Visa Information System (VIS)

The Visa Information System (VIS) is a system for exchanging data on visa applicants and visas between the Schengen member states. The purpose of VIS is, among other things, to improve the practice of a common visa policy, simplify information sharing, prevent ‘visa shopping’, combat identity fraud and simplify border controls.

Illustration of travel documents on a white background

Legislation

The Personal Data Act and the General Data Protection Regulation (GDPR) apply to the processing of data in VIS unless otherwise provided by law or regulations. Special requirements also apply under Regulation (EU) 767/2008 (the VIS Regulation). The VIS Regulation is implemented in Norwegian law through Sections 102–102f of the Immigration Act.

What personal data are registered in VIS?

VIS contains personal data that are collected and registered during the visa application process. The following data are registered in VIS:

alphanumeric data on the applicant and on visas applied for, granted, refused, annulled, revoked or extended
photos
fingerprints
reference to previous applications, and to other persons travelling in a group with the applicant.

For how long will the data be stored in VIS?

The data shall not be stored for longer than five years.

Who has access to the data in VIS?

The visa authorities have access to data for the purpose of processing visa cases.
The authorities responsible for border control and immigration control have access to data for the purpose of checking identities and legal entry/stay.
The asylum authorities have access to data for the purpose of deciding which EU/EEA member state is responsible for processing an application for protection under the Dublin Regulation.
In some cases, the police authorities may be granted access to information about a person registered in VIS for the purpose of preventing, solving or investigating acts of terrorism or other serious criminal offences.

You have a right to know what personal data have been registered about you in VIS. As a data subject, you may also request that inaccurate data be rectified or erased.

If you would like access to your personal data in VIS, you can use a form that is available on the Directorate of Immigration’s (UDI) website.

Request for access to information in the Visa Information System (VIS) (pdf).

Send the completed form to:

Directorate of Immigration
P.O. Box 2098 Vika
NO-0125 Oslo
Norway
Email:

The form can also be sent directly to the authority that registered the data.

Our role and duties as the Data Protection Authority

As a national supervisory authority, we shall supervise the Norwegian authorities’ processing of personal data in VIS.

If you believe that your personal data have been processed in violation of the regulations, you can file a complaint with us.

If you file a complaint with us about the processing of your personal data in VIS without first contacting the data controller, we will normally send the complaint to the relevant authority for consideration.

Appealing against the our decisions

Our decisions under the Personal Data Act can be appealed to the Privacy Appeals Board in accordance with the rules set out in Section 22 of the Personal Data Act and Chapter VI of the Public Administration Act.

Legal remedies

Data subjects may bring civil proceedings for the purpose of asserting rights under the Personal Data Act.

For information about court proceedings, see the Courts of Norway website (domstol.no).