The Schengen Information System (SIS): functionality, rights implications, and defense strategies

The Schengen Information System (SIS) has become a cornerstone of security and border management in the European Union, integrating diverse national and EU-level systems for migration control, judicial cooperation, and counter-terrorism. While it strengthens collective security, SIS also raises significant concerns about potential human rights violations, particularly in the realms of privacy, data protection, and non-discrimination. This article explores SIS functionalities, highlights legal challenges, and outlines strategies for defending fundamental rights.

Understanding the Schengen Information System

SIS is the largest and most widely used information-sharing system in Europe, enabling real-time cooperation between law enforcement and border authorities across the EU and Schengen-associated countries. Established in 1995 and expanded with SIS II in 2013, the system allows member states to issue and consult alerts regarding individuals and objects of interest.

In March 2023, SIS was renewed with enhanced functionalities, including biometric data collection, new alert categories, and integration with other large-scale EU databases. These updates were designed to bolster its efficiency in addressing modern security threats, but they also introduce complex legal and ethical considerations.

Core Components of SIS

1. Central System: Responsible for technical supervision and administrative coordination.

2. National Systems: Operated by individual member states for entering, managing, and accessing data.

3. Communication Infrastructure: Facilitates seamless data exchange between the central and national systems.

Functional Domains of SIS

• Border Management: Assists in enforcing entry bans, conducting identity checks, and monitoring third-country nationals under Regulation (EU) 2018/1861.

• Judicial Cooperation: Supports the execution of European Arrest Warrants and judicial measures (Regulation (EU) 2018/1862).

• Police Cooperation: Enhances counter-terrorism efforts through real-time data sharing (Regulation (EU) 2018/1862).

Potential Rights Violations

Despite its operational benefits, SIS poses challenges to fundamental rights under EU law and international human rights frameworks.

1. Privacy and Data Protection

Legal Framework:

• Articles 7 and 8, Charter of Fundamental Rights of the European Union (CFR).

• General Data Protection Regulation (GDPR).

• Directive 2016/680 (Law Enforcement Directive).

Key Issues:

• Purpose Limitation: Data collected for migration purposes is frequently repurposed for law enforcement, violating GDPR Article 5(1)(b) (Digital Rights Ireland, Joined Cases C-293/12 and C-594/12).

• Retention Periods: Data storage defaults to the longest period among interoperable systems, raising proportionality concerns under GDPR Article 5(1)(e).

Defense Strategies:

• Demand rectification or deletion of data under GDPR Articles 16 and 17.

• Argue breaches of fairness and proportionality (Tele2 Sverige AB and Watson, Joined Cases C-203/15 and C-698/15).

2. Non-Discrimination

Legal Framework:

• Article 21 CFR (Prohibition of Discrimination).

• Race Equality Directive (2000/43/EC).

Key Issues:

• Racial profiling: The over-scrutiny of third-country nationals perpetuates discriminatory practices, violating Fédération belge des intégrateurs des télécoms (Case C-291/20).

Defense Strategies:

• Use statistical evidence to highlight systemic discrimination.

• Pursue claims under Bauer et al. v Broßonn (Joined Cases C-569/16 and C-570/16) based on Charter rights.

3. Children’s Rights

Legal Framework:

• Article 24 CFR (Rights of the Child).

• UN Convention on the Rights of the Child (CRC), Article 3 (Best Interests of the Child).

Key Issues:

• Data processing of minors aged 12+ contravenes the principle of special protections for children (S. and Marper v UK, ECtHR).

• Retention of biometric data for children risks inaccuracies due to their rapid physical development.

Defense Strategies:

• Argue unreliability of biometric data for children under Schwarz v Bochum (Case C-291/12).

• Challenge disproportionate retention policies using S. and Marper.

4. Proportionality

Legal Framework:

• Articles 52(1) and 21 CFR (Proportionality and Non-Discrimination).

Key Issues:

• Blanket collection and sharing of data blur distinctions between migration and criminal law.

• Alerts often lack clearly defined thresholds, leading to overreach (Digital Rights Ireland, Joined Cases C-293/12 and C-594/12).

Defense Strategies:

• Challenge the necessity of data access through proportionality tests (Schrems II, Case C-311/18).

Judicial Remedies and Oversight Mechanisms

1. Exercising Data Subject Rights

• Individuals can request access to or deletion of their SIS data through national SIRENE Bureaux (Articles 47–48, Regulation (EU) 2018/1861).

• Appeals can be made to national courts or data protection authorities for breaches of GDPR rights.

2. Challenging Alerts

• Unlawful alerts can be contested through administrative or judicial review in any member state, regardless of where the alert was issued.

• Compensation claims can be filed for damages caused by inaccurate or unlawfully processed data.

3. Advocacy for Legal Reforms

• Call for independent oversight by the European Data Protection Supervisor (EDPS).

• Advocate for stricter thresholds for issuing and accessing alerts to prevent abuse.

Conclusion

While SIS is indispensable for the EU’s border and security framework, its operation must align with fundamental rights and data protection standards. Legal practitioners and human rights advocates play a crucial role in holding authorities accountable, ensuring that individual rights are not sacrificed for collective security. Proactive litigation, independent oversight, and continuous legal reform are essential to achieving this balance.

References:

1. Regulation (EU) 2018/1861, 2018/1862, and 2018/1860.

2. Regulations (EU) 2019/817 and 2019/818 on Interoperability.

3. CJEU: Schrems II (C-311/18), Digital Rights Ireland (C-293/12 and C-594/12).

4. ECtHR: S. and Marper v UK (Applications No. 30562/04 and 30566/04).

5. Reports: EDPS Opinion 4/2018, FRA Interoperability and Fundamental Rights Risks (2020).