Read the untranslated law here: https://lovdata.no/dokument/NL/lov/1999-07-16-66
The law on the Schengen information system (SIS) [SIS-law].
Date LAW-1999-07-16-66 Ministry of Justice and emergency Ministry last edited law-2016-04-22-3 Published Avd in 1999 No. 16 entry into force 01.01.2001 Change Announced short title SIS-law-the SISl.
§ 1. Purpose and definition the purpose of this law is to regulate the treatment in Norway of the information within the Schengen information system (SIS), including to ensure the consideration of privacy.
The SIS is an information system related to the Schengensamarbeidet. The system consists of a national system in each of the States participating in the Schengensamarbeidet and a central system that the national systems communicate information system allows for the registration of personal data and information about the objects within the purposes for which follows from this law § § 7 to 9. The public authorities that are specified in sections 12 and 13, have access to registered information for these purposes.
§ 2. Responsibility for the registry. SIREN the national unit for combating organized and other serious crime (criminal police) shall cause a register that is the Norwegian part of the SIS. The registry should communicate with the central system and contain the messages that are posted by the Norwegian authorities. The criminal police are registry responsible, and should. make sure that the information put in by the Norwegian authorities in the SIS, is correct, updated and registered on the legal way.
§ 3. Information security The registry administrators and the Manager going through planned and systematic measures provide for satisfactory information security with regard to the confidentiality, integrity and availability by the processing of personal data in the SIS.
In order to achieve satisfactory information security to information system and the security measures be documented. Documentation to be available to the staff of the registry and the data manager. The documentation should also be available to the Data Inspectorate and Privacy Committee. The staff of The authority, members of the Privacy Committee, or others who perform service for the supervisory authority, to prevent unauthorized persons from gaining access to information about the security measures.
If the registry responsible gives others access to personal information, such as the a data processor or others who perform missions in relation to the information system, the registry responsible ensure that these meet the requirements of the first and second paragraph.
§ 4. Internal control The registry administrator shall establish and keep intact all planned and systematic measures that are necessary to meet the requirements of or in pursuance of this Act.
The registry administrator shall document the measures. The documentation to be made available for the staff of the registry administrator and its data processor. The documentation should also be available to the Data Inspectorate and Privacy Committee.
§ 5. General terms and conditions for registration It can only be registered information as mentioned in § 6 when it is necessary to achieve one of the purposes as mentioned in § § 7 to 9 and the specific the meaning implies that the information should be registered.
The registration of the information must be decided by the competent authority before the message is checked and added in by the registry administrator.
Upon registration of the message with the request for arrest, jf. § 7 No. 1, it shall be checked whether the national legislation with the Convention the parties that the request should be directed to, provides legal authority for the arrest.
section 6. Information that can be recorded about people it can only be registered a) last name and first name, name at birth and previously used names and any special registered alias name b) specific objective physical characteristics of unchanging art c) place of birth and date of birth d) gender e) photographs f) fingerprints g) h specification of citizenship) about the person is armed, violent or has escaped in) rationale for the message j) authority which has registered the message k) a reference to the decision which is the basis for the message l) which measures that should be put in the works m) links to other messages recorded in the SIS in accordance with § 9a n) type of criminal offence It may also be registered information on the following items: a) vehicles with a displacement of over 50 cc, boats and aircraft, b) trailers with an unladen weight of over 750 kg, caravans, industrial equipment, outboard engines and containers, c) firearms, d) stolen or otherwise lost blankodokumenter , e) stolen or otherwise lost or ugyldiggjorte issued the credential documents. Passport, identity card, driving license, residence permits and travel documents, f) stolen or otherwise lost or ugyldiggjorte registration certificate and number plates for vehicles, g) banknotes (with registered number), h) stolen or otherwise lost or ugyldiggjorte securities and means of payment. checks, credit cards, bonds and stocks.
section 7. Criteria to record information about people that is access to register 1.
information about the people who with a view to the arrest be reviewed and disclosure 2.
information about people that should not be given permission to enter because it is in connection with deportation after immigration law § 66 first paragraph, LITRA a, b, c or e or other joints, § § 67, 68 or 126 second paragraph is hit the decision on entry ban, and the decision is still the current 3.
information about the people who are missed or that for the sake of their own safety or for the prevention of hazards needs to be brought temporarily into custody 4.
information about witnesses, people who are subpoenaed for a Court of law for their own actions in a criminal case or about the people who will get preached Criminal Court, or summoned to the atonement of freedom penalty, to get knowledge of the whereabouts or place of residence.
section 8. Criteria to record information about people and vehicles for the purpose of observation or targeted control it's access to record information on persons, vehicles, boats, aircraft and containers for the purpose of observation or targeted control 1.
to fight crime and prevent threats to the public safety a) when there is concrete evidence to assume that the competent person is planning to commit or commits a serious offence, or b) when it out from an overall assessment of the competent person, in particular on the basis of earlier begåtte offences, he or she must also be assumed that in the future will commit serious offences.
