Freedom of movement and the Schengen

Security of states and the fundamental rights of persons

 Emily Delcher was an intern at the Centre in the summer 2012 and she prepared an overview of the Schengen aquis.

The overview as a pdf here.


The Schengen Agreement created the Schengen area to abolish all controls at its Members' internal borders. The Schengen framework therefore reinforces free movement of persons within the area, but also raises questions about Human Rights protection. The checks on persons have indeed been transferred to the external borders and many “compensatory measures” have been introduced to ensure inter-state cooperation and security, such as the Schengen Information System which is the largest European database. This document provides an overview of the Schengen acquis with some comments on its envisaged reform, and discusses the Human rights issues it entails.

The Schengen area initially included Germany, France, Luxembourg, Belgium and the Netherlands. The first agreement was signed on 14 June 1985 and was followed by an implementation convention in 1990. They took effect in 1995 and were incorporated into EU law in May 1999 under the Amsterdam Treaty. Most EU Member States are therefore bound by Schengen's acquis with the exception of the UK and Ireland's opting out clauses: Ireland only participates to the Schengen Information System (SIS), while the UK also takes part in the judicial and criminal cooperation. As for Cyprus, Romania and Bulgaria, the implementation is suspended until the European Council decides that the conditions for abolishing internal borders are fully satisfied. Iceland and Norway have been associated with the development of Schengen Agreements since 1996, allowing these countries to fully participate in the Schengen acquis but without decision-making power. An agreement between Norway, Iceland and the EU has been signed on 18 May 1999 to extend this association.[1] Switzerland also joined the Schengen area in 2008, as well as Lichtenstein in 2011.

The initial Agreement of 1985 is short, only 33 articles, and mainly addresses the issue of the opening of internal borders, while the long convention of 1990 sets a wide range of rules aiming at strengthening external borders. Several other instruments have been adopted since 1985 through EU regulations. The main changes in the agreement (at least since Iceland became a part of it) is adoption of the Schengen Border Code and the Visa Code. From the adoption of the Schengen agreement in 1985 there have been adopted nearly 200 Schengen rules and regulations. These set of the rules form the Schengen aquis. These provisions are presented below following two parts: the first one deals with the abolition of internal borders controls and free movement of persons, the second one with the strengthening of external borders and security issues.

I. Abolition of internal borders controls

A. Free movement

Free movement is a fundamental right guaranteed by European Treaties. Article 2 of the Schengen Agreement states that “internal borders may be crossed at any point without any checks on persons carried out”. In other words, any person, regardless of nationality, is entitled to cross common borders of Schengen Member States. Border posts closed and national authorities removed “all obstacles to fluid traffic flow at road crossing-points at internal borders, in particular any speed limits not exclusively based on road-safety considerations.”[2] Citizens from outside the EU or the EEA who receive a visa from a Schengen country are then allowed to travel in any country of the Schengen area, with no further formality or control. Citizens from EU Member States that are not yet part of Schengen area are not required to apply for a visa, as well as Macedonia, Serbia, but also several non-European countries such as Canada and the USA.

B.   Exceptions

The Schengen Border Code adopted in 2006 allows Member States to reintroduce border controls on an exceptional basis in case of serious threat to public policy or internal security. The reintroduction must not last more than thirty days and consultation must take place with European institutions and other Member States to assess the proportionality of the measure.[3] Member States often use this prerogative, especially when they host international sport events (Football World Cup in Germany in 2006, Euro 2008 in Austria) or international summits (G20). Member States can exceptionally reintroduce border controls immediately if required by security or public order considerations (in case of terrorist attack, for example).[4]

The Arab spring which started in December 2010 gave new impetus to the Schengen reform project. Thousands of Mediterranean migrants willing to reach Europe landed on the island of Lampedusa in Italy. Most of them were Tunisians and wanted to go to France, and Rome was not willing to let them stay in Italy. Italian authorities granted them six months residence permits allowing them to move across the entire Schengen area. The 17th of April 2011, French authorities blocked every train from the Italian town Vintimille to France, causing tensions between Rome and Paris. Berlusconi and Sarkozy eventually reached an agreement and sent a letter to the European Commission the 26th of April calling for a reform of the conditions to reintroduce border controls.

