Regulation (EC) No 1987/2006 of the European Parliament and of the CouncilShow full title

CHAPTER VIU.K.DATA PROTECTION

Article 40U.K.Processing of sensitive categories of data

Processing of the categories of data listed in Article 8(1) of Directive 95/46/EC shall be prohibited.

Article 41U.K.Right of access, correction of inaccurate data and deletion of unlawfully stored data

1.The right of persons to have access to data relating to them entered in SIS II in accordance with this Regulation shall be exercised in accordance with the law of the Member State before which they invoke that right.

2.If national law so provides, the national supervisory authority shall decide whether information is to be communicated and by what procedures.

3.A Member State other than that which has issued an alert may communicate information concerning such data only if it first gives the Member State issuing the alert an opportunity to state its position. This shall be done through the exchange of supplementary information.

4.Information shall not be communicated to the data subject if this is indispensable for the performance of a lawful task in connection with an alert or for the protection of the rights and freedoms of third parties.

5.Any person has the right to have factually inaccurate data relating to him corrected or unlawfully stored data relating to him deleted.

6.The individual concerned shall be informed as soon as possible and in any event not later than 60 days from the date on which he applies for access or sooner, if national law so provides.

7.The individual shall be informed about the follow-up given to the exercise of his rights of correction and deletion as soon as possible and in any event not later than three months from the date on which he applies for correction or deletion or sooner, if national law so provides.

Article 42U.K.Right of information

1.Third-country nationals who are the subject of an alert issued in accordance with this Regulation shall be informed in accordance with Articles 10 and 11 of Directive 95/46/EC. This information shall be provided in writing, together with a copy of or a reference to the national decision giving rise to the alert, as referred to in Article 24(1).

2.This information shall not be provided:

(a)where

(b)where the third country national in question already has the information;

(c)where national law allows for the right of information to be restricted, in particular in order to safeguard national security, defence, public security and the prevention, investigation, detection and prosecution of criminal offences.

Article 43U.K.Remedies

1.Any person may bring an action before the courts or the authority competent under the law of any Member State to access, correct, delete or obtain information or to obtain compensation in connection with an alert relating to him.

2.The Member States undertake mutually to enforce final decisions handed down by the courts or authorities referred to in paragraph 1, without prejudice to the provisions of Article 48.

3.The rules on remedies provided for in this Article shall be evaluated by the Commission by 17 January 2009.

Article 44U.K.Supervision of N.SIS II

1.The authority or authorities designated in each Member State and endowed with the powers referred to in Article 28 of Directive 95/46/EC (the ‘National Supervisory Authority’) shall monitor independently the lawfulness of the processing of SIS II personal data on their territory and its transmission from that territory, and the exchange and further processing of supplementary information.

2.The National Supervisory Authority shall ensure that an audit of the data processing operations in its N.SIS II is carried out in accordance with international auditing standards at least every four years.

3.Member States shall ensure that their National Supervisory Authority has sufficient resources to fulfil the tasks entrusted to it under this Regulation.

Article 45U.K.Supervision of the Management Authority

1.The European Data Protection Supervisor shall check that the personal data processing activities of the Management Authority are carried out in accordance with this Regulation. The duties and powers referred to in Articles 46 and 47 of Regulation (EC) No 45/2001 shall apply accordingly.

2.The European Data Protection Supervisor shall ensure that an audit of the Management Authority's personal data processing activities is carried out in accordance with international auditing standards at least every four years. A report of such audit shall be sent to the European Parliament, the Council, the Management Authority, the Commission and the National Supervisory Authorities. The Management Authority shall be given an opportunity to make comments before the report is adopted.

Article 46U.K.Cooperation between National Supervisory Authorities and the European Data Protection Supervisor

1.The National Supervisory Authorities and the European Data Protection Supervisor, each acting within the scope of its respective competences, shall cooperate actively in the framework of their responsibilities and shall ensure coordinated supervision of SIS II.

2.They shall, each acting within the scope of its respective competences, exchange relevant information, assist each other in carrying out audits and inspections, examine difficulties of interpretation or application of this Regulation, study problems with the exercise of independent supervision or in the exercise of the rights of data subjects, draw up harmonised proposals for joint solutions to any problems and promote awareness of data protection rights, as necessary.

3.The National Supervisory Authorities and the European Data Protection Supervisor shall meet for that purpose at least twice a year. The costs and servicing of these meetings shall be for the account of the European Data Protection Supervisor. Rules of procedure shall be adopted at the first meeting. Further working methods shall be developed jointly as necessary. A joint report of activities shall be sent to the European Parliament, the Council, the Commission and the Management Authority every two years.

Article 47U.K.Data protection during the transitional period

Where the Commission delegates its responsibilities during the transitional period to another body or bodies, pursuant to Article 15(4), it shall ensure that the European Data Protection Supervisor has the right and is able to fully exercise his tasks, including carrying out on-the-spot checks, and to exercise any other powers conferred on him by Article 47 of Regulation (EC) No 45/2001.