Coordination group for supervision SIS II

The Schengen Information System (SIS II) is a large-scale information system that enables cooperation between the national border control, customs and police authorities in the Schengen area.

The Schengen Agreement signed on 14 June 1985, and the convention for implementing the Schengen Agreement that was signed on 19 June 1990, abolished the internal borders between the participating member countries, and created a territory without borders that was called the “Schengen area".

The Schengen Agreement and Convention provide a stricter check of external borders, a closer cooperation between the court and the police, and streamlining of the visa and asylum policy.

The Schengen Agreement and Convention and the associated rules form the Schengen acquis. Since 1999, the Schengen acquis is integrated into the legal and institutional framework of the EU.

SIS II is a large-scale IT-system that is set up as a compensatory measure for the abolition of internal border controls, and the objective of which is to guarantee a high level of safety within an area of freedom, safety and justice of the European Union, through the enforcement of a public order, and safety and safeguarding of the safety on the territory of the member countries, among other things.

SIS II is implemented in all EU member countries, except Cyprus and Ireland, and in four associated countries: Iceland, Norway, Switzerland and Liechtenstein.

SIS II is an information system that enables national law enforcement, judicial and administrative authorities to carry out specific tasks by sharing relevant data. Even the European agencies, Europol and Eurojust, have limited access privileges to this system.

Categories of processed information

SIS II centralises two broad categories of information, which take the form of alerts of, firstly, persons – who are searched for in view of arrest, missing persons, a legal procedure or inconspicuous or targeted checks, or because they are citizens of a third country, to which the access to or the stay in the Schengen area is denied, and secondly, items – such as vehicles, travel documents or credit cards, in view of seizure or use in criminal procedures or for inconspicuous or targeted checks.

Legal basis

Depending on the type of altering, SIS II is regulated by either Regulation (EC) no. 1987/2006 of the European Parliament and the Council of 20 December 2006 concerning the setting up, operation and the use of Schengen information system of the second generation (SIS II), namely with respect to altering procedures that fall under the title IV of the convention for the formation of the European Community – the former first pillar (hereinafter called the "SIS II-regulation"), or by the Council Decision 2007/533/JBZ dated 12 June 2007 concerning the setting up, operation and the use of the Schengen information system of the second generation (SIS II), with respect to the procedures that fall under the title VI of the Convention concerning the European Union – the former third pillar (hereinafter called the "SIS II-decision").

Categories of processed personal data

If an alert concerns a person, the information must always contain the first name and surname along with any aliases, the sex, a reference to the decision underlying the alerting, and the measure to be taken. If available, the alert can also contain information such as specific, objective physical characteristics that are not subject to change, the place and date of birth, photos, fingerprints, nationality(ies), whether the person concerned is armed or violent or has escaped, the reasons of alerting, the alerting authority, and link(s) with other SIS II-alerts in accordance with article 37 of the SIS II-regulation or article 52 of the SIS II-decision.

Architecture of the system

SIS II consists of 1) a central system (the "central SIS II"), 2) a national system (the "N.SIS II") in every member country, which is connected to the central SIS II, and 3) a communication infrastructure between the central system and the national systems with which an encrypted virtual network is established, which is specifically intended for SIS II-data, and data is exchanged between the Sirene-offices.

In the SIS II-regulation, a coordination group is set up for the monitoring of the Schengen information system II, consisting of representatives of the national supervisory authorities from the member countries, who are responsible for the data protection and the European Data Protection Supervisor.

The coordination group for the monitoring of the second generation Schengen information system ("GCC SIS II") is an organ that is setup, for the SIS II-regulation, to ensure, at the level of the protection of personal data, a coordination monitoring of the activities of the large-scale SIS II information system. It replaces the Joint Supervisory Body (GCO) after the implementation of the SIS II on 9 April 2013.

the GCC SIS II meets at least 2 times every year to:

  • share experiences;
  • discuss the problems related to the interpretation or application the legal framework for the SIS II;
  • analyse the possibilities in connection with the monitoring or exercising of the rights of the affected persons;
  • give each other mutual assistance in the conducting of audits and inspections;
  • develop harmonised proposals for common solutions and to promote the awareness of the rights in the area of data protection.

The national supervisory authorities oversee the application of the data protection rules in their countries, while the European Data Protection Supervisor (EDPS) supervises the application of the data protection rules for the central SIS II that is managed by eu-LISA. The two levels work together to ensure a coordinated supervision.

In Belgium, the  Supervisory body for police information and the Data Protection Authority are primarily responsible for the supervision of the legitimacy of the processing of personal data within the framework of SIS II. They are both represented in GCC SIS II.

The Schengen regulation recognises, in compliance with the data protection principles, that the affected persons have special rights, regardless of whether they are citizens of a member country of the Schengen area. It concerns the right to access, amend and delete the personal data.

The right to access exists for every person that requests to have access to the information concerning him/her in the file. This fundamental principle of data protection enables the affected persons to exercise control on their personal data that is kept by third parties.

The Schengen regulation explicitly provides this right, and it is supplemented by the right to amendment if the personal data is included as a result of a factual error, and with a right to deletion if the personal data is included as a result of error of law.

Anyone who wants to exercise his/her access right, can address to the competent authorities of a Schengen country of their choice. In Belgium, the Supervisory body for police information is authorised. The access right is exercised in conformity with the national law of the country to which the request is directed. In some countries, the right to access is direct, while in others, it is indirect. You can find more information in the “Guide for exercising the right to access" (in English) of the Coordination group for monitoring of SIS II (this document does not mention the authority of the Supervisory body for police information for the exercising of the right to access to SIS II in Belgium as yet - for this, refer to Exercising your rights in Belgium).

Anyone can obtain information about which access and amendment system is used, from the competent national data protection authority of the various Schengen countries.

Exercising the right of access, amendment and deletion from SIS II, differing depending on the alerting, is processed to deny entry or stay in the Schengen area or for a police and judicial cooperation in criminal cases.

If your application is related to an alert to deny entry or stay in the Schengen area on the basis of an administrative decision of the Belgian Immigration Office, it must be sent to this address:

Immigration Service
CSIS Office
Pachecolaan 44, 1000 Brussels

If the Immigration Service (DVZ) does not respond within one month of receipt of your application, or if you do not find the response satisfactory, you can file a complaint with the Authority.

If your request is related to another alert of the Belgian authorities (within the framework of the police and judicial cooperation in criminal cases), it must be directed to the Supervisory body for police information (COC):

Supervisory body for police information.
Leuvensestraat 48, 1000 Brussels

Fundamentally, the Supervisory body for police information only notifies the persons concerned that the necessary verifications have been carried out.

If the alerting is done by another member country, the request should be sent to the competent authority in accordance with the procedures that are mentioned in the guide for exercising the right of access.

The conditions of eligibility are applicable for the request to exercise the rights with the Immigration Service, the Supervisory body for police information: They must be in writing, and dated and signed by the person concerned or his/her advocate. The person concerned must also prove his or her identity by attaching a copy of an identity proof (front and back). An advocate must prove his/her capacity and also attach the authorisation of his/her client. The request must clearly state the objective of the request, including the type of alert to which the request is related. In the absence of these elements, the request can be declared inadmissible.