The European Commission presented its proposition the 16th of September 2011. The decision to reintroduce border controls should be taken at the European level following a proposal from the Commission. In other words, Member States should not be able to take such decision unilaterally. A unilateral reintroduction should only be admissible in case of emergency, for no more than five days and the EU should authorize any extension. Reintroducing internal borders should remain a last resort solution when no other measure have proved being efficient to mitigate the threats identified, and therefore a threat to national security or public order should remain the sole grounds for such measure.[5]

Several Member States are strongly opposed to this proposal and call for a different reform. Germany, France and Spain in particular refuse to be required to apply for an authorization to the Commission. The EU will probably not be able to modify the Schengen Border Code without the consent of Member States. Indeed, public order and security belongs to national competences, and national parliament may oppose the principle of subsidiarity, namely that the EU may only intervene if it is able to act more effectively than the member state. Member States call for a facilitated reintroduction of borders control, especially because of the porous nature of the border between Greece and Turkey.

II.  Strengthening external borders

Member States adopted a wide range of measures to secure external borders through a strengthened cooperation. These measures include regulation of penetration of external borders, visa and asylum policies and adoption of a common information system (Schengen Information System SIS). The EU not only secures its own borders but also moves towards a global approach, providing support to third countries on economic development and border-management (in particular through the agency Frontex).

A.    Securing external borders

To secure its borders, the EU has adopted a common visa policy, as well as an information system fuelled by Member States.

    1.      Visa policy

The EU adopted a common visa policy for short stays (up to three months) within the Schengen area.  However, visas for longer stays remain under national procedures. Schengen visas holders are entitled to travel within the whole Schengen area without further formalities. An EU regulation establishes the list of countries whose nationals are required to hold a visa, as well as exempted countries.[6] For example, nationals from North-America, Brazil, Argentina, Australia and New-Zealand are exempted, while most African and Asian nationals are required to apply for a visa.[7]

The Member States which is the main or sole destination of the visitor processes the visa application. If the main country is indeterminate, the country of entrance is in charge of this process. A visa application must generally be submitted to the consulate of the Member State of destination three months before the intended visit. The applicant's fingerprints are collected, he/she must pay a visa fee, justify the purpose of the visit, provide a proof of sufficient means of subsistence and of travel insurance. The authorities must take a decision within 15 days after the submission of the application.[8]

The Visa Information System (VIS) established by a 2004 decision[9] allows Member States to exchange visa data. Created to facilitate visa application procedure and to prevent “visa shopping”, this system contains both biographic and biometric information of applicants such as fingerprints and photograph. The VIS is progressively implemented, starting first with North Africa, then with the Near East and the Gulf.[10] The VIS is a mean to fight against illegal immigration, enabling Member States to detect a person remaining within the Schengen area after the expiry of his/her visa. The EU is thus building a huge digital infrastructure aiming at detecting and expelling illegal immigrants, along with other information systems such as the Schengen Information Systems and EURODAC.

     2.      EURODAC

In the Dublin regulation which regards cooperation in relation to asylum applications in Europe a requirement is to establish the EURODAC. EURODAC is a system including a central database and a system for electronic data transmission between Member States aimed to identify asylum seekers and irregular migrants.[11] The database permits to compare fingerprints in order to determine if an asylum seeker has unlawfully entered the EU or already applied for asylum in another EU country. It enables to determine in which Member State the applicant has entered first and therefore to know which state is responsible for considering the application. Asylum applicants' data can be kept up to ten years, unless the person is granted EU citizenship. Irregular immigrants' data have to be erased after two years.[12] In its 2011 report on EURODAC, the European Data Protection Supervisor found in particular that data were often stored beyond the legal retention period and that the lack of data destruction procedure can breach the confidentiality of these data during their destruction process. There is also a risk that unauthorized persons are accidentally given access to the database (in particular because access to activated USB ports permits data extraction)[13].

