IMY (Sweden) - DI-2019-13667: Difference between revisions
AntonAlmer (talk | contribs) (Created page with "{{DPAdecisionBOX |Jurisdiction=Sweden |DPA-BG-Color= |DPAlogo=LogoSE.png |DPA_Abbrevation=IMY (Sweden) |DPA_With_Country=IMY (Sweden) |Case_Number_Name=DI-2019-13667 |ECLI=...") |
(No difference)
|
Revision as of 09:22, 18 November 2021
| IMY (Sweden) - DI-2019-13667 | |
|---|---|
 | |
| Authority: | IMY (Sweden) |
| Jurisdiction: | Sweden |
| Relevant Law: | Article 5(1)(e) GDPR Article 32 GDPR Article 58(2)(a) GDPR REGULATION (EC) No 767/2008 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) |
| Type: | Other |
| Outcome: | n/a |
| Started: | |
| Decided: | 17.11.2021 |
| Published: | 18.11.2021 |
| Fine: | None |
| Parties: | The Swedish Migration Agency |
| National Case Number/Name: | DI-2019-13667 |
| European Case Law Identifier: | n/a |
| Appeal: | n/a |
| Original Language(s): | Swedish |
| Original Source: | IMY (in SV) |
| Initial Contributor: | Anton Almer |
The Swedish DPA issued two warnings to the Swedish Migration Agency because it was not clear if the IT-documentation of The Visa Information System (VIS) was adopted by the agency and because the agency lacks clear routines for deleting user logs.
English Summary
Facts
The Swedish DPA conducted an inspection of how the Swedish Migration Agency processed personal information in the Swedish part of the EU database The Visa Information System (VIS). No violation was found, however, the DPA issued warnings concerning the status of the IT-documentation and the lack of routines for deleting user logs.
Holding
The DPA issued two warnings in accordance with Article 58(2)(a) GDPR. The first warning regards how the Swedish Migration Agency is at risk of not being able to fulfill its obligations pertaining to article 32 of the GDPR because it is not clear if the IT-documentation of The Visa Information System (VIS) is adopted by the agency or not. The second warning regards how the agency is at risk of not being able to fulfill its obligations pertaining to articel 5.1 e of the GDPR because they do not have clear routines for deleting user logs in VIS.
Comment
The Visa Information System (VIS) is an EU database containing information, including biometrics, on visa applications by Third Country Nationals requiring a visa to enter the Schengen area. The purpose and usage of the system is regulated in the VIS-regulation. The Swedish Migration Agency is the Swedish competent authority for VIS which means that they are able to enter, amend, delete or consult data in the VIS. This also means that the Swedish Migration Agency is the controller of personal information in the "Swedish part" of the database.
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Swedish original. Please refer to the Swedish original for more details.