2. when there is concrete evidence to assume that information about the Habitat, travel route, destination, passengers, players associated with the objects or circumstances retrieval of the person or the vehicle is necessary to prevent a serious threat from the concerned person's page or other serious threats to the State's internal or external security.
§ 9. Criteria to record information about objects That are permitted to record information about your items be reviewed for seizures or as evidence in a criminal case.
section 9a. Link between the messages Link between messages can only be created when there is a clear operational need.
Link of messages does not affect the measures to be taken on the basis of each of the connected messages, or delete the deadline for the information in the message.
A link does not expand the access rights according to § 12 or the access to get dispensed information according to § 13.
§ 10. Limited access to use the information for other purposes the information that is registered in the SIS, can not be used for any purpose other than that which is laid down for the individual registration according to § § 7 to 9.
Without the hurdle of the first paragraph, one can use the information to a different purpose as mentioned in § § 7 to 9 when necessary to prevent a) an imminent danger to the public order and security, b) a serious threat to national security, or c) a serious offence, and it is obtained permission from the State who have added the details.
section 11. The exchange of information that is not communicated via the SIS The registry responsible can exchange information that is not communicated via the SIS (supplementary information). So the Exchange can happen only to serve that purpose the information is provided for, and it is necessary to carry out the measures provide the basis for a message. The treatment of supplementary information by the way governed by the Police Act and the registry the personal data Act, with the exception of the specific delete rules in section 20 seventh paragraph.
§ 12. Access to the SIS/authority the following authorities have access (just to the Instant Search) to the SIS: a) police authority when the athlete border control and other control b) prosecution authority c) immigration authority with responsibility for the processing of visa applications, the processing of permits for stay, and otherwise by the enforcement of the Immigration Act with regard to the information that is entered into pursuant to § 7 No. 2 and section 6, second paragraph letter d and e in order to implement the provisions of the Convention on the person movement in the implementation of Schengenavtalen.
d) authority with responsibility for the registration of the motor vehicle has to check whether, for motor vehicles that are registered are stolen, lost or otherwise is wanted as evidence in criminal cases, access to the following information: stolen or otherwise lost motor vehicles with a displacement of over 50 cubic centimeters, trailers and caravans with an unladen weight of over 750 kg, and stolen or otherwise lost or invalid registration document for motor vehicle and license plate of motor vehicles.
Access to the registry should only be given to people who have been given special authority. Users can search only for the information necessary to safeguard their tasks.
section 13. Disclosure of information from the SIS information about people and objects can be released from the register after the petition to: a) police and customs authority as well as the coast guard when the athlete limit control b) police and customs authority when it makes other control than border control, as well as the coast guard when the athlete tasks that are otherwise attributed to police and customs authority c) prosecution d) immigration authority in the cases referred to in § 12 first paragraph, LITRA c e) the authority in cases referred to in § 12 first paragraph, LITRA d f) Department and the The national police in connection with the exercise of the authority of the parent that can only be provided information that is required to attend to the recipient's tasks.
section 14. Confidentiality under the exercise of any service or work access or knowledge of information from the SIS, have a duty to prevent an unauthorized person gains knowledge of these.
Administrative law § § 13-13 d does not apply.
section 15. View the registered have the right to get enlightened what information about themselves that is registered in the SIS.
The registered can not get visibility into information if it could harm the implementation of the measure it is requested, or if the protection of other people requires. Visibility should always be denied in that time it's asked about observation.
The petition for review be filed for the registry administrator or the authority that has decided the registration, but will be determined by the registry administrator. If the message requested access to, is posted by another party of the Convention, the duties of the registry responsible to give this Convention the party the opportunity to respond before access is granted.
section 16. Correction and deletion of incorrect information the registered may require fixed incorrect or incomplete information about themselves or get deleted information encumbered by legal error. The same applies to information that is not allowed to register.
If it's registered information that is incorrect, incomplete or that it is not allowed to register, to the registry administrator of the petition of the registered or on its own initiative to make sure that the information be corrected, supplemented, or deleted.
The registry administrator shall as far as possible ensure that the error does not get the significance for the registered, eg. by notifying the recipients of the delivered information.
If your registered information as mentioned in the second paragraph is added by another party of the Convention, to the registry responsible without delay inform this Convention party with the request to correct, supplement or delete the information. If the request is not being executed, the registered to bring the Ministry that the complaint case.
Petition for correction or deletion be brought for the registry administrator or the authority that has decided the registration, but will be determined by the registry administrator.
§ 17. Requirements for the treatment of petitions for review, correction or deletion Petitions about visibility or whether the correction and deletion shall be answered in writing without undue delay and at the latest within 30 days from the day the call came in.
