The Schengen-wide entry ban: how are non-citizens’ personal data protected?

Abstract

ABSTRACT The article addresses the Schengen-wide entry ban, which is one of the key measures laid down in the EU Returns Directive (2008/115/EC). The entry ban entails that a non-citizen expelled from one member state is barred from returning to the whole Schengen area for up to five years, or longer in case of a threat to public policy or national security. The pan-European validity of the entry ban is ensured by an alert entered in the Schengen Information System (SIS). The alert is a set of personal data registered in the SIS which states may process to identify the person with a view of the refusal of entry. Processing personal data of non-citizens may pose a challenge to the protection of their data. The article assesses data protection rules laid down in the SIS Regulation (Regulation 1987/2006) and the Regulation which will replace it (Regulation 2018/1861). As it argues, SIS-specific data protection safeguards are frequently narrower than rules under data protection law, including the General Data Protection Regulation and Council of Europe Convention 108, and fall short of requirements flowing from the right to privacy under the European Convention of Human Rights and EU Charter of Fundamental Rights.