed but effective controls at the external borders of the EU Schengen area are put in place. The Convention also introduces a common visa policy. Full Schengen members are 22 out of the 28 member states of the EU (except for Bulgaria, Croatia, Cyprus, Ireland, Romania and the United Kingdom). However, Bulgaria and Romania are currently in the process of joining the Schengen Area. Of non-EU States, Iceland, Norway, Switzerland and Liechtenstein have joined the Schengen Area.
According to article 92 of the Schengen Convention a common information system, the Schengen Information System (SIS), was set up in order to facilitate the exchange of information between the member states. SIS is the largest shared database on maintaining public security and judicial co-operation and managing external border control. Participating states provide entries, called “alerts”, on wanted and missing persons, lost and stolen property and entry bans.
Still, in 9th April 2013 SIS II a more advanced version of SIS was launched, effectively replacing SIS. SIS II provides the possibility to use biometrics, new types of alerts, the possibility to link different alerts (such as an alert on a person and a vehicle) and a facility for direct queries on the system.
Besides the introduction of this newer IT system, the legal basis for the implementation and regulation of SIS II was also restablished. Therefore, depending on the type of alert, the SIS II is regulated either by Regulation (EC) 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second-generation Schengen Information System with respect to alert procedures falling under Title IV of the Treaty establishing the European Community (former first pillar)3 or by Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System in what concerns procedures falling under Title VI of the Treaty on European Union (former third pillar).
As was the case with the previously used SIS, this SIS II consists of a central system (C.SIS II), a national system (the N.SIS II) and a communication infrastructure between these two systems. Each member state undertakes the obligation and responsibility to set up and operate the N.SIS II so as to enable and facilitate the communication with C.SIS II and the exchange of data between the authorities responsible for the exchange of all supplementary information. These authorities, namely the SIRENE Bureaux, were restablished with articles 7 and 8 of both the Regulation (EC) 1987/2006 and the Council Decision 2007/533/JHA. SIRENE stands for "Supplementary Information Request at the National Entry" and outlines the main tasks of the SIRENE Bureaux. Their principal tasks are processing the "alerts" in the Schengen Information System and enforcing them. They are a single point of contact for all national law enforcement authorities involved in SIS and also police co-operation in Schengen area and are on duty around the clock (for more information please visit the following links: SIRENE-Schengen Information System, National SIRENE Bureaux).
Article 82 of law 3386/2005, about “Entry, residence and social integration of third-country nationals in the Hellenic Territory” provides that the Ministry of Citizen Protection holds a record of undesirable foreigners. The criteria for registration in and deletion of foreigners from this record are determined upon a decision of the Ministers of Interior Decentralization and e-Government, Foreign Affairs, National Defense, Justice Transparency and Human Rights and Public Order.
2. Which are the competences of the Data Protection Authority regarding the SIS and the National Record of Undesirable Foreigners?
According to article 19 par. 1 ie' of the data protection law (Law 2472/1997) and article 114 of the Schengen Convention the Hellenic Data Protection Authority (DPA) carries out independent supervision of the data file of the national section of the Schengen Information System. Therefore, the DPA is competent, inter alia, to examine the conformity of the “alerts” (inserted by the Greek authorities) with the Convention's provisions. If the alert is entered in SIS by another country, the HDPA forwards the data subject's request to the supervisory authority of this country in order to examine the specific case (for contact details of the national data protection authorities please visit the following link: National Data Protection Commissioners).
According to article 19 par. 1 c' and h' of Law 2472/1997 the Hellenic Data Protection Authority is competent to review the legality of all data files including registration to the record of undesirable foreigners.
3. Rights of data subjects
The data subjects have the right of access (article 12 of Law 2472/1997) to personal data relating to them and the right to object (article 13 of Law 2472/1997) to the processing of their personal data. Both rights are exercised in writing directly to the data controller (Ministry of Interior and Administrative Reconstruction). The contact details of the Ministry are the following:
Registration to Schengen Information System (SIS) and the National Record of Undesirable Foreigners
Ministry of Interior and Administrative Reconstruction
3rd S.I.RE.N.E. Section of the International Police Cooperation Division at the Hellenic Police Headquarters
Address: 4 Kanellopoulou Street, P.C. 101 77 Athens
Τel: 210-6998262, 210-6998263
Fax: 210-6998264, 210-6998265
In both cases (right of access / right to object) if the data controller does not respond in writing within 15 days, the data subject has the right to appeal before the DPA. The contact details of the Hellenic DPA are the following:
Hellenic Data Protection Authority
Kifisias 1-3, 1st floor
GR – 115 23 Athens
Tel.: ++30 210 6475600
Fax: ++ 30 210 6475628