Image: Nick Lockey, CC BY-NC-ND 2.0
“Misleading” information on entry bans
The Italian police are providing “misleading” information to people who ask whether they are banned from entering the Schengen area, according to an internal EU report obtained by Statewatch (pdf).
Entry bans prohibit an individual from entering the Schengen area for a prescribed period of time. Recently, the Polish government proposed introducing indefinite entry bans.
The reference to Italy’s “misleading” practices is contained in a set of recommendations to the country currently being discussed by EU member state representatives.
Data protection law gives people the right to request access to information stored about them by government authorities. States can refuse access if they deem it necessary to protect public or national security.
According to the document, the Italian authorities issue a standard response to any such requests about entry bans.
That response is that “the data subject has no entry bans in the Schengen territory”.
The draft document says this is “considered as misleading in cases where no information about the alert is provided to the data subject for instance due to threats to public or national security.”
Insufficient staff at the data protection authority
Italy’s data protection authority does not have “sufficient staff” to supervise the use of two huge EU databases, according to the document.
The databases in question are:
-
the Schengen Information System (SIS), a huge policing and immigration database; and
-
the Visa Information System (VIS), used to store information on applicants for short and long-stay Schengen visas.
Entry bans are stored in the SIS. At the end of 2023, there were more than 600,000 bans registered in the database.
The EU recommendations say that information about the SIS published on the Italian interior ministry website needs to be “comprehensible to non-Italian speakers.”
The majority of information on persons stored in the SIS concerns non-EU citizens. The 600,000 entry bans in the SIS at the end of 2023 made up 43% of the almost 1.4 million alerts on persons in the database.
Regular inspections and audits needed
The draft recommendations also call on Italy to ensure that the data protection authority regularly inspects the agencies that use the SIS and the VIS, “such as the police, border guards and immigration authorities”.
Those inspections should include “regular checks and analysis of the log files,” which show who has accessed the system, when and for what purpose.
Audits of the two systems also need to be carried out “within the prescribed term of four-year cycle,” says the document, indicating that this is not currently the case.
Tourist data in police databases
The Italian authorities also appear to be lacking a security policy, data retention policy, and maximum retention period for “accommodation registration personal data”.
This is presumably a reference to the data collected from guests at hotels and other accommodation providers (pdf).
The draft recommendation says that the Italian authorities should:
Establish a security and data protection policy and monitor the practice on keeping accommodation registration personal data in a police data base to provide that, after all personal data are kept for the necessary checks in the initial period, regular review ensures that… personal data remain stored in a police database only for as long as necessary and proportionate.
Delayed recommendations
The recommendations are the result of an inspection carried out by the European Commission in September 2021.
The Council of the EU had not responded, by the time of publication, to a request from Statewatch for information on why the Council was only discussing the report now, some three years after the inspection took place.
Documentation
- Draft Council Implementing Decision setting out a recommendation on addressing the deficiencies identified in the 2021 evaluation of Italy on the application of the Schengen acquis in the field of data protection (Council doc. 15705/24, LIMITE, 25 November 2024, pdf)