The Visa Information System (Vis) - Garante privacy en
The Visa Information System (Vis)
The Visa Information System (Vis)
What is the VIS?
The visa information system (VIS), established by the Council Decision 2004/512/EC of 8 June 2004, is a system for the exchange of visa data between the Member States that are parties to the Schengen Agreement. The establishment of the VIS represents one of the key initiatives within the framework of the EU policies aimed at creating an area of freedom, security and justice.
Operation of the VIS is set out in the Regulation (EC) No. 767/2008 of the European Parliament and of the Council of 9 July 2008. The system consists of a central European database connected to the national interfaces of the visa authorities in Schengen States. For the purpose of the implementation of the VIS, consular posts and external borders of those States are also connected to the VIS through the national interfaces.
The main objectives of the VIS are to facilitate visa application procedures, to facilitate checks at external borders and within the national territories, and to strengthen security in Europe. The VIS also prevents the so-called visa shopping and assists Member States in the fight against fraud.
How does the VIS work in practice?
During the visa application process, certain personal data relating to the applicant are collected and entered into the VIS. These include a photograph of the applicant, his/her 10 fingerprints (if applicable), and the personal data contained in the visa application form.
These data are then transmitted to the competent visa authorities of the Member States and processed in order to take a decision on the visa application.
The applicant's personal data as well as the data concerning the decision about his/her application or any decision to annul, revoke or extend an issued visa are entered and stored in the VIS for a maximum period of five years.
Thus, any VIS data collected during previous applications may be re-used for applications in the next 5 years, unless there is a reasonable doubt regarding the applicant's identity.
Data protection and access to the VIS
The VIS contains the biometric data of all short-stay visa applicants in the Schengen Area, along with the data provided in the visa application form.
In Italy (see the Interministerial Decree No. 4516/495 of 6 October 2011), the VIS may only be accessed by the duly authorised staff of:
• The Ministry of Foreign Affairs and International Cooperation, for examining visa applications submitted abroad and taking decisions related to them;
• The Ministry of Interior, for examining visa applications submitted at external borders and determining the Member State responsible for examining an asylum application.
Furthermore, the VIS may be accessed by the duly authorised staff of the State Police and other Police Forces, both at external borders and within the territory of Schengen States, to verify the identity of a visa holder and/or the authenticity of the visa and to check whether an individual does or does not fulfil the conditions for entry, stay or residence. These procedures are aimed at improving security in the Schengen Area.
Under certain conditions, access to VIS data may be requested by the European Police Office (Europol) and Police authorities for the purposes of prevention, detection and investigation of terrorist offences or other serious criminal offences (see Council Decision 2008/633/JHA of 23 June 2008).
The European Data Protection Supervisor (EDPS) monitors the processing of personal data at European level in the central VIS database.
In Italy, controllers for the processing of personal data collected at national level and transmitted to the central VIS database are the following authorities, with regard to the activities falling under the respective scope of competence:
• The Ministry of Foreign Affairs and International Cooperation (Piazzale della Farnesina 1, 00135 Roma, www.esteri.it/mae/en/);
• The Ministry of Interior (Piazza del Viminale 1, 00184 Roma, www.interno.gov.it/en).
The Italian Data Protection Authority (Garante per la protezione dei dati personali http://www.garanteprivacy.it/web/guest/home_en) is competent to monitor the lawfulness of the processing of personal data in the VIS, at national level, pursuant to Legislative Decree No. 196 of 30 June 20030.
Exercise of the rights of access, rectification or deletion of personal data in the VIS
The visa applicant has the right to obtain, in any Member State, the communication of his/her personal data recorded in the VIS and of the Member State that transmitted them. Moreover, the applicant has the right to request that data relating to him which are inaccurate be corrected and that data unlawfully recorded be deleted (art. 38, Regulation (EC) 767/2008).
In Italy, one can exercise the rights of access, rectification or deletion of personal data recorded in the VIS by contacting directly:
• as for visa applications submitted abroad, the head of the Visa Office that examined the application, who will in turn transmit the request to the Central Visa Unit – DGIT VI at the Ministry of Foreign Affairs and International Cooperation;
• as for visa applications submitted at external borders, the director of the Border Police Office that examined the application, who will in turn transmit the request to the Borders Police Service of the Central Directorate for Immigration and Borders Police at the Ministry of Interior.
No specific format is required to exercise the above rights; thus, a registered letter, a fax or an email will all be acceptable, but it will be necessary to provide or attach a copy of an identity document, if the data subject's identity cannot be established otherwise. To exercise the above rights the forms available at the following link may be used:
A suitable response must be provided to the said request without undue delay and in any case within one month of its receipt.
Similarly, in the case of requests for correction of incorrect data or deletion of data unlawfully recorded in the Vis, such operations must be carried out within the same time limits. If the data have been entered by another Member State, the Italian authority that received the request (MAECI, Ministry of the Interior), within 14 days, will contact the Member State responsible, which shall check the accuracy of the data and the lawfulness of their processing in the Vis within a period of one month and shall inform the data subject accordingly (cf. art. 38, Regulation 2008/767; Articles 12 of Regulation (EU) 2016/679).
In the event of a negative or an unsatisfactory reply, the data subject may either claim his rights before a judicial authority (Section 152 of Legislative Decree 196/2003) or, alternatively, lodge a complaint with the Italian Data Protection Authority (art. 77 of Regulation (EU) 2016/679).
In any case, to obtain additional information on the actions available to enforce your data protection rights, please contact the Italian Garante at the following address:
Garante per la Protezione dei Dati Personali
Piazza Venezia n. 11
Phone: (+39) 06.696771
Fax: (+39) 06.69677.3785