PART 2: SUMMARY OF
FORMAL AND INFORMAL DATA NETWORKS
9. JUSTICE drew our attention to informal exchanges
of data which take place among the police forces of the Member
States, and the bilateral agreements on data exchange which already
exist across many internal frontiers of the EU. Ms Madeline Colvin,
Legal Policy Director of JUSTICE, said that the databases "have
to be seen within the context of an increasingly informal system
that is unlikely to go away because the databases are in existence".
In her view, there was a danger in focusing on the databases,
which have "relatively strong supervision, certainly on the
face of their Conventions, and more than the informal systems"
10. In their memorandum, JUSTICE gave an interesting
case study of cross-channel liaison work, in 1995, between the
French customs service and the European Liaison Unit (ELU) of
the Kent County Constabulary. Following the request from the
French customs' officials for information on a vehicle suspected
of carrying drugs, the ELU carried out checks on four national
- Driver and Vehicle Licensing Centre
- Criminal Records Office
- Police National Computer
- National Criminal Intelligence Service Drug Registry
The Hounslow drug squad and local intelligence officer
was also consulted.
11. Following a further request from the two French
authorities, for information about two credit cards, a further
check was made with the Kent Constabulary Central Intelligence
Bureau. Kent Constabulary then also contacted HM Customs and Excise
at Dover, and further contacts were made between:
- Customs and Excise and the Hounslow drug squad
- The French authorities and HM Customs and Excise
12. As JUSTICE point out, this example "begins
to indicate the extent of existing police databases in Europe,
any one of which might contain information on a given person"
DATABASES: THE CASE FOR RATIONALISATION
13. Ms Colvin, for JUSTICE, raised the question whether
there should be some rationalisation of the databases. She considered
that the Third Pillar CIS database "could possibly be dealt
with within the Schengen Information System", and pointed
to other overlaps between Eurodac and the SIS (QQ 61-2). She
argued that rationalisation of the databases would not only lead
to greater efficiency but would also afford better protection
of human rights: "The more there is overlapping information
and the same personal data can be found on different databases,
the more that this information can be passed informally and the
more individuals are lacking the protections that we would say
are sufficient" (Q 63).
14. On the other hand, Mr Wells, for HM Customs and
Excise, said that the nature of the Customs Information System
was rather different from the Schengen Information System. He
argued that, "it might be that in very few cases there is
some read-across, but the principal purposes of the Schengen Information
System are quite different from those of the Customs Information
System, and although both might be physically located at a port,
I doubt that there would be much inter-relationship between these
two systems" (Q 49).
15. JUSTICE drew attention to the Action Plan to
Combat Organised Crime, adopted at the JHA Council in April 1997,
which recommended that databases such as Europol, Interpol, the
Sirene (Supplementary Information requested at the National Entry)
bureau of the SIS and the CIS should be brought together at one
location in each Member State (p 30). Mr Storr, for the Home
Office, said that, in relation to Europol, the Europol Convention
actually proscribed links to other information systems. It was
possible that the UK's central Sirene, for the SIS, would be located
at the National Criminal Intelligence Service (NCIS) "but
the co-location would not suggest that there should be any mingling
of data. It would simply be a convenient location" (Q 46).
16. JUSTICE pointed out that there is a developing
overlap between categories of information held in the different
databases. For example, Europol and Schengen will both contain
information about illegal immigrants, while Europol and the CIS
will both deal with money laundering or drug trafficking. The
idea of creating links is therefore attractive from the point
of view of operational effectiveness of certain police operations.
But, as JUSTICE stated in their memoranda, there are inherent
risks to the individual rights. "Where personal data is
exchanged between the different European databases it becomes
extremely difficult for individuals to exercise their rights of
access". The questions of data protection and rights of
access to data will be considered further in paragraphs 27-35
below. At this stage, we simply set out the proposals made to
us for links between the existing and planned EU databases.
17. On the general question of links between databases,
Mr Storr, for the Home Office, sounded a warning note. He said
that, in many public and private sector computer systems, failures
to deliver what was required were often the result of "over-ambitious
expansion at too early a stage". As far as Europol was concerned,
he said that the Home Office would reserve their position as regards
links with any other information system until not only Europol
but also other systems with which links might be proposed had
"got up and running and proved their worth" (Q 47).
18. Mr Wells, for HM Customs and Excise, pointed
out that CIS1 and CIS3 dealt with quite different information.
In relation to the First Pillar, the data covered such matters
as import duties, while in relation to the Third Pillar, the data
essentially concerned smuggled goods. However, HM Customs and
Excise would like there to be links between the two databases,
so that it would not be necessary to carry out two investigations
in relation to the same business or persons (Q 8).
