Feeds

MPs demand controls on Euro police databases

Co-operation needs human touch

The Power of One Infographic

The Home Affairs Select Committee has advised government to put its weight behind neglected European efforts to hold the rapidly emerging system of police databases answerable to human rights legislation.

The committee's proposals, published today in a report on EU police and judicial co-operation, include a bar on agreements like the controversial PNR (Passenger Name Records) and Swift data sharing arrangements that the EU formed with the US in the name of the "war on terror".

It also recommends the government seeks to restrain EU efforts to share data between police forces by ensuring decent data protection laws are adhered to.

It noted how the EU (and largely the council) had been rushing ahead with plans to link European police databases, while legislation designed to protect citizens' fundamental rights against abuse from such powerful policing tools had been left to flounder.

"We consider that in the area of data protection there is evidence of insufficient political appetite for protective measures as compared to law enforcement ones," the report noted.

An EU measure to introduce data protection legislation into the third pillar of EU law (where matters regarding the police and judiciary sit) had been more or less abandoned because the council had failed to come to an agreement. Yet in the absence of an agreement, a cabal of EU states went ahead with their own police database plan called the Prüm Treaty, which contained weak data protections. This had subsequently been introduced as an EU framework, the committee noted, "almost as a fait accompli".

The committee was concerned about the precedent Prüm had set for European democracy, while noting the lack of scrutiny of these proposals in Westminster.

"There is a danger that if [Prüm] is not implemented with sufficiently rigorous safeguards, in particular robust data-protection arrangements, the principle risks the dissemination of personal data of UK citizens without sufficient control over the subsequent use of that data."

Experts told the committee how greater police co-operation across Europe could lead to greater abuses of human rights. Professor Steve Peers, of the University of Essex, warned that police would be tempted to use their databases to go on fishing expeditions unless their access was restricted.

Dr Valsamis Mitsilegas, from the University of London, said as police standardised their data formats, the sharing would become "quasi-automated", making it difficult for police to make checks that would uphold key data protections.

For example, data is supposed only to be used for the purpose for which it was collected, not shared with countries without proper protections, and not taken from sources that might have got the data through coercion or torture.

While people have found it easier to shuffle around EU states, police data sharing arrangements have been shoddy. Even the steps taken to improve matters in 2005 where inadequate, it noted. The 2005 legislation only made sure European police forces shared relevant data with one another about suspects and criminals on a weekly basis. It did not hold them to using common formats and ensuring a minimum standard of quality.

To illustrate the poor level of co-operation between European forces, the report noted the case of 63-year-old Belgian Michel Fourniret, who was arrested in 2003 for the murder of six French girls and one Belgian girl. Belgian police had no idea he had previously been sentenced for the rape and indecent assault of minors in France.

However, Home Office minister Joan Ryan said the UK was seeking to join an EU pilot for a more active police data link than those already being pushed through in legislation. The way the report described the pilot, it sounded as though it was exploring greater levels of integration between police databases than was presently accepted to be within the bounds of data protection.

The standard was set on the VIS (Visa Information System) legislation currently being passed through the Brussels legislature: it gave European police forces only limited access to one another's databases and only for good reason.

The principles behind these restrictions also prompted the committee to commend Ryan's suggestion that further agreements like the PNR data sharing arrangement with US terror investigators was "an area that the EU should hopefully be able to avoid".

The same went for other US data gathering exercises: "We consider that the casual use of data about millions of EU citizens, without adequate safeguards to protect privacy, is an issue of much greater significance than many of the other EU-related matters put to the UK government and Parliament for consideration," said the report.

"We recommend that the government and the European Commission should prioritise the question of provision of personal information to countries outside the EU as an issue of the greatest practical concern to its citizens."

It added that it was urgent that the government put its weight behind the EU proposal for data protection in police matters and that it ought to listen to the recommendations of the European Data Protection Supervisor (EDPS) if it wanted to see it done properly.

That should please the EDPS no end, because the headlong merger of police databases without proper regard for data protections is an illustration of just how well the EU Council has listened to the supervisor before now. ®

Boost IT visibility and business value

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.