SIS II database takes on an ominous shape

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

Key points: 
- SIS set to become the EU's "Big Brother" database
- EU security and intelligence agencies to have access to all SIS data

"Requirements" for SIS II, the second generation Schengen Information System (SIS) have been outlined by the EU. The proposals would introduce a number of new functions for the SIS, allow more types of personal information to be retained, provide wider access to law enforcement and administrative agencies and reduce data protection standards.

The Schengen Convention was adopted in 1990 and lead to a whole series of measures for common standards and cooperation between its member states - collectively this is known as the Schengen acquis. Under the Amsterdam Treaty this acquis was incorporated into the EU and the whole acquis (which is still being added to) has to be adopted and implemented by all the EU applicant states.

The Schengen Information System (SIS) became operational in March 1995. This extensive database is housed in Strasbourg. Thirteen of the 15 EU states (excluding the UK and Ireland) are full "Schengen" members (signed up the the full Schengen Convention/acquis including the SIS). The UK and Ireland (who share a "common travel area") are about to participate in the SIS only on police, but not immigration, aspects. Two non-EU states - Norway and Iceland - are fully sign-up too, making a total of 15 states fully in Schengen.

The database is comprised on records put in by each of its EU member states which is then accessed by the other state agencies. The SIS database, which contains basic information, is backed up by a SIRENE Bureaux in each state which provides on request more detailed information/intelligence.

New functions

Four new functions for the SIS are planned. Two incorporate recent proposals - revealed by Statewatch - to create a database of violent trouble-makers, who to be prevented from travelling to certain events during certain periods, and another detailing all visas issued (and refused) Protestors database. The other two new roles for the SIS are entirely new proposals and would create a "restricted access terrorist database" and a new category of "persons precluded from leaving the Schengen area", including people under criminal investigation, prisoners on conditional release and children at risk from abduction.

New data

Under the proposals SIS II will contain new additional "identification material" such as photographs, fingerprints and "possibly even other material" (a potentially veiled reference to DNA profiles) as well as "intelligence markers", or police supposition, which would bring in suspected offences, any "psychological danger", covert markers (eg. "suspected drug dealer") and objects "owned, held or used".

The document also suggests biometrics records that would be linked by "SIS II to national databases for… facial/iris recognition, number plate recognition and fingerprint identification". In addition it is proposed to create "new categories of objects for the purpose of seizure, use as evidence in criminal proceedings or surveillance" and to record every search on the SIS that is carried out. It is claimed that this would allow greater data protection supervision although it would also expose enquiries by authorities in one member states to those of all the others.

New access

Data held in SIS II is to be made available to a number of new agencies. Europol and Eurojust will have access to SIS II - Europol may even be able to add, amend, modify and delete data, see: Europol powers extended. Public prosecutors and magistrates will be able to access the European Arrest Warrants which will be retained on the SIS and transmitted to police through either the SIRENE bureaux or Interpol (this matter is still under discussion).

It is also proposed to allow asylum authorities to check data under article 96 (see below) and to extend access for authorities issuing residence permits to data on lost or stolen identity documents.

A long-standing proposal to give governmental vehicle registration authorities access to data on stolen cars and licensing documents is included and there are new proposals to allow benefits agencies to check data on lost or stolen identity documents and central credit agencies to check the SIS in the context of combating cross-border fraud.

New access and database for EU security and intelligence agencies

Access for security and intelligence services is proposed and symbolises the way in which the SIS is being developed. This was not envisaged in the Schengen Convention and in fact provision was made for allowing "alerts" to be placed on the SIS on their behalf .

The intention is two-fold: First, to give the security and intelligence agencies direct access to the SIS and second to create on the SIS a "restricted access terrorist database". The rationale is to develop "alert and intervention plans" to deal with "transfrontier terrorist acts".

To rationalise giving them access the Council is arguing that "authorities responsible for State security" (under Article 99.3 of the Schengen Convention which allows for people and vehicles to be placed under discreet surveillance) include security and intelligence agencies who share tackling terrorism with "police services" - though this only applies to some of these agencies. Indeed the Belgium Presidency had already highlighted the need to define "those authorities responsible for State security" but because this has not been done:

"In the absence of such a definition it is the intention of these proposals to apply to those security and intelligence services with internal security responsibilities allied to Justice or Home Affairs/Interior Ministries as opposed to military or other intelligence services with external responsibilities"

However, it is clear that while Article 99.3 of the Schengen Convention allows "alerts" for surveillance to be placed on the SIS on behalf of "authorities responsible for State security" it does not give these agencies the right of access to "all SIS data". Under the Convention access is only allowed on a restictive basis, that is, data filed under Article 96 concerning refugees and aliens is only accessible by national immigration agencies. To suggest that the reference to "authorities responsible for State security" in Article 99.3 can be interpreted in a way that would allow them access to "all SIS data", without amending the Convention would be unlawful.