Information about immigrants can also be recorded in the SIS.

     3.      Schengen Information System (SIS)

The SIS is the central element of the security policy set up by the Schengen acquis. It establishes a network of national databases which include files related to persons (suspected criminals, unwanted aliens, missing persons, persons wanted for extradition) or objects (stolen vehicles, identity papers, banknotes...). The SIS is constituted of a central system located in Strasbourg and of national databases in each state in order to maintain public security and order. In addition, the SIRENE (Supplementary Information Request on National Entry) system allows Member States to exchange additional data. Border guards, police, customs and judicial authorities have access to the SIS which is fuelled through national databases.

A person can be identified in the SIS with its name, aliases, specific physical characteristics, place and date of birth, sex, nationality as well as whether the person was violent or armed, the reason of the alert...[14]  In 2011, the SIS included more than 35 million records, most of them on issued documents and vehicles and about 1 million concerning persons.[15]

Work on the second generation SIS is currently in progress. Negotiations started shortly after SIS I entered into force, and were given a new wind before 2004 enlargement. 9/11 terrorist attacks strongly influenced these negotiations and several contested proposals were adopted due to these events.[16] For example, the Justice and Home Affairs Council agreed upon the use of biometric data in June 2003[17]. EUROPOL and EUROJUST as well as national visas and immigration authorities and judicial authorities were moreover granted access to the database.[18] SIS II would thus include biometric data such as fingerprints and photographs and access would be allowed to a larger number of organisations leading to a more “investigative” tool (fight against terrorism and organised crime). The adoption of SIS II has continuously been delayed and therefore is not in force yet.

Currently most of reported persons are identified as “unwanted aliens”. The SIS illustrates the close association between immigration and criminality made by EU law. The consequences for a reported person can be grave (refusal of entry or a visa, detention or deportation) and if a Member States pronounces an entry ban, it will not only apply in this Member State but within the whole Schengen area in application of the principle of mutual recognition. The confusion between immigration and criminality will be compounded by the inter-linkage of alerts. SIS II would allow associations between persons recorded for different purposes in the system (criminals associated family members recorded as aliens, migrants with traffickers...). Migrants will therefore be under severe surveillance, in violation of their privacy and the principle of non-discrimination.[19]

Data protection is therefore a particularly serious issue in the Schengen information databases and remains an unsolved problem. Therefor it is not wise to allow for more advanced registration of information until adequate protection of fundamental rights can be offered.[20]

Article 8 of the EU Charter of Fundamental Rights states that; “everyone has the right to the protection of personal data concerning him or her”. Moreover; “Such data must be processed fairly for specified purposes”. The European Commission acknowledged that the SIS has a wide purpose[21]. Indeed, ensuring a high level of security within the Schengen area is not specific enough. Moreover, the EU does not have a real control over the authorities who have access to the database because this decision belongs to Member States. A large number of authorities can in practice take the decision to make an entry and tracing data operation is therefore very difficult. Member States also have a wide margin of appreciation concerning the grounds for registration. The notion of threat against security and public order is not given a precise definition in the Schengen Convention. This leads to huge discrepancies between Member States and a lot of unlawful data are entered in the database.[22] Some states for example decided to register refused asylum seekers while others did not consider them as a threat to public security.[23] Such discrepancies also hinder data protection and access. National authorities are indeed responsible for setting redress against unlawful registration, as well as correction and compensation rules. Individuals are in addition rarely informed of their registration and discover it when they face a visa or entrance refusal. Registered persons are therefore denied their right of access and prevented from challenging their registration.[24]

