There are two broad types of agency, each with different characteristics and raising different issues.
Technology can play a key role in improving and reinforcing external borders. Over the past years, the EU has been developing large-scale IT systems for collecting, processing and sharing information relevant to external border management. The Visa Information System, which supports the implementation of the common EU visa policy, is one of these tools.
The Visa Information System (VIS) allows Schengen States to exchange visa data. It consists of a central IT system and of a communication infrastructure that links this central system to national systems. VIS connects consulates in non-EU countries and all external border crossing points of Schengen States. It processes data and decisions relating to applications for short-stay visas to visit, or to transit through, the Schengen Area. The system can perform biometric matching, primarily of fingerprints, for identification and verification purposes.
Facilitating checks and the issuance of visas: VIS enables border guards to verify that a person presenting a visa is its rightful holder and to identify persons found on the Schengen territory with no or fraudulent documents. Using biometric data to confirm a visa holder's identity allows for faster, more accurate and more secure checks. The system also facilitates the visa issuance process, particularly for frequent travellers.
Fighting abuses: While the very large majority of visa holders follow the rules, abuses can also take place. For instance, VIS will help in fighting and preventing fraudulent behaviours, such as "visa shopping" (i.e. the practice of making further visa applications to other EU States when a first application has been rejected).
Protecting travellers: Biometric technology enables the detection of travellers using another person's travel documents and protects travellers from identity theft.
Helping with asylum applications: VIS makes it easier to determine which EU State is responsible for examining an asylum application and to examine such applications.
Enhancing security: VIS assists in preventing, detecting and investigating terrorist offences and other serious criminal offences.
10 fingerprints and a digital photograph are collected from persons applying for a visa. These biometric data, along with data provided in the visa application form, are recorded in a secure central database.
10-digit finger scans are not required from children under the age of 12 or from people who physically cannot provide finger scans. Frequent travellers to the Schengen Area do not have to give new finger scans every time they apply for a new visa. Once finger scans are stored in VIS, they can be re-used for further visa applications over a 5-year period.
At the Schengen Area's external borders, the visa holder's finger scans may be compared against those held in the database. A mismatch does not mean that entry will automatically be refused - it will merely lead to further checks on the traveller’s identity.
As a Schengen instrument, VIS applies to all Schengen States (Denmark has decided to implement it). The EU Agency for large-scale IT systems, eu-LISA, is responsible for the operational management of VIS.
Competent visa authorities may consult the VIS for the purpose of examining applications and decisions related thereto.
The authorities responsible for carrying out checks at external borders and within the national territories have access to search the VIS for the purpose of verifying the identity of the person, the authenticity of the visa or whether the person meets the requirements for entering, staying in or residing within the national territories.
Asylum authorities only have access to search the VIS for the purpose of determining the EU State responsible for the examination of an asylum application.
In specific cases, national authorities and Europol may request access to data entered into the VIS for the purposes of preventing, detecting and investigating terrorist and criminal offences.
Access to VIS data is limited to authorised staff in the performance of their tasks. They must ensure that the use of VIS data is limited to that which is necessary, appropriate and proportionate for carrying out their tasks.
Data is kept in the VIS for five years. This retention period starts from the expiry date of the issued visa, the date a negative decision is taken or the date a decision to modify an issued visa is taken. Any person has the right to be informed about his/her data in the VIS. Any person may request that inaccurate data about him/her is corrected and unlawfully recorded data is deleted.
Each EU State must require a National Supervisory Authority to monitor the lawfulness of the processing of personal data by that country. The European Data Protection Supervisor will monitor the activities at European level.