Council Decision 2007/533/JHAShow full title

CHAPTER XIIDATA PROTECTION

Article 56Processing of sensitive categories of data

Processing of the categories of data listed in the first sentence of Article 6 of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data of 28 January 1981, shall be prohibited.

Article 57Application of the Council of Europe Data Protection Convention

Personal data processed in application of this Decision shall be protected in accordance with the Council of Europe Convention of 28 January 1981 for the protection of individuals with regard to automatic processing of personal data, and subsequent amendments thereto.

Article 58Right of access, correction of inaccurate data and deletion of unlawfully stored data

1.The right of persons to have access to data relating to them entered in SIS II in accordance with this Decision shall be exercised in accordance with the law of the Member State before which they invoke that right.

2.If national law so provides, the national supervisory authority shall decide whether information is to be communicated and by what procedures.

3.A Member State other than that which has issued an alert may communicate information concerning such data only if it first gives the Member State issuing the alert an opportunity to state its position. This shall be done through the exchange of supplementary information.

4.Information shall not be communicated to the data subject if this is indispensable for the performance of a lawful task in connection with an alert or for the protection of the rights and freedoms of third parties.

5.Any person has the right to have factually inaccurate data relating to him corrected or unlawfully stored data relating to him deleted.

6.The individual concerned shall be informed as soon as possible and in any event not later than 60 days from the date on which he applies for access or sooner if national law so provides.

7.The individual shall be informed about the follow-up given to the exercise of his rights of correction and deletion as soon as possible and in any event not later than three months from the date on which he applies for correction or deletion or sooner if national law so provides.

Article 59Remedies

1.Any person may bring an action before the courts or the authority competent under the law of any Member State to access, correct, delete or obtain information or to obtain compensation in connection with an alert relating to him.

2.The Member States undertake mutually to enforce final decisions handed down by the courts or authorities referred to in paragraph 1, without prejudice to the provisions of Article 64.

3.The rules on remedies provided for in this Article shall be evaluated by the Commission by 23 August 2009.

Article 60Supervision of N.SIS II

1.Each Member State shall ensure that an independent authority (the national supervisory authority) monitors independently the lawfulness of the processing of SIS II personal data on their territory and its transmission from their territory, and the exchange and further processing of supplementary information.

2.The national supervisory authority shall ensure that an audit of the data processing operations in its N.SIS II is carried out in accordance with international auditing standards at least every four years.

3.Member States shall ensure that their national supervisory authority has sufficient resources to fulfil the tasks entrusted to it under this Decision.

Article 61Supervision of the Management Authority

1.The European Data Protection Supervisor shall check that the personal data processing activities of the Management Authority are carried out in accordance with this Decision. The duties and powers referred to in Articles 46 and 47 of Regulation (EC) No 45/2001 shall apply accordingly.

2.The European Data Protection Supervisor shall ensure that an audit of the Management Authority's personal data processing activities is carried out in accordance with international auditing standards at least every four years. A report of such audit shall be sent to the European Parliament, the Council, the Management Authority, the Commission and the National Supervisory Authorities. The Management Authority shall be given an opportunity to make comments before the report is adopted.

Article 62Cooperation between national supervisory authorities and the European Data Protection Supervisor

1.The national supervisory authorities and the European Data Protection Supervisor, each acting within the scope of its respective competences, shall cooperate actively in the framework of their responsibilities and shall ensure coordinated supervision of SIS II.

2.They shall, each acting within the scope of its respective competences, exchange relevant information, assist each other in carrying out audits and inspections, examine difficulties of interpretation or application of this Decision, study problems with the exercise of independent supervision or in the exercise of the rights of data subjects, draw up harmonised proposals for joint solutions to any problems and promote awareness of data protection rights, as necessary.

3.The national supervisory authorities and the European Data Protection Supervisor shall meet for that purpose at least twice a year. The costs and servicing of these meetings shall be for the account of the European Data Protection Supervisor. Rules of procedure shall be adopted at the first meeting. Further working methods shall be developed jointly as necessary. A joint report of activities shall be sent to the European Parliament, the Council, the Commission and the Management Authority every two years.

Article 63Data protection during the transitional period

Where the Commission delegates its responsibilities during the transitional period to another body or bodies, pursuant to Article 15(4), it shall ensure that the European Data Protection Supervisor has the right and is able to fully exercise his tasks, including carrying out on-the-spot checks and to exercise any other powers conferred on him by Article 47 of Regulation (EC) No 45/2001.