The introduction of SIS II could have been the opportunity to solve these problems. Negotiations however rather focused on the adoption of new instruments (biometric data and interoperability) than on fundamental rights issues. The definition of registration grounds has not been clarified and the remedies to challenge an unlawful record remain subjected to national law. SIS II is moreover established to include data from new Member States of 2004 enlargement and will therefore deal with a greater number of data and affect an increased number of persons. This has led to an increased demand for the registration of biometric data. Biometrics is however fallible: according to the European Data Protection Supervisor, around 5% of people cannot be registered because they have unreadable fingerprints or no fingerprint at all.[25] Biometrics reliability can be overestimated when used in investigation processes and mistakes in the matching process of fingerprints are highly possible. The police for example misinterpreted the match of a person's fingerprints found on a bag containing a bomb after the Madrid's terrorist bombings.[26] In Marper v the UK, the ECtHR found that “the retention of fingerprints on the authorities' records in connection with an identified or identifiable individual may in itself give rise, notwithstanding their objective and irrefutable character, to important private-life concerns.”[27] According to the Court, the decision to permanently record fingerprints of a suspected but not convicted person in a nationwide database is disproportionate.

Several concerns rise about the potential inter-operability of EU databases (SIS, Eurodac, VIS). There is a risk that an authority which is not entitled to access a database can obtain this access through another information system. Inter-operability may also breach the limitation principle: the database will become global and will not be limited to a specific purpose anymore. This global approach also entails the externalization of borders management.


B. Externalization of borders management

     1. FRONTEX

FRONTEX has been established in 2005 in Warsaw.[28] It aims at facilitating border controls (which remain under Member States' competence) providing particular training for instructors of national border guards, assistance in circumstances requiring increased technical and operational assistance at external borders, and support in organising joint return operations of illegal immigrants.[29]

FRONTEX's main responsibility is to coordinate Member States' cooperation policy in the field of external borders management. Member States provide the agency human and material means, such as helicopters and experts. FRONTEX coordinated several famous common operations. As an illustration, Austria, Iceland, Italy, Poland and the UK have participated in Operations Poseidon and Nautilus carried out to protect the Greek border in 2006. Following the Arab Spring, Operation Hermes started in February 2011 along Italian and Maltese coasts. FRONTEX is also involved in externalized border management and has concluded agreements with non-EU countries such as Cape Verde and Mauritania. FRONTEX coordinated Operation Hera II involving vessels and aircrafts from Italy, Finland and Portugal, which patrolled the coastal areas of Senegal, Mauritania, Cape Verde and the Canary Islands. Senegal and Mauritania also provided assets and staff. Thanks to this operation which lasted from August to December 2006, “the flow of irregular migration has decreased drastically”.[30] Iceland has participated in FRONTEX's operations, sending its vessel Ægir patrolling and their surveillance and rescue aircraft TF-SIF.[31]

Several questions arise when it comes to the compliance of FRONTEX with human rights. First, the ability to coordinate common chartered airplanes to organise return of illegal immigrants falls under the Fourth Protocol of the ECHR, which states that “collective expulsion of aliens is prohibited” (Article 4). Even if some operations permitted to save lives (an Icelandic vessel rescued 93 migrants near Crete in 2011[32]), FRONTEX operations mainly aim at preventing illegal immigrants to enter the Schengen area, by precluding them to leave their country. Immigrants are thus all considered as illegal, irrespective of their potential status of refugees or asylum seekers. FRONTEX can refoule all crafts before they enter Europe and therefore EU law guarantees do not apply. However, Article 33 of the Convention Relating to the Status of Refugees of 1951 prohibits Contracting States to “expel or return (‘refouler') a refugee in any manner whatsoever to the frontiers of territories where his life or freedom would be threatened on account of his race, religion, nationality, membership of a particular social group or political opinion”. The principle of non-refoulement is also part of customary law and therefore applies to the international community as a whole. In addition, operations taking place in third-country territorial waters constitute a violation of Article 12.2 of the ICCPR, according to which “every one shall be free to leave any country, including its own”. The European Parliament obtained in 2011 the appointment a Fundamental Rights Officer and the establishment of a consultative forum on fundamental rights. An operation breaching Human rights may be suspended. However, these entities are part of FRONTEX and hence are not fully independent.

