The European Commission has recently proposed to create an agency for the long term operational management of the Schengen Information System (SIS II), Visa Information System (VIS), EURODAC and other large-scale IT systems in the area of freedom, security and justice.

The Schengen Information System (SIS) is a computer database for the collection and exchange of information relating to immigration, policing and criminal law for the purposes of law enforcement and immigration control which has been in operation since 1995. The second-generation Schengen Information System (SIS II) will store a huge amount of sensitive personal data such as photographs and fingerprints and will include new types of alerts. SIS II was supposed to be in place in December 2007 but due to technical, legal and financial difficulties which lead to continual delays, this deadline was abandoned. The EU Justice and Home Affairs ministers have recently decided to keep two options open: launch of the new SIS II database and a ‘plan B.’ The Commission has until 2011 to complete the SIS II project, and, if this fails, it should continue with the SIS II development on the basis of the SIS 1+ RE technical solution. This would entail keeping the current SIS but adding what works in SIS II. The impasse on the development of SIS II is raising doubts over the EU capacity to finalize cross border technical projects.

The Visa Information System (VIS) was established by Regulation 767/2008 which enables consulates and other Member States competent authorities to enter and consult electronically visa information, including biometric data.

EURODAC is an IT system which stores asylum seekers' fingerprints and was created to facilitate the application of the Dublin II Regulation.

The Commission is, presently, responsible for the operational management of EURODAC as well as for completing the development of SIS II and VIS. It will be also responsible for the operational management of both systems for a transitional period of five years.

It is important to recall that the Commission was invited by the Council and the European Parliament to present proposals for setting up an agency responsible for these databases.

The Commission adopted a legislative package intended to establish a Regulatory Agency responsible for the long-term operational management of IT systems in the area of freedom, security and justice. This package combines a proposal for a Regulation which will govern the SIS II and VIS first pillar aspects as well as EURODAC and a proposal for a Council Decision regarding third pillar aspects of SIS II and VIS. The Commission proposes, in this way, bringing together the three existing EU IT systems for the exchange of security information within a single agency.

The agency will be established as a Community body and it would have legal personality. The agency main task would be to keep “the systems functioning 24 hours a day, seven days a week”, ensuring, according to the Commission, “a continuous, uninterrupted flow of data exchange.” It will manage passport, visa and fingerprint information.

The agency would also be responsible for adopting “the necessary security measures, including a security plan” as well as “reporting, publishing, monitoring, information.” Moreover, the agency will organize training of experts on VIS and SIS II and will implement pilot schemes upon request of the Commission.

According to the EU Regulations, the authorities responsible for border control and national judicial authorities may access to and process data in SIS II in the performance of their tasks, Member State authorities responsible for internal security may access VIS data within the limits of their powers, moreover, only national authorities dealing with asylum have access to Eurodac. However, the Commission is set to put forward a proposal allowing Member State’s law enforcement authorities and Europol access to the Eurodac database as regards investigation of terrorist offences and other serious criminal offences. It is still far from clear which authorities may have access to these data and for what purpose.

All these databases are an invasion of privacy rights. Gathering so much information raises concerns over who will have access to these data and entails risks of such data being misused.

The Commission has already foreseen that the agency could “potentially be made responsible for the preparation, development and operational management of other IT systems in the area of freedom, security and justice, based on the EC Treaty or Title VI of the EU Treaty.” According to Jacques Barrot “The gradual building up of expertise will allow the Agency to become a centre of excellence for the development and operational management of future large-scale IT systems in the area of freedom, security and justice.

The agency will comprise a Management Board, an Executive Director and Advisory Groups. The Management Board would be composed by one representative of each Member State which participates in the adoption of the legal instrument governing the IT system managed by the agency and two representatives of the Commission. The countries associated with the implementation, application and development of the Schengen acquis and the EURODAC related measures may also participate in the agency but without voting rights.

The Commission also proposed a Council Decision aiming at conferring upon the agency tasks related to the operational management of the SIS II and VIS in application of Title VI of the EU Treaty, “provisions on police and judicial cooperation in criminal matters.”

Since Europol and Eurojust have the right to access and search directly data entered into SIS II, Europol may also have access to VIS, this proposal would confer them observer status at the meetings of the Management Board.

The UK has not signed the Schengen Convention but it has requested to participate in certain aspects of the Schengen Acquis. The UK participates in the SIS, as regards criminal law and policing information, but not the SIS immigration data. Moreover, the UK participates in EURODAC. Taking into account that the provisions of the proposal for a Regulation relate to SIS II and VIS the UK does not participate in its adoption consequently it is not bound by it. However, it seems that the UK may participate in the agency in what concerns EURODAC, if it decides to opt into the Regulation. The UK is also not allowed to take part in the adoption of the Council Decision and is not bound by it to the extent that it applies to VIS. But the UK may take part in this Decision insofar as its provisions relate to SIS II (for the purpose of police and judicial cooperation in criminal matters).

It is important to mention that the Council has denied to the UK the right to take part in the adoption of the VIS Police Access Decision on the grounds that the measure constitutes a development of provisions of the Schengen acquis in which the UK does not take part. Consequently, last November, the Government brought an action before the ECJ challenging such exclusion. The UK possible participation in the agency is far from clear. It remains to be seen the Government position on this as well as the ECJ’s ruling.

The Commission is expecting that the Council and the European Parliament adopt the proposal in 2010, so that the agency can be legally established in 2011 and become operational in 2012. The agency will be funded by the EU budget. The Commission has estimated the costs related to the preparatory and start-up phase of the long-term operational management of SIS II, VIS and EURODAC to be around €113 million between 2010 and 2013. Moreover, the annual costs for the connection of the three systems to the s-TESTA, network to which all EU Member States, EU institutions and agencies will be connected, will amount around €16,5 million. However, it is very likely that the taxpayer’s bill will be higher.