19. Article 6 (2) of the Europol Convention prohibits
the computerised system being linked to other automated processing
systems, other than the computerised systems of national units.
This is, however, qualified by Article 5 which permits Europol
to have access to computerised data held by other bodies, so long
as this is provided for in other Conventions (p 70). As Statewatch's
memorandum points out, Europol information may still be forwarded
by non-computerised means, and rules have been adopted governing
exchange of information with third parties
(pp 52-3). Proposals are, however, under consideration for links
between Europol and other EU and external databases.
20. During the United Kingdom Presidency (January
- June 1998), the Home Office put forward a proposal to "begin
discussion on what would be involved in providing Europol with
access to the CIS" (Q 20). A similar suggestion has been
made by the Internal Affairs Committee of the European Parliament
(p 36). However, the UK proposal was considered to be premature,
before the CIS was in operation. Mr Wells, for HM Customs and
Excise, considered the idea to be not dead but dormant (Q 20).
According to Justice, discussions are taking place on a protocol
to the CIS Convention giving Europol, and other international
organisations, rights of access to the CIS database (p 30).
21. The EU's Action Plan on an Area of Freedom, Security
and Justice recommends a direct link between Europol and the SIS
(p 36). The Schengen Convention does not contain any provision
prohibiting links to other databases, but the Europol Convention
does. If there was to be any direct exchange of information between
the SIS and Europol databases, a formal agreement approved by
the Council of Ministers would be needed (pp 7-8). However, there
is an overlap between the mandates of Schengen and Europol in
regard to the smuggling of illegal immigrants and, according to
JUSTICE, "it has been agreed unofficially that data collected
within Schengen is passed to Europol for analysis. This is done
through the Europol liaison offices in the Hague, who have access
to the various relevant databases in their member countries"
AND OTHER EU DATABASES
22. The draft Eurodac Regulation (formerly a draft
Convention and Protocol), neither provides for nor prohibits any
links with third states or bodies. According to JUSTICE, "in
terms of the information held there will be a link with the SIS.
Under Article 96 of the Schengen Convention, data on third country
nationals to be refused entry may include refused asylum seekers"
(p 35). The Home Office stated in their memorandum that "the
only overlap (with Eurodac) will be with existing national databases
of the fingerprints of asylum seekers/illegal immigrants".
Much of the data that Member States will forward to Eurodac will
be data that is already collected for domestic purposes (p 4).
Statewatch, in their memorandum, argued that it would be "highly
objectionable" if the Eurodac database were to be linked
to Europol, CIS, SIS or any other database. They pointed out
that Eurodac will be established for a very narrow and specific
purpose, entirely unrelated to the crime fighting/immigration
control purposes of the other EU databases (p 53). Mr Potts,
for the Home Office, explained that "there is no way of fingerprint
information being infused from any other systems". He said
that fingerprint information was put on the system only when a
Member State obtained the fingerprints of an asylum applicant,
or of someone entering the country irregularly. Data would only
be supplied to a Member State "if what they contribute matches
with something which someone else has put on" (Q 27).
between EU and International databases
23. In the United Kingdom, the central point of contact
with both Interpol and Europol is the National Criminal Intelligence
Service (NCIS). Mr Storr, for the Home Office, said that this
means "we have a co-ordinated approach to the information
we both give and get from both organisations". Referring
to the SIS as well as Europol, Mr Storr said that there was a
"need to ensure that those systems develop in a way which
is compatible with Interpol" (Q 22).
24. Mr Edwards, for the Home Office, said that it
had always been envisaged that Europol would be able to enter
into relations with law enforcement agencies in non-EU countries.
Once Europol had established its full range of activities, he
expected that agreements with other countries on the sharing of
information would be developed (Q 31). Mr Storr said that the
G8 and European Union Member States were increasingly looking
at the possibilities for co-operation in this field
AND THE WORLD CUSTOMS ORGANISATION
25. Mr Wells, for HM Customs and Excise, raised the
possibility that the World Customs Organisation (WCO) might, in
future, have "some sort of access" to the CIS Third
Pillar database. However, he said that, at present, there was
no direct link between the CIS and any other databases. Where
relevant information was obtained from a source outside the EU,
it might be entered on the system, but would have to be physically
transferred as a conscious decision by one of the Customs authorities
of the Member States (Q 20).