       2. Cooperation with third countries

In addition to strengthening external borders controls the EU decided to stabilize the neighbourhood and to press on third countries to readmit migrants who unlawfully entered the EU.

               a. Stabilizing the neighbourhood

The EU enlargement to Eastern countries changed significantly EU borders and its new neighbours became transit countries for immigrants willing to enter the EU. New Member States were therefore required to strengthen their external borders controls efforts. This was however likely to question the collaboration between new EU Member States and other Eastern countries given that non-EU countries nationals from Eastern countries were required to apply for a visa to enter the EU. Yet, this cooperation led to liberalised movement of persons in countries such as Russia, Ukraine, Belarus and new EU countries with positive effects on overcoming stereotypes and resentment between nationalities and allowing national minorities to have contact with their origin countries.[33] To avoid creating a political dividing line in Europe the EU proposed to create “a zone of prosperity and friendly neighbourhood” which also applies to Mediterranean countries[34]. These relationships involve economic cooperation (through cooperation or association agreements, integration of transport and energy networks, environment etc.[35]), the fulfilment of common values (Human rights, democracy, rule of law etc.).

Cooperation also entails consequences in the field of border management and immigration. The EU “delegates” part of immigration management to neighbouring counties, through action plans and treaties (readmission agreements, association agreements...).[36] Neighbouring countries can be asked to participate in visa cooperation, management of migration flows, combat trafficking of human beings etc.[37] These countries' nationals are however required to apply for a visa to travel within the EU, except if they are from Croatia or Israel.

The ENP can be criticized for focusing on the security aspect, rather than on economic development. The priority seems to be securing external borders from immigration and terrorism which can blind the EU to Human rights violations. Indeed, the EU has neighbouring agreements with Egypt, Tunisia and Libya. The Arab Spring highlighted Human rights violations in these countries and also that the EU is not really strict concerning the fulfilment of common values such as democracy and the rule of law.

Readmission agreements are often included in the ENP but can also be concluded with other third countries.

                 b. Readmission agreements and mobility partnerships

Readmission agreements are aimed at facilitating the expulsion and readmission of illegal immigrants in their country of origin or in the country they have transited by. They can be bilateral (between a Member State and a third country) or multilateral (involving the EU as a whole). Readmission clauses have been included in many cooperation and association agreements signed with third countries since the 1995 and are systematically imposed since the Seville European Council of 2002. The EU approach involves more and more obligations to non-member states and often requires the readmission of persons who came from another country and who transited by the contracting state.

Mobility partnerships are the new element of the global approach to immigration adopted by the EU. These framework policies involve provisions about both legal and illegal immigration. Two agreements have been adopted through this strategy generated in 2008. Cape Verde and Moldova committed to readmit their nationals and persons who have transited within their territory. They must also participate in a strengthened cooperation with the EU to prevent illegal immigration, which involves sharing information with the EU and Member States' authorities. In return, the EU is supposed to provide more migration opportunities to contracting States' nationals, as well as aid to development.

This readmission policy illustrates the growing focus on immigration of the EU and its unilateralist approach. The EU threatens third countries to cut development aid if they breach their commitment on immigration. Yet, this policy can lead to serious human rights violations. The Schengen agreements have therefore lead to a certain extent, to a “Fortress Europe” granting the freedom of movement to European citizens but creating a quasi impassable wall surrounding its borders.


[1] 1999/439/EC: Council Decision of 17 May 1999 on the conclusion of the Agreement with the Republic of Iceland and the Kingdom of Norway concerning the latters' association with the implementation, application and development of the Schengen acquis.

