Skip to main content
European Commission logo
Migration and Home Affairs

Access rights and data protection

Which authorities may enter and search alerts in the SIS?

The Schengen Information System (SIS) is a highly secure and protected database that is exclusively accessible to the authorised users within competent authorities, such as national border control, police, customs, judicial, visa and vehicle registration authorities. These authorities may only access SIS data that they need for the performance of their tasks. A list of competent national authorities having access to SIS is published annually in the Official Journal of the European Union.

The European Agency EUROPOL has access to all categories of SIS alerts, while EUROJUST has limited access rights to carry out certain types of queries on specified alert categories.

How is the protection of personal data ensured?

SIS has strict requirements on data quality and data protection. The basic principle is that the state that entered the alert is responsible for its content. The national Data Protection Authorities supervise the application of the data protection rules in their respective countries, while the European Data Protection Supervisor monitors the application of the data protection rules for the central system managed by eu-LISA. Both levels cooperate to ensure coordinated end-to-end supervision.

If data about a person are stored, that person has the right to request access to those data and make sure that they are accurate and lawfully entered. If this is not the case, the person has the right to request correction or deletion.

What is the procedure in case of a misused identity?

Sometimes false identity documents or identity documents belonging to someone else are used when carrying out criminal offences or attempting to enter or stay in the Schengen Area. In order to avoid the negative consequences of a possible misidentification, data on the person whose identity has been misused may be added to an SIS alert. This is only allowed with the explicit consent of that person. Furthermore, the data on the misused identity may only be used for avoiding misidentification and must be removed at the same time as the corresponding alert or earlier, if the victim so requests.

What is the procedure for requesting access to personal data in the SIS?

If you believe your personal information has been misused, needs to be corrected or deleted, you can request access to and rectification of your data. If you are a third-country national you can address your request to the consulate of any Member State. If you are a citizen of a Member State you can either address your request directly to the competent national authority responsible for the issuance of the alert or indirectly to the national Data Protection Authority.

Guidelines on the national procedures for access requests have been compiled by the national Data Protection Authorities.