Home » Comunicat_Presa_28.06.2024
 Română | English | Francais

28.06.2024

Rights of data subjects SIS/NISA (Schengen)

 

In the context of Romania’s recent partial accession to the Schengen area with the sea and air borders, we mention that the Schengen area guarantees the freedom of movement of over 400 million EU citizens, as well as citizens outside the EU residing in the EU or visiting the EU as tourists, students or for business purposes. The free movement of people allows any EU citizen to travel, work and live in an EU country without any special formalities. Thus, citizens can travel within the Schengen area without being subject to border controls.

https://www.dataprotection.ro/?page=SIS_II_Video_prezentare (in Romanian)

The Schengen Information System (SIS) is the information system set up at the level of the European Union and used by member and associate states for cooperation through data and information exchange, in order to maintain public order and national security on their territories, as well as for the management of external Schengen border control and assistance for police and judicial cooperation.

We note that the technical architecture of SIS (central and national systems), the obligation of Member States to develop their own national systems (NISA), as well as the conditions for the processing of personal data and used information are set by Regulation (EU) 2018/1862 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, Regulation (EU) 2018/1861 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and Regulation (EU) 2018/1860 of the European Parliament and of the Council of 28 November 2018 on the use of the Schengen Information System for the return of illegally staying third-country nationals.

In this context, we mention that any person whose data are processed in the Schengen Information System (SIS) or in the National Information System of Alerts (NISA) has the right of access to data (the data subject has the right to know whether their data is recorded in SIS), right to rectification (the data subject has the right to request to modify inaccurate data in SIS) and right of erasure (the data subject has the right to request the erasure of data, if it is provided by the law).

In order to apply certain provisions of the aforementioned European Regulations at the national level, the national authorities adopted Law no. 76/2023 on the organisation and functioning of the National Information System of Alerts and participation of Romania in the Schengen Information System, as well as for amending and supplementing Government Emergency Ordinance no. 194/2002 on the regime of aliens in Romania.

Article 61 of this Law provides that the processing of personal data in the NISA or SIS is carried out in accordance with Regulation (EU) 216/679 and Law no. 363/2018.

At the same time, Article 62 of Law no. 76/2023 describes how to exercise the aforementioned rights.

Thus, the requests of data subjects (to exercise the rights of access, rectification and erasure) in the context of data processing in the NISA or SIS shall be submitted to the Data Protection Office, set up within the General Inspectorate of Romanian Police, having powers to deal with such requests (cererischengen@politiaromana.ro).

At the same time, data subjects may submit requests on the rights of access, rectification and erasure of personal data to any competent national authority (Romanian Police, Romanian Border Police, Romanian Gendarmerie, General Inspectorate for Immigration, General Directorate for Personal Records, General Directorate for Passports, Ministry of Foreign Affairs) which redirects the request to the Data Protection Office of the General Inspectorate of Romanian Police within 5 working days of the registration, informing the data subject thereof

Data subjects shall be informed of the action taken on such requests no later than one month after the receipt of the request. This period can be extended by two months where necessary, taking into consideration the complexity and number of requests.

We highlight that the legality of personal data processing in the N.SIS (national component of the SIS) on the Romanian territory and the transmission of this data abroad, as well as the exchange and further processing of additional information are monitored and subject to the control of the National Supervisory Authority for Personal Data Processing.

Therefore, if data subjects have not received a reply or if they are dissatisfied with the reply received from the Data Protection Office of the General Inspectorate of Romanian Police, they can contact the National Supervisory Authority for Personal Data Processing.

For further information, you can also consult the leaflet on the Schengen Information System available on the website of the National Supervisory Authority for Personal Data Processing, in the Schengen Section - Schengen Information Materials.

https://www.dataprotection.ro/servlet/ViewDocument?id=805

Legal and Communication Department

A.N.S.P.D.C.P.