[2] Regulation (EC) No 562/2006 of the EuropeanParliament and of the Council of 15 March 2006 establishing a community code on the rules governing the movement of persons across borders ( Schengen Borders Code), article 22.

[3] Regulation (EC) No 562/2006 of the EuropeanParliament and of the Council of 15 March 2006 establishing a community code on the rules governing the movement of persons across borders ( Schengen Borders Code), article 23.

[4] Ibidem, article 24.

[6] Council Regulation (EC) No 539/2001 of 15 March 2001 listing the third countries whose nationals must be in possession of visas when crossing the external borders and those whose nationals are exempt from that requirement.

[8] For more information, see and Regulation (EC) No 810/2009 of the European Parliament and of the Council of 13 July 2009 establishing a Community Code on Visas (Visa Code).

[9] 2004/512/EC: 2004/512/EC: Council Decision of 8 June 2004 establishing the Visa Information System (VIS)

[10] Commission Decision of 30 November 2009 determining the first regions for the start of operations of the Visa Information System (VIS) (notified under document C(2009) 8542)

[12] Ibid

[14] Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishmend, operation and use of the second-generation Schengin Information System (SIS II).

[15] Council document, Schengen Information Database Statistics 01.01.2011, 6434/1/11. 

[16] Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishmend, operation and use of the second-generation Schengin Information System (SIS II).p. 8. See also Parkin p. 30.

[17] Conclusions of the JHA Council meeting of 5-6 June 2003, No. 9845/03, p. 16.

[18] Council regulation No 871/2004 concerning the introduction of some new functions for the Schengen

Information System including in the fight against terrorism.

[19] Joanna Parkin. „A very comprehensive study on the SIS and the SIS II project, The Difficult Road to the

Schengen Information System II: The legacy of ‘laboratories' and the cost for fundamental rights and the rule of law“, April 2011, Centre for European Policy Studies, p 28 -29.

[20] Ibid. p. 31-32

[21] Commission Communication on an Overview of information management in the area of freedom,

security and justice, COM(2010)385,

[22] States most often use article 96 of the CISA, which concerns aliens, to register someone in the database. Article 99 of the CISA concerns persons registered for purposes of discreet surveillance or prosecution of criminal offences. See also Joanna Parkin p. 6

[23] Joanna Parkin, p 6.

[24] Ibid, p 7.

[25] European Data Protection Supervisor, Opinion (2005/C 181/6).

[26] European Data Protection Supervisor, Opinion (2006/11 C91/38), and Parkin p 28.

[27] ECtHR, Case of S. Marper v the UK, 30562/04, 30566/04.

[28] Council Regulation (EC) No 2007/2004 of 26 October 2004 establishing a European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union (Frontex).

[33] Florian Trauner, Imke Kruse, “EC Visa Facilitation and Readmission Agreements: Implementing a New EU Security Approach in the Neighbourhood”. CASE (Centrum for Social and Economic Research), 2008, CASE Network Studies and Analyses No. 363, p 12.

[34] Communication from the European Commission and the European Parliament, 11.03.03, Wilder Europe – Neighbourhood: A New Framework for Relations with our Eastern and Southern Neighbours, p 4.

[36] Abdelkhaleq Berramdane, La Politique de Voisinage de l'Union Européenne in “Voisinage et Bon Voisinage à la Croisée des Droits Internes, International et Communautaire”, CECISE, Université Pierre-Mendès France de Grenoble, 2009.

[37] Katerina Stancova: EU Migration Policy & ENP, executive summary of the book: Stancova, Katerina. 2009.  “Integrating EU Migration Policy into the European Neighbourhood Policy. The Origins, Achievements and Prospects.” VDM Verlang Dr Muller.

Icelandic Human Rights Centre

Túngata 14 | 101 Reykjavík | Sími 552 2720 | info[at]

The office is open from 9-12 and 13-16