Choose the experimental features you want to try

This document is an excerpt from the EUR-Lex website

Document 32022D2206

Commission Implementing Decision (EU) 2022/2206 of 11 November 2022 laying down the reporting template for the annual reports to the European Data Protection Board by Member States on the exercise of the rights of data subjects related to the Schengen Information System

C/2022/8020

OJ L 293, 14.11.2022, p. 50–55 (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

Legal status of the document In force

ELI: http://data.europa.eu/eli/dec_impl/2022/2206/oj

14.11.2022   

EN

Official Journal of the European Union

L 293/50


COMMISSION IMPLEMENTING DECISION (EU) 2022/2206

of 11 November 2022

laying down the reporting template for the annual reports to the European Data Protection Board by Member States on the exercise of the rights of data subjects related to the Schengen Information System

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006 (1), and in particular Article 54(3) thereof,

Having regard to Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU (2), and in particular Article 68(3) thereof,

Whereas:

(1)

Regulations (EU) 2018/1861 and (EU) 2018/1862 lay down new rules on the establishment, operation and use of the Schengen Information System. The new Regulations increase the effectiveness and strengthen the technical and operational efficiency of the Schengen Information System and extend its use by introducing new alert categories and functionalities. In addition, Regulation (EU) 2018/1860 of the European Parliament and of the Council (3) established a new type of alert on the return of third-country nationals.

(2)

Regulation (EU) 2018/1861 constitutes the legal basis for the Schengen Information System in respect of matters falling within the scope of Chapter 2 of Title V of Part Three of the Treaty on Functioning of the European Union (TFEU) and Regulation (EU) 2018/1862 constitutes the legal basis for the Schengen Information System in respect of matters falling within the scope of Chapters 4 and 5 of Title V of Part Three of the TFEU. The fact that the legal basis for the Schengen Information System consists of separate instruments does not affect the principle that the Schengen Information System constitutes one single information system that should operate as such.

(3)

Directive (EU) 2016/680 of the European Parliament and of the Council (4) and Regulation (EU) 2016/679 of the European Parliament and of the Council (5), together with Regulations (EU) 2018/1861 and (EU) 2018/1862, set out the rights of data subjects regarding the processing of their personal data in relation to the use of the Schengen Information System by the national competent authorities, as well as the procedures for exercising such rights.

(4)

The national independent supervisory authorities referred to in Directive (EU) 2016/680 and Regulation (EU) 2016/679 monitor the lawfulness of the processing of personal data by the Member States in relation to their use of the Schengen Information System.

(5)

In accordance with Regulations (EU) 2018/1861 and (EU) 2018/1862, Member States are to report annually to the European Data Protection Board on the exercise of the rights of data subjects in accordance with a template to be developed by the Commission.

(6)

In order to ensure that the annual reports from Member States provide for a consistent overview of the functioning of remedies available to data subjects, the template should set out the data to be collected under Regulations (EU) 2018/1861 and (EU) 2018/1862, concerning the exercise of the rights of data subjects for access, rectification and erasure of their personal data stored in the Schengen Information System, as well as on remedies before national courts and the mutual recognition of judgments.

(7)

By virtue of Article 19 of Regulation (EU) 2018/1860, Article 54(3) of Regulation (EU) 2018/1861 is also applicable to alerts on the return of third-country nationals. Therefore, Member States should also include in their annual reports to the European Data Protection Board the exercise of the rights of data subjects concerning that alert category.

(8)

In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark did not take part in the adoption of Regulation (EU) 2018/1861 and Regulation (EU) 2018/1862 and is not bound by them or subject to their application. However, given that Regulation (EU) 2018/1861 and Regulation (EU) 2018/1862 build upon the Schengen acquis, Denmark, in accordance with Article 4 of that Protocol, notified on 26 April 2019 its decision to implement Regulation (EU) 2018/1861 and Regulation (EU) 2018/1862 in its national law. Denmark is therefore bound under international law to implement this Decision.

(9)

Ireland is taking part in this Decision to the extent that it concerns Regulation (EU) 2018/1862 in accordance with Article 5(1) of Protocol No 19 on the Schengen acquis integrated into the framework of the European Union, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union and Article 6(2) of Council Decision 2002/192/EC (6), read in conjunction with Council Implementing Decision (EU) 2020/1745 (7).