This legal and constitutional "double-talk" is indicative of the EU's policymaking post 11 September. Thus it is being proposed that these agencies should have access to "all SIS data" but fails to answers two critical questions also raised: namely, for "what purposes can they use the information" and "what data protection guarantees have to be provided" - in short, will the agencies have to apply the full provisions and restrictions in the Schengen Convention, or will this too be fudged?

The "restricted access terrorist database" raises the same fundamental issues:

"what kind of information can be included"?
"under what conditions can information be introduced"?
"for what purposes can this information be used"?
"what other data protection guarantees need to be provided"?

New attack on data protection

A number of technical and procedural upgrades are also proposed for SIS II. It is suggested that alerts could be "interlinked", although it is not clear exactly how. This may mean that records on different individuals could be linked to provide an alert to a group of people, or that individuals could be linked to specific objects etc. Multiple alerts on the same person by the same member state, which are already possible, are to be clarified in SIRENE manual; common rules on the period for which the SIRENE bureaux may store data will be drawn-up (they are currently decided by the member states in accordance with domestic law); and the possibility of extending the duration of alerts and replacing maximum deadlines by review deadlines is also on the agenda.

Every single proposal has implications for the data protection provisions in the Schengen Convention and it is hard to envisage anything but a significant reduction in the effect of existing standards, and a battle for the already hard pressed Schengen Joint Supervisory Authority on these issues.

New law enforcement?

Discussions on the scope of SIS II have been taking place over the last two years, and the EU claims that a consensus has now been reached on the need to expand the system and develop law enforcement capabilities.

"When the SIS was first created, its only purpose was to be a compensatory measure for the opening of the borders. Ever since, and not in the least because the SIS has proven to be a useful and efficient tool, recognition has grown that the potential of the SIS could be maximised… the idea of using the SIS data for other purposes than those initially foreseen, and especially for police information purposes in a broad sense, is now widely agreed upon and follows from the Council conclusions after the events of September 11 2001".

Tony Bunyan, Statewatch editor, commented:

"At the end of 2001 there were 10,541,271 records held on the SIS and this figure will grow enormously over the next few years, as will the number of state agencies who will have access to it. In the wake of 11 September records on protestors, terrorist "suspects", refugees and possibly all resident third country nationals are to be added.

The Schengen Joint Supervisory Authority has some oversight powers over data protection issues but none over the operation of the Schengen acquis as a whole. Nor is there any longer an annual report on the whole of the Schengen operation - this was arbitrarily abolished after May 1999 when the Amsterdam Treaty came into effect.

Furthermore to propose that EU security and intelligence agencies should have access to all SIS data without amending the Schengen Convention would be very simply unlawful.

We are heading for a situation where an enormous, intrusive, database will affect the lives of thousands of people without any proper accountability to parliaments let alone to civil society"

Summary of proposals

Requirements for which there is general agreement

- access for governmental vehicle registration authorities to data on stolen cars and lost documents;
- extended access for authorities issuing residence permits to data on lost or stolen identity documents;
- access for Eurojust to data under articles 95 and 99 (see below);
- new categories of objects for the purpose of seizure, use as evidence in criminal proceedings or surveillance;
- addition of certain details on persons or objects and covert and intelligence markers;
- interlinking of alerts;
- common rules on data storage period for SIRENE bureaux

Requirements that require further discussion

- access for security and intelligence services;
- restricted access terrorist database;
- access for Europol;
- incorporation of identification material; possibility of linking SIS II to national databases for "facial/iris recognition, number plate recognition and fingerprint identification";
- recording of all searches;
- persons precluded from leaving the Schengen area;
- access for public prosecutors and magistrates (relates to European arrest warrant)
- access for asylum authorities to article 96 data;
- extending duration of alerts and replacing maximum deadlines by review deadlines;
- access for benefits agencies to data on lost or stolen identity documents;
- access for central credit agencies;
- multiple alerts on the same person by the same member state;
- database of visas issued;
- database of violent trouble-makers whose free movement should be restricted at certain times.

Sources: Full-text: 5968/02, 5.2.02, 5969/02, 5.2.02

Story filed 4.4.02

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error