Schengen Information System
As part of the Schengen Agreement, which established a common area in which internal border checks have largely been abolished, Schengen countries also work together on fighting crime and controlling the EU’s external borders. Among other things, this cooperation has resulted in the creation a common information system which contains personal data. The Danish Data Protection Agency is a supervisory authority tasked with ensuring that the provisions associated with accessing the system are adhered to by the Danish authorities.
Schengen cooperation – a common area without internal border controls
The Schengen cooperation is based on an agreement between a group of European countries with the aim of creating a common area without internal border controls.
On the Danish EU Information Centre website, you can see which countries are part of Schengen.
The participating countries have abolished internal border controls (i.e. between Schengen countries) and introduced common external borders with non-Schengen countries. Accordingly, these countries generally do not carry out border checks on persons at the national borders within the Schengen Area, while the countries have adopted a standard set of rules for accessing the Schengen Area via its external borders and uniform visa rules for third-country nationals.
The lifting of checks on persons at the internal national borders of Schengen Area are the reason why you no longer have to show a passport when you drive over the border to Germany and why you can skip passport control when you fly to Italy, France or other Schengen countries that are part of this arrangement.
Furthermore, Schengen cooperation also includes strengthening cooperation between the countries in relation to fighting cross-border crime, illegal immigration, etc.
The Schengen Information System (SIS)
As part of their efforts to strengthen cooperation on fighting cross-border crime, illegal immigration, etc., the Schengen countries have developed the Schengen Information System, also known by the acronym SIS.
The SIS compensates for the abolishment of border controls along the internal borders of the Schengen Area and helps fight cross-border crime and illegal immigration. The SIS gives Danish law enforcement and customs authorities access to reports from other Schengen countries.
The SIS is an IT system (comprised of a central as well as national systems) which makes it possible for national border guards, customs officials and police authorities to circulate warnings about wanted or missing persons as well as stolen vehicles and documents.
The data which is reported by national authorities concerns the following:
- persons who are sought for extradition
- undesired foreign nationals who have been denied entry
- missing persons
- witnesses or persons who have been summoned to appear before a court of law or who have to serve a custodial sentence
- persons or items that must be monitored or checked
- wanted items that must be seized or used as evidence in criminal proceedings
The national authorities enter this data into the SIS, where it can be accessed by all the other national authorities. The Danish National Police (Rigspolitiet) is the data controller for the Danish part of the SIS as stated in section 2(2) of the Agreement on the Accession of the Kingdom of Denmark to the Convention implementing the Schengen Agreement of 14 June 1985. The Danish National Police accordingly operates as a SIRENE (Supplementary Information Request at the National Entries) office, putting it in charge of exchanging information via reports in the SIS system. All reporting and information queries must be done in accordance with national legislation and certain international rules and regulations concerning the protection of data and private persons.
Rights of individuals registered in the SIS
If you are registered in the SIS, you have certain rights. You generally have the right to know whether data about you has been entered in the SIS, as well as the right to access personal data about you. You also have the right to have factually incorrect data rectified and demand the erasure of unlawfully registered data.
If you want:
- access to data about you that has been registered in the SIS
- to rectify data about you in the SIS which you believe is factually incorrect or incomplete
- to demand the erasure of data about you in the SIS which you believe has been illegally registered
you should contact the Danish National Police, which is the authority responsible for the data (data controller).
You can find the contact details for the Danish National Police on their website.
If you wish to request access to data about you that has been registered in the SIS, you can use the Danish National Police’s form for this.
Supervision of the SIS
The Danish Data Protection Agency is the national supervisory authority in relation to the processing of personal data in the Danish part of the Schengen Information System.
This means that the Danish Data Protection Agency supervises, through investigative and corrective powers, the Danish authorities’ use of the SIS and ensures that the processing of personal data in the SIS is done legally.
This supervisory role mainly entails inspections and processing complaints such as those of registered persons who object to having been registered in the SIS or having been denied access to the data that has been registered about them in the system.
If you are dissatisfied with a decision by the Danish National Police concerning your request to access, rectify or erase data about you in the SIS, you can submit a complaint to the Danish Data Protection Agency.
If the Danish Data Protection Agency receives complaints regarding data which authorities from other countries have entered in the SIS, the Danish Data Protection Agency works with the data protection authority of that country to verify whether the registration is lawful and the registered person’s rights have not been violated.
For complaints concerning (denial of) access to personal data in the SIS, the Danish Data Protection Authority considers whether the Danish National Police’s denial of access is justified. At the same time, the Danish Data Protection Agency checks for any registrations that would be in breach of the provisions governing the SIS.
For complaints concerning rectification or erasure of data in the SIS, the Danish Data Protection Agency considers whether the Danish National Police’s refusal to rectify or erase data in the SIS is justified.
If you wish to submit a complaint to the Danish Data Protection Agency
In order to process your complaint concerning a decision made by the Danish National Police about your right to access, rectify or erase data in the SIS, the agency requires the following information:
- a description of the nature of your complaint
- a copy of the decision or response that you received from the Danish National Police
- any other material that you think is relevant to your complaint
If you submit a complaint to the Danish Data Protection Agency concerning the processing of your personal data in the SIS before you have contacted the Danish National Police, the agency will generally refer your complaint to the Danish National Police, as the Danish National Police is the data controller of the SIS.
If you are dissatisfied with the Danish Data Protection Agency’s decision, you may bring the matter before a court of law. You cannot submit a complaint to other authorities about the Danish Data Protection Agency’s decision.
Denmark’s Justice and Home Affairs opt-out
Due to its Justice and Home Affairs opt-out, Denmark has a special arrangement with the other EU countries. This arrangement means that Denmark is part of Schengen, even though Denmark is not formally involved in cooperation with other Schengen countries in the area of justice and home affairs. Accordingly, Denmark is not involved in the adoption of new provisions introduced to the Schengen acquis. Once the other countries have adopted new Schengen provisions, Denmark is free to choose whether or not to opt in to these. If Denmark chooses to opt in to new provisions, the Danish Parliament must implement them into Danish legislation within six months.