Protection of individuals with regard to the processing of personal data in the Schengen Information System (SIS)

Presentation of the Schengen Information System

The Schengen Information System (SIS) was implemented as a search system for persons and objects by the Convention implementing the Schengen Agreement of 19 June 1990. The SIS was devised as a compensatory measure to the lifting of internal border controls with the aim of ensuring a high level of security in the European Union’s area of freedom, security and justice. The Council Decision 2007/533/JHA of 12 June 2007, as well as the European Regulation 1987/2006 of 20 December 2006 on the establishment, operation and use of the second generation Schengen Information System, laid the legal foundation for the second generation of the SIS (SIS II) and introducing several new functionalities. Thus, the system includes the following alerts: 

On persons: 

  • for a refusal of entry or stay;
  • wanted for arrest for surrender or extradition purposes;
  • who are missing;
  • sought for assistance with a judicial procedure;
  • for discreet checks or specific checks. 

On objects: 

  • for discreet checks or specific checks;
  • for seizure or use as evidence in criminal proceedings.

Monitoring the processing of personal data:

The processing of data by the Grand Ducal Police is done in accordance with the law of the 1st of August 2018 on the protection of individuals with regard to the processing of personal data by law enforcement authorities, transposing the Directive 2016/680 into national law. The controller shall implement the appropriate technical and organisational measures to ensure and be able to demonstrate that the processing is carried out by the Grand-Ducal Police in accordance with the national and European legal framework. The controller shall ensure that in case of infringement of the data processing rules, the necessary corrections and cancellations are being made.

In order to assert their rights described hereafter, the individual must send a written request to the controller accompanied by a copy of his/her ID document, to the following address:

In order to assert their rights described hereafter, the individual must send a written request to the controller accompanied by a copy of his/her ID document, to the following address:

Direction générale – Direction des relations internationales
Cité Policière Grand-Duc Henri
Complexe A, rue de Trèves
L-2957 Luxembourg

Data subjects’ rights

In order to ensure the protection of individuals with regard to the processing of personal data, the European legal instruments, in particular the SIS II Regulation in its Article 41 for the reporting of persons for the purposes of non-admission or prohibition of residence, and the SIS II Decision in its Article 58 for other categories of alerts, grant individuals the right of access to personal data relating to them, as well as the rights to obtain rectification of inaccurate data and deletion of illegally stored data.

In the Grand Duchy of Luxembourg, each data subject may assert his/her right of access, rectification and deletion directly to the Grand Ducal Police of Luxembourg. The SIS II Decision in Article 58 specifies that everyone has the right of access to his/her personal data entered in SIS II. To do this, the person concerned must send a written request, accompanied by a copy of his/her ID document, to the controller at the “Direction des relations internationales”. According to the law of the 1st of August 2018 on the protection of individuals with regard to the processing of personal data by law enforcement authorities transposing the Directive 2016/680, the data subject may also address a complaint to a supervisory authority in case of an unsatisfactory response from the controller that means from the Grand Ducal Police. The address of the competent authority (CNPD) is the following:

Commission nationale pour la protection des données
Service des réclamations
1, avenue du Rock’n’Roll
L-4361 Esch-sur-Alzette

Last update