The Schengen Information System II (“SIS II”) is the most widely used information sharing system for public security purposes in Europe. Since Brexit, UK authorities can no longer access its data, yet British citizens and UK residents may still be affected by alerts placed on the system by other Member States.

The SIS II database is used by most EU Member States and Schengen-associated countries (Iceland, Liechtenstein, Norway and Switzerland). It enables law enforcement and other authorities within these countries to issue and view alerts for, among other things, persons whose surrender is sought in European Arrest Warrant cases, or in the case of Switzerland and Liechtenstein, an extradition request has been issued. This system is used, much like INTERPOL, as a method of international police cooperation. Countries with access are able to view alerts in real time.

As of March 2022, the database held 962,175 alerts on persons and, on average, 20 million searches of the database were made each day.

When the UK lost access at the end of the transition period on 31 December 2020, all of the alerts that it had issued on the system were deleted. This, understandably, gave rise to concerns that the UK’s lack of access to the system would pose a risk to the British public, as UK authorities would be losing out on a crucial resource to detect criminality.

The SIS II system comprises:

-A central system, responsible for technical supervision and administrative functions;

-A national system in each Member State, where data is entered, searched and managed; and

-A communication infrastructure between the central system and the national systems.

Accessing and deleting data

Although the UK no longer has access to the SIS II database, British citizens and UK residents could still find that an alert has been issued against them. When entering an EU Member State or Schengen-associated country, they could be denied entry or arrested, detained and potentially extradited to the requesting state. Individuals may therefore wish to find out whether an alert has been issued against them and, if so, whether there are grounds for its deletion.

All individuals whose data is processed in the SIS II database have a right of access to the data (albeit a qualified right) and a right to correction of inaccurate data or deletion of data that has been unlawfully stored. These rights can be exercised in any Member State, regardless of the State that issued the alert.

A request for access to data, if granted, will provide the applicant with knowledge of the information relating to them that is stored in the database. It is governed by the law of the Member State in which the request is made and there are certain grounds on which it can be refused, including if the information is deemed ‘indispensable for the performance of a lawful task in connection with an alert or for the protection of the rights and freedoms of third parties’. The fact that the request can be made in any Member State ensures that a data subject is able to access the data even if they do not know which country issued the alert.

Although a request for correction or deletion of data can be made in any Member State, only the State which issued the alert can modify, correct, update or delete it. A request for correction or deletion must set out the grounds on which it is said that the data is incorrect or has been unlawfully stored, supported by any relevant information or evidence.

If a data subject is unhappy with how their request for access or correction/deletion has been handled, they have the right to bring proceedings before the courts or competent authorities within a Member State to access, correct, delete or obtain information or to obtain compensation.