If special circumstances make it impossible to respond to the inquiry within 30 days, the implementation can be postponed until it is possible to provide answers. It shall in that case be given a preliminary reply stating the likely time when answers can be given.
The registered may be ordered to submit a written and signed the petition.
§ 18. Substitute a person is entitled to compensation for the damage suffered as a result of that information is recorded or used in violation of the rules for the management of information in the SIS. This applies without regard to whether it is expelled the sake of the registry responsible or its data processor or of any other that has hit the decision or posted notice of registration.
The replacement should respond to the economic losses that the registered is inflicted by the illegal registration or use of the information. The compensation may also include compensation for infringement or other harm of non-economic nature (redress) insofar as this is reasonable.
Claim for compensation lodged for the registry administrator or the authority who have decided, but registration is handled by the registry administrator. Claim for compensation must be filed no later than one year after the claimant has been familiar with the registration. When the claim be filed after a person has been indicted in a criminal case, does the processing rules in the code of criminal procedure chapter 31. Code of criminal procedure § 444, section 445 and 446 section does not apply to claims for compensation after the provision here.
§ 19. Complaint access it registered can appeal against the decision on disclosure, correction or deletion and replacement of the national police.
By the complaint proceedings in matters concerning access, correction or deletion, the national police shall submit the matter for Your authority to the opinion before the complaint is decided.
Administrative Law Chapter VI also applies as far as appropriate.
The registrertes rights according to § 21 second paragraph is not affected by the provisions of this section.
section 20. Deleting information about people or objects that are added by the registry responsible, should not be kept longer than is necessary for the purpose of registration.
Information that is registered pursuant to section 7, to the registry administrator no later than three years after the registration it is necessary to keep.
Information that is registered pursuant to section 8, to the registry administrator no later than one year after the registration it is necessary to keep.
If the retention is extended, the corresponding deadlines as mentioned in the second and third paragraph for the expanded registration.
Information about the objects that are registered pursuant to section 9, shall not be kept longer than ten years.
Information about the objects that are registered in pursuance of section 8, shall not be kept longer than five years.
Supplementary information as mentioned in section 11, should not be kept longer than is necessary for the purpose of registration. Such information should still be deleted at the latest one year after the message about the competent person or object is deleted in the SIS. Delete the obligation in the second sentence does not apply if the information is provided by the Norwegian authorities, or in a message from foreign Governments that have triggered action from the Norwegian authorities.
The registry administrator shall establish procedures to ensure that the need to delete information that is regularly reviewed. The rationale for the extension should be documented.
§ 21. The Authority's tasks the Data Inspectorate to verify that the law and the regulations issued pursuant to the Act are followed, and that errors or omissions will be corrected.
The data Inspectorate shall after the petition from the registered check if the information about the person in the SIS are correct, whether the rules on transparency are followed, and whether the information is recorded and used in accordance with this law. If the information is posted by another party of the Convention, should the control be made in consultation with this Convention party's control organ. The processing rules in section 17 applies accordingly.
§ 22. The Authority's access to information and Privacy Data Protection Committee the Committee may require the information needed to carry out their tasks.
The data Inspectorate, as part of its control of that the rules require access to the compromised sites where personal information is processed and in which there are AIDS for treatment. The audit can carry out the samples or controls that it believes are necessary and require the assistance of the staff at the site to the extent that this is needed to conduct tests or controls.
The right to require information or access to facilities and AIDS in accordance with the first and the second paragraph is not restricted by provisions on confidentiality.
§ 23. Order modification or cessation of illegal treatments the Data Inspectorate can give the registry responsible order that processing of information in violation of this Act is going to expire or set conditions that must be met for that treatment should be in accordance with the law. The data inspectorate may still not provide visibility into the information that is registered under section 7 Nr. 1 or section 8 when the registry responsible ble declines having regard to section 15 the second paragraph.
The Authority's decision after the first paragraph may be appealed to the Privacy Committee.
section 24. Special rules about messages posted by another party of the Convention If The Authority's order or decision taken by the national police comes to a message that is posted by another party of the Convention, to the registry administrators send the decision to the this Convention party with the request for enforcement.
The registry responsible to consummate the final decisions taken by other Convention parties ' authorities that apply to messages posted by the Norwegian authorities.
§ 25. Regulations the King can give the regulations on: a) the decision-making competence and procedural rules, jf. section 5 b) empowerment of personnel will have access to the registry, jf. § 12 c) processing rules, see. § § 14-20 and 24 d) information security, including including about organizational and technical security measures, cf.. section 3 e) implementation of the internal control, jf. § 4.
§ 26. Geographical scope this law does not apply to Svalbard.
§ 27. Entry into force the law will take effect from the time that the King decides.
Search Translated Laws of Norway