News
Knowing Your Data Related Rights: Romania's Schengen Full Access
After more than a decade of anticipation, Romania has officially become a full member of the Schengen Area. As of 1 January 2025, land border checks with Romania and Bulgaria are a thing of the past, building on the earlier removal of air and sea border controls on 31 March 2024. This article explores the impact of Romania's full Schengen accession, with a special focus on the rights of data subjects in this new context.
Introduction
Romania's recent accession to the Schengen Area has opened new doors for the free movement of over 400 million European Union (EU) citizens, as well as non-EU residents and visitors traveling for tourism, study or business purposes. This expanded mobility brings new challenges and requirements from the perspectives of personal data protection and data security, such as access to the Schengen Information System (SIS) which safeguards public order and national security through data exchange across Schengen Member States.
For Romania, as a recent participant to the SIS, the system also incorporates its national component, the National Information System of Alerts (NISA).
Understanding SIS and NISA
SIS is a large-scale information system that supports external border control and law cooperation among the Schengen Member States. By linking national databases through a central architecture, SIS facilitates the sharing of data on individuals, vehicles, and goods for various purposes, including criminal investigations, missing person alerts and visa-related issues.
A new version of Schengen Information System (SIS II) started operating on 7 March 2023.
The legal framework under which SIS operates consists primarily of three EU Regulations: (i) Regulation (EU) 2018/1862 – concerning police and judicial cooperation, (ii) Regulation (EU) 2018/1861 – addressing border checks, and (iii) Regulation (EU) 2018/1860 – focused on the return of third-country nationals staying illegally.
In order to allow the proper application of certain provisions of the aforementioned EU Regulations, Romania has enacted Law No. 76/2023, regulating the organisation and functioning of the NISA and participation of Romania in the SIS.
Ensuring Data Protection and Transparency
The Romanian Data Protection Authority (ANSPDCP), as national supervisory authority for the processing of personal data in Romania, monitors independently the lawfulness of the personal data processing in the NISA. Among others, it ensures the audits of the data processing operations in the NISA.
Law No. 76/2023 emphasizes the importance of transparency and accountability in data processing within NISA and SIS. Article 61 of the law specifies that data processing in these systems must comply with the GDPR and Romania’s Law No. 363/2018 (which refers to the processing of personal data carried out by public authorities in relation to criminal offences and the application and enforcement of criminal sanctions). This legal framework guarantees that Romania's participation in the Schengen Area aligns with EU data protection standards while maintaining high levels of national security and public safety.
Key Data Subject Rights under SIS and NISA
Individuals whose data is processed within SIS or NISA have the following data subject rights according to the GDPR:
- Right of Access: individuals have the right to know if their personal data is being processed in the SIS or NISA and, if so, to access that data.
- Right to Rectification: individuals can request the correction of inaccurate or incomplete data held about them in the SIS or NISA.
- Right to Erasure ("right to be forgotten"): allows individuals to request the deletion of their data if the legal grounds allow it.
Data subject requests to access, rectify or erase data can be submitted to the Data Protection Office within the General Inspectorate of Romanian Police (the "Data Protection Office") at the dedicated email address: cererischengen@politiaromana.ro.
Alternatively, data subjects may file requests to exercise their rights (in the context of data processing in the NISA or SIS) with any competent national authority, such as: Romanian Police, Romanian Border Police, Romanian Gendarmerie, General Inspectorate for Immigration, General Directorate for Personal Records, General Directorate for Passports or Ministry of Foreign Affairs. These authorities have the obligation to forward such requests to the Data Protection Office within 5 working days of receipt.
The Data Protection Office must inform the data subject of any action taken on their request within one month of receipt. This period may be extended by an additional two months if the request is particularly complex or if there are numerous requests.
If a data subject does not receive a response from the Data Protection Office or is dissatisfied with the outcome, they have the right to contact the ANSPDCP for further review and resolution.
Conclusion
Romania's access to the Schengen Area marks a significant step towards greater European integration. It also brings both opportunities and responsibilities. While Romania benefits from increased mobility and security cooperation through the Schengen Information System, it also creates the framework to uphold the fundamental data protection rights of its citizens and residents.
Article provided by INPLP members: Adelina Iftime-Blagean and Nina Lazar (Wolf Theiss Rechtsanwälte GmbH & Co KG, Romania)
Discover more about the INPLP and the INPLP-Members
Dr. Tobias Höllwarth (Managing Director INPLP)
News Archiv
- Alle zeigen
- Jänner 2025
- Dezember 2024
- November 2024
- Oktober 2024
- September 2024
- August 2024
- Juli 2024
- Juni 2024
- Mai 2024
- April 2024
- März 2024
- Februar 2024
- Jänner 2024
- Dezember 2023
- November 2023
- Oktober 2023
- September 2023
- August 2023
- Juli 2023
- Juni 2023
- Mai 2023
- April 2023
- März 2023
- Februar 2023
- Jänner 2023
- Dezember 2022
- November 2022
- Oktober 2022
- September 2022
- August 2022
- Juli 2022
- Mai 2022
- April 2022
- März 2022
- Februar 2022
- November 2021
- September 2021
- Juli 2021
- Mai 2021
- April 2021
- Dezember 2020
- November 2020
- Oktober 2020
- Juni 2020
- März 2020
- Dezember 2019
- Oktober 2019
- September 2019
- August 2019
- Juli 2019
- Juni 2019
- Mai 2019
- April 2019
- März 2019
- Februar 2019
- Jänner 2019
- Dezember 2018
- November 2018
- Oktober 2018
- September 2018
- August 2018
- Juli 2018
- Juni 2018
- Mai 2018
- April 2018
- März 2018
- Februar 2018
- Dezember 2017
- November 2017
- Oktober 2017
- September 2017
- August 2017
- Juli 2017
- Juni 2017
- Mai 2017
- April 2017
- März 2017
- Februar 2017
- November 2016
- Oktober 2016
- September 2016
- Juli 2016
- Juni 2016
- Mai 2016
- April 2016
- März 2016
- Februar 2016
- Jänner 2016
- Dezember 2015
- November 2015
- Oktober 2015
- September 2015
- August 2015
- Juli 2015
- Juni 2015
- Mai 2015
- April 2015
- März 2015
- Februar 2015
- Jänner 2015
- Dezember 2014
- November 2014
- Oktober 2014
- September 2014
- August 2014
- Juli 2014
- Juni 2014
- Mai 2014
- April 2014
- März 2014
- Februar 2014
- Jänner 2014
- Dezember 2013
- November 2013
- Oktober 2013
- September 2013
- August 2013
- Juli 2013
- Juni 2013
- Mai 2013
- April 2013
- März 2013
- Februar 2013
- Jänner 2013
- Dezember 2012
- November 2012
- Oktober 2012
- September 2012
- August 2012
- Juli 2012
- Juni 2012
- Mai 2012
- April 2012
- März 2012
- Februar 2012
- Jänner 2012
- Dezember 2011
- November 2011
- Oktober 2011
- September 2011
- Juli 2011
- Juni 2011
- Mai 2011
- April 2011
- März 2011
- Februar 2011
- Jänner 2011
- November 2010
- Oktober 2010
- September 2010
- Juli 2010