Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Sweden: IMY identifies deficiencies with Swedish Police in handling of personal data under Schengen Information System

The Swedish Authority for Privacy Protection ('IMY') announced, on 30 September 2022, that it had completed its examination into the handling of personal data under the Schengen Information System ('SIS II') by the Swedish Police. In particular, the IMY noted that, pursuant to the Regulation on the Establishment, Operation and Use of the Second Generation Schengen Information System (Regulation (EU) 1987/2006), SIS II is a common IT system in which EU Member States can exchange information on wanted persons.

Accordingly, as part of its requirement to review the system every four years, the IMY found a number of shortcomings in the Police's use of the SIS II. More specifically, the IMY directed the Police to introduce and document individual examinations when extending registrations in the SIS II. Furthermore, the IMY indicated that the Police had stored user logs for longer than the permitted three years and must therefore introduce routines and/or technical functions to prevent such logs from being stored longer than permitted. As such, the IMY concluded that, no later than three months after its decision has become legally binding, the Police must submit a written action plan to the IMY, detailing the measures that it intends to take in relation to the identified deficiencies.

You can read the press release, only available in Swedish, here.