26. Statewatch drew attention to a precursor of the
CIS, in existence since the early 1990s; the SCENT system ("Systems
Customs Enforcement Network"). This is an electronic messaging
service used in joint operations. This system, although mostly
used for third pillar customs co-operation, is accessible not
only to the EU Member States, but also, by telex, to other European
countries. The reason for this is that there is overlap between
the activities of the EU and WCO in this field. According to
Statewatch, "the theoretical legal distinction between first
and third pillar intelligence-gathering and operation, EU and
WCO, is simply ignored" (p 53).
27. The basic provisions relating to supervision
of the databases and data protection arrangements are set out
in Table 1. Each of the databases has its own supervisory authority,
and different legal instruments governing data protection apply,
depending on whether the database is established under the first
or third pillar. Thus, the Eurodac database, which is now proposed
to be established under a First Pillar measure, will be subject
to the provisions of the 1995 EC Directive on Data Protection.
For the CIS 1 (First Pillar) database, the provisions of the
Data Protection Directive will also apply, but CIS 3 will be subject
to a mixture of the provisions of the 1981 Council of Europe Convention
and national laws. Europol, which was established by a Third
Pillar Convention, is also subject to the Council of Europe Convention.
For Schengen, the position is that the Convention itself contains
provisions on the use, checking, correction, amendment and deletion
of data. However, as the Schengen Information system is likely
to be split between the First and Third Pillars of the EU, the
same hybrid situation will apply as is currently the case with
the two CIS databases (p 36).
28. The main provisions of the 1981 Council of Europe
Convention and the 1995 EU Directive are set out in an additional
memorandum from the Home Office (pp 22-3). Mr Edwards, for the
Home Office, stated that all the Conventions establishing the
databases under discussion drew on the basic principles of the
Council of Europe Convention. However, they all did so in different
ways. He said that Italy had recently proposed that there was
a need to look again at the data protection requirements of the
various Conventions to see "whether there might not be scope
for developing some over-arching data protection regime, and with
a view to ensuring that the differences in the Conventions in
their provisions regarding safeguards owed themselves to the specific
nature of the Conventions and were not simply an inadvertence"
29. Ms Colvin, for JUSTICE, suggested that "the
right of subject access to the data and the right to correct the
data [are] cornerstones of any data protection regime" (Q
64). JUSTICE's memorandum expressed concern over the lack of
consistent data protection provisions between the various Conventions,
and the complications arising from the part played by national
data protection regimes in, for instance, the SIS and Europol
databases (p 36). Ms Colvin argued that "there is a question
mark over whether traditional data protection principles can cope
with exchanges of data that are now processed in different ways
from when the data protection principles were first drafted".
The problems were first, finding out on which databases information
was held, and secondly, that exemptions from police data made
it almost impossible to gain access to sensitive information which
might be used in the prevention or detection of crime. In Ms
Colvin's view the difficulties which the citizen faced rendered
the data protection provisions illusory, and she proposed that
compensatory measures were needed. These might include tighter
controls on information going on to a system, and a re-examination
of the distinction between "hard data" (factual information)
and "soft data" (police intelligence information) (QQ
64 - 5).
30. Mr Bunyan, for Statewatch, was concerned that
the brief of the supervisory bodies was too narrow and focused
exclusively on data protection: "it is not to do with human
rights or democratic accountability". He gave the example
of information on Europol's database which might have come from
a third country and said that "it is difficult to see how
a data protection body is going to be the judge of whether
the human rights standards are correct in the country from which
the information is coming" (Q 141). Dr Busch, for Statewatch,
said that the supervisory body would have to consider first, what
was the reason for data being entered onto a system by the originating
country, and second, whether it was justified that the information
should reach a country which wished to use it. The problem was
that "the further away the information goes from the point
it is created, the more difficult it is to judge if the information
is correct" (Q 141).
- PROPOSALS FOR CHANGE
31. The Italian proposal (see para 28) for the establishment
of a working party on harmonising data protection provisions has
been taken up by the Council. This move was welcomed by JUSTICE,
who agreed that the "lack of a pan-European set of data protection
rules across the third pillar agreements
does need to be
tackled" (p 36). JUSTICE also considered that a single data
protection authority with enforcement powers and a proper budget
was likely to be more effective than the present fragmented arrangements
for supervision of the databases. However, this needed to be
examined fully, preferably at the same time as proposals for the
European data protection authority, to be set up under Article
286 TEC (p 36). Mr Spencer, for JUSTICE, pointed out that this
would have the practical advantage that members of national data
protection authorities would need to attend only one European
body, instead of many separate bodies (Q 91).
32. Mr Bunyan pointed out that the Europol Convention
contained data protection provisions, but it did not have a "police
complaints authority side". He suggested that, in addition
to a mechanism for ensuring the protection of personal data, consideration
should be given to a body with responsibility for "complaints
about the operation of the whole organisation" (Q 152).
