Select Committee on European Communities Report


Letter from Kate Hoey MP, Parliamentary Under Secretary of State, Home Office, to Lord Tordoff, Chairman of the Committee

  I have received a copy of the Committee's report of its enquiry into the Europol Third Country Rules, and welcome the opportunity to respond to the comments and recommendations which it contains.


  2.  I note the Committee's views on our decision not to deposit these Rules at the very outset for scrutiny. We have already set out why this was the case. It is, however, perhaps worth re-iterating, in light of the statement in the report that the Home Office "sought to offer . . . some comfort by saying that the Rules were not `set in stone'", that whilst that is certainly the case, and has some relevance in this area, it is by no means the main reason why the Rules were not initially deposited. Due to the way in which the Rules were drafted, we believed that the most significant documents in this area would be the individual agreements with third States and third bodies in respect of which these rules provide a framework. In light of that, we considered that the Rules themselves were not sufficiently significant to meet the current criteria for deposit for scrutiny.


  3.  On the question of whether the Rules should specify a minimum standard of data protection which must be adhered to by third bodies with whom Europol has an agreement, the Committee shares the view of the Data Protection Registrar that this would be unnecessary. The Committee does however recommend that the question should be reviewed in two or three years time. We agree with this, and fully expect that this and other issues covered by the document will be frequently re-examined from the point at which Europol takes up its activities.


  4.  The Committee expresses the view that the inclusion of human rights clauses as standard in agreements with third parties would be beneficial in terms of sending a political signal, providing an effective safeguard, and ensuring consistency in the European Union's external relations. We share this view, and will seek to ensure that such a clause is included in each agreement.


  5.  The Committee recommends that information received in the absence of an agreement should be marked as to its source in order to preserve the audit trail. We agree, and would expect Europol to do this as a matter of course: the absence of any such marking, and the subsequent inability to assess the validity of a piece of data, would significantly diminish its operational value. Moreover, Article 15.3 of the Convention requires Europol to store data "in such a way that it can be established by which Member State or third party the data were transmitted . . . ".


  6.  The Committee considers that Rules should make clear that individuals have the same rights in relation to information received by Europol from third parties as they have in relation to information transmitted within the EU. We have already made clear that we believe the provision in Article 42 of the Europol Convention, specifying that the exchange of personal data shall only take place in accordance with Titles II to IV of that Convention, provides sufficient protection in this regard.


  7.  The Committee expresses concern over Article 4(4) of Europol 38, which prohibits Europol from storing information which has clearly been obtained in obvious violation of human rights. They believe that it should be revised so that Europol is prohibited from storing any data when there is a "serious risk" that such data has been obtained in violation of human rights, and also believe that the clause should clearly limit the transmission of any such data to exceptional cases.

  8.  Joyce Quinn indicated in her evidence to the Committee that she had no objection in principle to such amendments. This is a view which I share. However, as she also explained, it was not possible to secure agreement to provisions along those lines during negotiation of the Rules. A similar position was obtained in respect of a phrase referring to "exceptional circumstances".

  9.  I agree that Article 4(4) is not perfectly drafted; however I am also satisfied that taking this provision in the context of the Rules as a whole, and taking into account the protection offered elsewhere with regard to the protection of human rights, it would have been inappropriate to have insisted on wording on the lines which have been suggested at the risk of not concluding a text and that it would also be inappropriate to re-open negotiations on this matter at this stage.


  10.  The report compares Article 4(2) of Europol 38 with Article 7 of Europol 27, which set out the rules for the correction and deletion of data which has been exchanged between Europol and a third party. The Committee believes that these provisions mean that there is one standard for Europol and another for third parties.

  11.  We do not accept this interpretation. Article 7 of Europol 27 refers to information which is "incorrect, inaccurate, no longer up to date, or should not have been transmitted", and states that if this is the case with information which Europol has transmitted to a third party, the third party shall be obliged to correct or delete the information accordingly. Article 4(2) of Europol 38 refers to a situation in which a third party informs Europol that it has deleted or corrected any information. In this instance, Europol shall correct or delete the information accordingly. However it shall not delete the information if it has a further need for or interest in it. Europol may have more information than the transmitting party, and may believe, as a result, that the information has a further validity. Furthermore, the third party may have deleted the information simply because it has no further interest in it. Europol's investigation may be exploring different angles from that of the third party, and in that situation we do not believe that it should be required to delete the information.

  12.  The key point underlying the formulation of these provisions is there is a difference between Article 7 of Europol 27 and Article 4(2) of Europol 38, in that the former refers to a situation in which data is invalid, whereas the latter refers to a situation in which Europol is informed that the data has been corrected or deleted by the third party: there is a clear distinction between the two, and we do not accept that there is a double standard.


  13.  The Committee believes that information regarding the use by the Director of exceptional powers to transmit information without an agreement should be put in the public domain. Possible operational considerations (which may require confidentiality in certain situations) notwithstanding, we would not object to this in principle, but as we have indicated in earlier correspondence, we believe that this is a matter for the Joint Supervisory Body to decide, and we do not believe that the issue should be dealt with in these Rules.


  14.  The Committee highlights the importance of ensuring that the Joint Supervisory Body is adequately resourced in order to carry out its functions, and that the Data Protection Registrar is also adequately resourced in order for her to fulfil her role as a member of the JSB. We share this concern. In accordance with Article 24(9) of the Europol Convention, we will ensure that there is ongoing consultation with the JSB to deal with this issue satisfactorily. We will also be discussing with the Registrar the resource implications of Europol business for her organisation. We share the view that it is difficult to predict the amount which will be required in the future, and would like to assure the Committee that the issue will be regularly revisited. With regard to the provision in the Europol Budget for 1999, we are, however, satisfied that the amount is appropriate.


  15.  The Committee cites two places where they believe that there is a possible incompatibility between the Rules and the Europol Convention itself.

  16.  The first instance relates to Article 18(6) of the Convention, which states that information "subject to the requirement of confidentiality" cannot be transmitted by Europol to a third party without an agreement being in place, and the power of the Director, outlined in the Rules, exceptionally to transmit information subject to the basic protection level according to the Confidentiality Rules in the absence of an agreement. In our view, as was stated in earlier evidence, there is no incompatibility: we believe that information subject only to the basic protection level (according to the Confidentiality Regulations) does not fall into the category of information subject to the requirement of confidentiality mentioned in Article 18(6) of the Convention.

  17.  The second possible incompatibility mentioned is between Article 4(2) of Europol 38, and Article 20 of the Convention.This is similar to the distinction, referred to above in paragraphs 10-12, between Article 4(2) of Europol 38 and Article 7 of Europol 27. The key point is that Article 4(2) of Europol 38 clearly refers to a situation in which a third party informs Europol that they have corrected or deleted data; Article 20 of the Convention, however, refers to information which is definitely invalid. There is a clear distinction between the two.


  18.  The Committee requests that the Government deposits in the libraries of both Houses future annual reports produced by Europol, and copies of all agreements concluded under the Rules. They also request that any proposals to amend the Rules are deposited in good time to effect meaningful scrutiny. We are happy to comply with these requests.

2 October 1998

previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries

© Parliamentary copyright 1999