(10)

As regards Iceland and Norway, this Decision constitutes a development of provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning these States’ association with the implementation, application and development of the Schengen acquis (8), which fall within the area referred to in Article 1, point (G) of Council Decision 1999/437/EC (9).

(11)

As regards Switzerland, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (10), which fall within the area referred to in Article 1, point (G), of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/146/EC (11) and Article 3 of Council Decision 2008/149/JHA (12).

(12)

As regards Liechtenstein, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (13), which fall within the area referred to in Article 1, point (G), of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU (14) and Article 3 of Council Decision 2011/349/EU (15).

(13)

As regards Bulgaria and Romania, this Decision constitutes an act building upon, or otherwise relating to, the Schengen acquis within the meaning of Article 4(2) of the 2005 Act of Accession and should be read in conjunction with Council Decisions 2010/365/EU (16) and (EU) 2018/934 (17).

(14)

As regards Croatia, this Decision constitutes an act building upon, or otherwise relating to, the Schengen acquis within the meaning of Article 4(2) of the 2011 Act of Accession and should be read in conjunction with Council Decision (EU) 2017/733 (18).

(15)

Concerning Cyprus, this Decision constitutes an act building upon, or otherwise relating to, the Schengen acquis within the meaning of Article 3(2) of the 2003 Act of Accession.

(16)

The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (19) and delivered an opinion on 11 July 2022,

HAS ADOPTED THIS DECISION:

Article 1

The information referred to in Article 54(3) of Regulation (EU) 2018/1861 and Article 68(3) Regulation (EU) 2018/1862 shall be provided in accordance with the template set out in the Annex to this Decision.

Article 2

This Decision shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

Done at Brussels, 11 November 2022.

For the Commission

The President

Ursula VON DER LEYEN


(1)   OJ L 312, 7.12.2018, p. 14.

(2)   OJ L 312, 7.12.2018, p. 56.

(3)  Regulation (EU) 2018/1860 of the European Parliament and of the Council of 28 November 2018 on the use of the Schengen Information System for the return of illegally staying third-country nationals (OJ L 312, 7.12.2018, p. 1).

(4)  Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89).

(5)  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).

(6)  Council Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen acquis (OJ L 64, 7.3.2002, p. 20).

(7)  Council Implementing Decision (EU) 2020/1745 of 18 November 2020 on the putting into effect of the provisions of the Schengen acquis on data protection and on the provisional putting into effect of certain provisions of the Schengen acquis in Ireland (OJ L 393, 23.11.2020, p. 3).

(8)   OJ L 176, 10.7.1999, p. 36.

(9)  Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (OJ L 176, 10.7.1999, p. 31).

(10)   OJ L 53, 27.2.2008, p. 52.

(11)  Council Decision 2008/146/EC of 28 January 2008 on the conclusion, on behalf of the European Community, of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (OJ L 53, 27.2.2008, p. 1).

(12)  Council Decision 2008/149/JHA of 28 January 2008 on the conclusion on behalf of the European Union of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (OJ L 53, 27.2.2008, p. 50).

(13)   OJ L 160, 18.6.2011, p. 21.

(14)  Council Decision 2011/350/EU of 7 March 2011 on the conclusion, on behalf of the European Union, of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis, relating to the abolition of checks at internal borders and movement of persons (OJ L 160, 18.6.2011, p. 19).

(15)  Council Decision 2011/349/EU of 7 March 2011 on the conclusion on behalf of the European Union of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis, relating in particular to judicial cooperation in criminal matters and police cooperation (OJ L 160, 18.6.2011, p. 1).

(16)  Council Decision 2010/365/EU of 29 June 2010 on the application of the provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Bulgaria and Romania (OJ L 166, 1.7.2010, p. 17).

(17)  Council Decision (EU) 2018/934 of 25 June 2018 on the putting into effect of the remaining provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Bulgaria and Romania (OJ L 165, 2.7.2018, p. 37).

(18)  Council Decision (EU) 2017/733 of 25 April 2017 on the application of the provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Croatia (OJ L 108, 26.4.2017, p. 31).

(19)  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).


ANNEX

TEMPLATE FOR THE ANNUAL REPORT TO THE EUROPEAN DATA PROTECTION BOARD UNDER aRTICLE 54(3) OF REGULATION (EU) 2018/1861 AND ARTICLE 68(3) OF REGULATION (EU) 2018/1862

To be provided annually by each Member State by 31 March of the year following the year at issue.