33. Mr Bunyan also suggested that monitoring the
work of agencies in the Justice and Home Affairs area should be
the responsibility of national parliaments and the European Parliament
acting together, and urged that those questions should be debated
in the national parliaments and in COSAC (the Conference of European
Affairs Committees) (QQ 142-144).
INFORMATION SYSTEM: EFFECTS OF THE UK'S OPT-IN
34. The UK's position with regard to Schengen is
that it wishes to opt in to those areas that relate to "police
and judicial co-operation, including the SIS". The SIS contains
information on both persons and objects. There are 5 categories
of persons which may be entered onto the SIS:
- Persons wanted for extradition (Article 95)
- Persons to be refused entry (i.e. "unwanted
aliens") (Article 96)
- Missing persons or those in need of protection
- Witnesses or those subject to a criminal judgement
or summonses to appear (Article 98)
- Persons to be kept "under surveillance"
or subject to specific checks (Article 99)
Four of these categories relate to police and individual
co-operation, and only one (Article 96) to immigration and border
35. JUSTICE have pointed out that the majority of
entries on the SIS (703,688 out of 1,223,768) relate to immigration
and border controls (entered under Article 96) (p 31). The Home
Office states that "information on persons to be refused
entry to the Schengen territory
should be of limited
use to the UK, given that we intend to maintain separate frontier
controls. We intend to discuss with our partners how best to
share information in this area" (p 6). Statewatch commented
that "it is essential that the Home Office clarify exactly
how such information will be shared, because this would considerably
widen the scope of UK participation, and raise in turn particular
questions about compatibility of such measures with the Human
Rights Act and with Community law" (p 48).
COURT OF JUSTICE JURISDICTION
36. JUSTICE's memorandum stated that "the need
for consistent judicial supervision of bodies operating at a pan-European
level has now become a well-developed issue in relation to the
third pillar". Following the Amsterdam Treaty, in their
view, judicial supervision of all EU databases has become "even
more of a lottery". The three categories into which a database
may fall are:-
(i) If it is in the First Pillar, it will
be subject to the jurisdiction of the Court, with the important
proviso that, if its legal base is Article 62 in relation to border
controls, it will be subject to the exception of excluding the
Court's jurisdiction over any matter relating to the maintenance
of law and order.
(ii) If it is a Third Pillar Convention already
in force (i.e. Europol and CIS 3), the respective protocols continue
to apply. The protocols allow Member States to opt-in to preliminary
ruling jurisdiction of the Court either from any level of court
or only from the final court of appeal. The UK has declined to
accept ECJ jurisdiction over these databases.
(iii) For future Third Pillar instruments, ECJ
jurisdiction will depend on the decision of individual Member
States (as in (ii) above). But, in relation to these measures,
the Court shall not be entitled to review the validity or proportionality
of operations carried out by law enforcement agencies or the exercise
of maintaining law and order generally (pp 37-38).
37. JUSTICE pointed out that the exact implications
of the exemption in the Treaties for ECJ jurisdiction over law
and order matters are unclear. They argue that it is important
to clarify what action taken by national law enforcement authorities
will fall within the exemption, and whether any activities of
bodies such as Europol could fall within the exemptions (p 38).
Ms Colvin argued that, while it was perfectly justified to have
limitations on ECJ jurisdiction in respect of national policing,
more clarity was needed about the effect of these exemptions on
police co-operation at EU level (Q 99). Mr Noorlander, for JUSTICE,
argued that the different ways in which ECJ jurisdiction could
be invoked in respect of the different databases was "not
conducive to providing effective oversight". He said that
the ECJ should provide consistency, and play a 'standard setting
role' taking into account human rights principles (Q 98).
38. JUSTICE's memorandum concluded by referring to
the UK's position on Europol and the ECJ as "anomalous".
They considered that "its reluctance to accept the Court's
jurisdiction over any measure that is inter-governmental, even
if only in part, runs counter to its commitment to human rights"
(p 38). Mr Storr, for the Home Office, said that the case for
bringing Europol within the purview of the ECJ had been "extremely
carefully gone into and debated at length", but that the
Government were looking, as Europol and the other databases developed,
"to ensure that the safeguards we have are good ones and
work well" (Q 40).
39. In relation to the two CIS databases, Statewatch
argued that the scope of the ECJ's jurisdiction to receive preliminary
rulings was likely to be different in respect of CIS 1 and CIS
3, at least if the UK maintained its opposition to ECJ jurisdiction.
