Coordinated Supervision Committee (CSC)

The Coordinated Supervision Committee (CSC) is a group comprised of national data protection supervisory authorities and the European Data Protection Supervisor (EDPS). The CSC was established within the framework of the European Data Protection Board (“the Board”) to ensure coordinated supervision of certain large scale IT systems and EU bodies, offices and agencies.

The processing of personal data in EU large scale IT systems and agencies in which Ireland participates, currently fall under the scope of the CSC coordinating activities as follows:

Internal Market Information (IMI) System

The IMI is a secure, multilingual online tool, developed by the European Commission in close collaboration with the Member States, which facilitates the exchange of information between public authorities involved in the practical implementation of EU law and helps authorities to fulfil their cross-border administrative cooperation obligations in multiple Single Market policy areas.

National IMI

The CSC ensures coordination in the supervision of the processing of personal data in the Internal Market Information System (IMI) in accordance with Article 21 of Regulation (EU) No 1024/2012 (as modified by Article 38 of Regulation (EU) No 2018/1724).

The national data protection authorities ('DPAs') of the 27 EU Member States, including Ireland, participate in the activities of the CSC in relation to IMI.

European Union Agency for Criminal Justice Cooperation (Eurojust)

Eurojust is a hub based in The Hague, The Netherlands, comprised of a central body of lawyers, magistrates, judges and other legal experts seconded from Member States to facilitate the investigation and prosecution of crimes which have a cross-border dimension, aiding co-operation between judicial and prosecuting authorities.

Eurojust website

The CSC ensures coordination in the supervision of the processing of operational personal data in the context of cooperation between the national members within Eurojust in accordance with Article 42 (2) of Regulation (EU) No 1727/2018.

The national data protection authorities ('DPAs') of the 27 EU Member States, including Ireland, participate in the activities of the CSC in relation to Eurojust.

European Union Agency for Law Enforcement Cooperation (Europol)

Europol is an agency of the European Union with a mandate to support and strengthen the action of Member States’ law enforcement authorities and their cooperation in preventing and combating serious international and organised crime, cybercrime and terrorism. Europol also works with many non-EU partner States and international organisations, particularly regarding the fight against terrorism, cybercrime and people smuggling. More information on Europol’s activities is available on the Europol website.

Data Protection Supervision

The rules for data protection applicable to Europol as well as the supervisory tasks of the European Data Protection Supervisor (EDPS), are set out in Regulation (EU) 2016/794 (Europol Regulation) as amended by Regulation 2022/991.

The Coordinated-Supervision-Committee (CSC) ensures that national data protection authorities (DPAs) and the EDPS cooperate closely in their supervision of the processing of personal data transmitted to and from Europol, in accordance with Article 44.2 of Regulation (EU) 2022/991. The national DPAs of the 26 EU Member States that are part of Europol participate in the activities of the CSC in relation to this EU agency.

Comprehensive information on access rights to data processed in SIS is available from Guide for exercising the right of access.

National Supervision

As set out in Article 14 of the Europol Act 2012, the Data Protection Commission is the national supervisory authority.

Rights of data subjects in relation to Europol

The Europol Regulation provides any individual with the right to obtain information (Art. 36) on whether or not personal data relating to him or her are processed by Europol, to ask for rectification, erasure and restriction (Art. 37) of such data and, more in general, that his or her data are processed in accordance with data protection principles (Art. 28), notably in a fairly and lawful way.

An individual wishing to exercise his/her right of access to data relating to him/her which are stored within Europol, or to have such data checked, may make a request free of charge to the Europol National Unit (see address below), who shall then transmit the request to Europol and notify the individual concerned that Europol shall reply directly. Europol must deal with the request within three months of its receipt.

Europol National Unit

Liaison & Protection

Garda Headquarters

Phoenix Park

Dublin 8

Further Assistance

You may request that the Data Protection Commission check whether any data about you processed by Europol are being processed lawfully.

If you experience difficulty exercising your data protection rights in relation to Europol, you can Raise a Concern with the Data Protection Commission.

Schengen Information System (SIS)

Ireland connected to the Schengen Information System (SIS II) on 15 March 2021. SIS provides An Garda Síochána with access to real time data on specific alerts issued by law enforcement authorities across Europe such as alerts for persons wanted for criminal purposes, missing persons or stolen objects. Ireland’s participation in SIS is governed by Regulation (EU) 2018/1862. Ireland does not participate in the common border control and visa provisions of the Schengen Agreement as Ireland is not a member of the Schengen area.

More Information - SIS Leaflet

Data Protection Supervision

The Coordinated Supervision Committee (CSC) ensures coordination in the supervision of the processing of personal data in the Schengen Information System (SIS) in accordance with Article 71 of Regulation (EU) No 2018/1862, and Article 57 of Regulation (EU) No. 2018/1861.

The national Data Protection Authorities ('DPAs') of the Schengen Member States, together with the European Data Protection Supervisor (EDPS) participate in the activities of the CSC in relation to SIS. The Schengen Member States consist of 26 EU Member States, plus Iceland, Norway, Liechtenstein and Switzerland. The DPA of Cyprus participates as an observer.

National Supervision

For the purposes of Article 69 of the Regulation (EU) 2018/1862 (‘Supervision of N.SIS’) and Article 114 of the Schengen Convention, the Data Protection Commission is designated as the national supervisory authority (per section 23 of the Criminal Justice Miscellaneous Provisions Act 2009, as amended).

Rights of data subjects in relation to SIS

Any person may make an access request to any of the contracting parties to the Schengen acquis seeking to ascertain whether their personal information is recorded on the Schengen Information System (SIS).

Every individual has a right to access personal data held by An Garda Síochána about them, and a right to request rectification or erasure of their personal data.

Any individual seeking to access personal information about them entered onto SIS II by An Garda Síochána can complete the Data Access Request form (F20).

Complaints

If you experience difficulty exercising your data protection rights in relation to SIS, you can Raise a Concern with the Data Protection Commission.

The Data Protection Commission regulates any restrictions of data subject rights as set out in sections 89-95 of the Data Protection Act 2018.

You may request that the Data Protection Commission check whether any data processed about you in SIS are being processed lawfully.

The DPC will investigate any complaints it receives in relation to SIS. Under the Data Protection Act 2018 Act, you have certain rights in relation to how your complaint is handled by the DPC, including the right to appeal a decision of the DPC to either the Circuit Court or the High Court.