The data shall be entered in a table containing the following structure and fields.

ANNUAL REPORT

To the European Data Protection Board in accordance with

Article 54(3) of Regulation (EU) 2018/1861 and Article 68(3) of Regulation (EU) 2018/1862

Member State:

Reporting period per calendar year:

Completed access requests  (1)

Alert on the data subject under Regulation (EU) 2018/1860

Alert on the data subject under Regulation (EU) 2018/1861

Alert on the data subject under Regulation (EU) 2018/1862

No alert on the applicant in the Schengen Information System (SIS)

1a.

The number of access requests submitted to the data controller

 

 

 

 

1b.

The number of cases where access to the data was granted (2)

 

 

 

 

2a.

The number of access requests submitted to the supervisory authority (3)

 

 

 

 

2b.

The number of cases where access to the data was granted (4)

 

 

 

 

Completed rectification requests  (5)

Alert on the data subject under Regulation (EU) 2018/1860

Alert on the data subject under Regulation (EU) 2018/1861

Alert on the data subject under Regulation (EU) 2018/1862

No alert on the applicant in the SIS

3a.

The number of requests for the rectification of inaccurate data submitted to the data controller

 

 

 

 

3b.

The number of cases where the data were rectified

 

 

 

 

4a.

The number of requests for the rectification of inaccurate data submitted to the supervisory authority (6)

 

 

 

 

4b.

The number of cases where the data were rectified (Optional  (7))

 

 

 

 

Completed erasure requests  (8)

Alert on the data subject under Regulation (EU) 2018/1860

Alert on the data subject under Regulation (EU) 2018/1861

Alert on the data subject under Regulation (EU) 2018/1862

No alert on the applicant in the SIS

5a.

The number of requests for the erasure of unlawfully stored data submitted to the data controller

 

 

 

 

5b.

The number of cases where the data were erased

 

 

 

 

6a.

The number of requests for the erasure of unlawfully stored data submitted to the supervisory authority (9)

 

 

 

 

6b.

The number of cases where the data were erased (Optional  (10))

 

 

 

 

 

Completed court cases  (11)

Alert on the data subject under Regulation (EU) 2018/1860

Alert on the data subject under Regulation (EU) 2018/1861

Alert on the data subject under Regulation (EU) 2018/1862

7a.

The number of court proceedings initiated

 

 

 

7b.

The number of cases where the court ruled in favour of the applicant

 

 

 

 

Please include any observations on cases of mutual recognition of final decisions handed down by the courts or authorities of other Member States on alerts entered by the issuing Member State

(Please add as many lines as needed.)

Article 54(3) of Regulation (EU) 2018/1861

Article 68(3) of Regulation (EU) 2018/1862

1.

 

1.

 

2.

 

2.

 

3.

 

3.

 


(1)  Please only include cases on which a final decision had been taken in the calendar year at issue, even if the request was submitted in a previous year.

(2)  Please include the total number of both full access granted and partial access granted and please add the number of partial access granted in brackets. Providing the separate number on partial access is optional.

(3)  Access requests in accordance with Article 17 of Directive (EU) 2016/680.

(4)  Please include the total number of both full access granted and partial access granted and please add the number of partial access granted in brackets. Providing the separate number on partial access is optional.

(5)  Please only include cases on which a final decision had been taken in the calendar year at issue, even if the request was submitted in a previous year.

(6)  Access requests in accordance with Article 17 of Directive (EU) 2016/680.

(7)  Member States may choose to fill in or not fill in the fields marked with ‘Optional’ as these data are not listed among the data to be reported to the European Data Protection Board in Article 54(3) of Regulation (EU) 2018/1861 or Article 68(3) of Regulation (EU) 2018/1862.

(8)  Please only include cases on which a final decision had been taken in the calendar year at issue, even if the request was submitted in a previous year.

(9)  Access requests according to Article 17 of Directive (EU) 2016/680.

(10)  Member States may choose to fill in or not fill in the fields marked with ‘Optional’ as these data are not listed among the data to be reported to the European Data Protection Board in Article 54(3) of Regulation (EU) 2018/1861 or Article 68(3) of Regulation (EU) 2018/1862.

(11)  Please only include cases on which a final decision had been taken in the calendar year at issue, even if the request was submitted in a previous year.


Top