From an individual's point of view, it might not be clear whether
his or her personal information had been placed on the CIS 1 or
CIS 3 database. In Statewatch's view, the CIS Convention gave
the Government "a particularly good opportunity
to rethink its opposition to the Court's jurisdiction over preliminary
rulings on third pillar measures" (pp 49-50).
40. As these networks are, for the most part, only
at the development stage, we were unable to take any direct evidence
on the specific security issues which might arise. Given the
sensitive nature of the material to be included, it is quite possible
that evidence would not have been forthcoming. We had the benefit,
however, of a session of evidence from Mr Mark Vernon, a freelance
journalist specialising in this area. A brief summary of Mr Vernon's
evidence is included here, and his memorandum and oral evidence
will be found at pp 65-72.
41. In Mr Vernon's view, "there is no such thing
as a 100 per cent foolproof, secure network. It is a question
of whether you can make it secure enough . . . . . it is a question
of managing the risk associated with the network" (Q 158).
The size of a network is not necessarily an indication that it
is not secure. Multinational businesses run networks with tens
of thousands of terminals attached, and banks doing business over
the Internet have tens of thousands of customers. There were
risks inherent in scaling up networks to many users. This might
bring to light security issues which were not evident in pilot
42. Methods of accessing large banking networks vary.
Some banks use the Internet, while others use direct dialling,
which is more secure. This is an area where "best practice"
has not been settled, and where different banks clearly take different
views of the risks involved (Q 159). One method of improving
the security of a network is knowing as much as possible about
those who will be accessing the network (Q 160). One of the problems
in assessing the security of existing networks was that the organisations
running them did not want information about security breaches
to become public knowledge (Q 175).
43. Comparisons with the security of traditional
filing systems are relevant to this area. Proper procedures are
needed to prevent wrong information getting into a filing cabinet,
and electronic filing systems are no different in this respect
(Q 161-63). Data can also be stolen from a conventional filing
system - perhaps with greater ease than from a computer database
(Q 182). But if a computer system is successfully broken into,
it is likely that a lot of information can be obtained very quickly
- if you are physically carrying files out of a building it is
much more difficult to do that (Q 183).
44. Mr Vernon identified three categories of person
likely to pose an external security threat: casual hackers, illicit
information brokers and ideologically-driven "cyber-warriors".
Analysis was needed to assess the risk of external parties hacking
into a network and to assess the provisions made against this
(p 65). Internal security threats also needed to be considered.
This might imply careful control over the identification of users,
training and responsibilities of users, and monitoring time spent
online (p 65). Mr Vernon pointed out that computers are successful
at controlling hierarchies of access, with different levels of
permission to access and/or modify data (Q 166). Hardware also
needed to be considered when establishing a very large network,
such as the SIS, issues of hardware compatibility and security
were important (Q 178). There was common ground among consultants
about certain aspects of system design, in particular keeping
the server (which runs the system) separate from the computer
that stores the information.
45. In creating large cross-border networks, encryption
technology is necessary for the safe transmission of data. Mr
Vernon noted that discrepancies exist between the theoretical
and actual security of encryption technology. However, these
discrepancies might, in practice, be less significant than they
appeared, as encryption was only one of many security factors
46. Finally, public confidence was important. Mr
Vernon noted that public acceptance of new technology took time.
Automatic teller machines at banks were an example, where customers
had initially been concerned that money could be lost from their
accounts. However, as their use became widespread, confidence
developed. Public confidence in major IT projects could be damaged
if those projects were not thoroughly planned. However, there
was no easy answer to building public confidence. "It happens
over time" (Q 185).
3 See our Report on Europol: Third Country Rules,
HL Paper 135, Session 1997-98 Back
Four sets of rules, referred to collectively as the "Third
Country Rules", establishing a regulatory framework for operational
co-operation between Europol and third (non-EU) States and EU
or non-EU bodies have been agreed. They were the subject of our
Report, Europol: Third Country Rules (1997-98, HL Paper
135). A draft Council Decision authorising the Director of Europol
to enter into negotiations on agreements with third states and
non-EU bodies is likely to be adopted before the end of 1999.
The draft decision envisages the opening of negotiations with
the following non-EU States and bodies: Bulgaria, Canada, Cyprus,
Czech Republic, Estonia, Hungary, Iceland, Latvia, Lithuania,
Malta, Norway, Poland, Romania, Russian Federation, Slovakia,
Slovenia, Switzerland, Turkey, the USA, ICPO-Interpol, UN offices
and bodies active in areas falling within Europol's remit, and
the World Customs Organisation. Back
EC Directive 95/46 on the protection of individuals with regard
to the processing of personal data and on the free movement of
such data (OJ L 281, 23 November 1995). Back