Feeds

MPs demand controls on Euro police databases

Co-operation needs human touch

Remote control for virtualized desktops

The Home Affairs Select Committee has advised government to put its weight behind neglected European efforts to hold the rapidly emerging system of police databases answerable to human rights legislation.

The committee's proposals, published today in a report on EU police and judicial co-operation, include a bar on agreements like the controversial PNR (Passenger Name Records) and Swift data sharing arrangements that the EU formed with the US in the name of the "war on terror".

It also recommends the government seeks to restrain EU efforts to share data between police forces by ensuring decent data protection laws are adhered to.

It noted how the EU (and largely the council) had been rushing ahead with plans to link European police databases, while legislation designed to protect citizens' fundamental rights against abuse from such powerful policing tools had been left to flounder.

"We consider that in the area of data protection there is evidence of insufficient political appetite for protective measures as compared to law enforcement ones," the report noted.

An EU measure to introduce data protection legislation into the third pillar of EU law (where matters regarding the police and judiciary sit) had been more or less abandoned because the council had failed to come to an agreement. Yet in the absence of an agreement, a cabal of EU states went ahead with their own police database plan called the Prüm Treaty, which contained weak data protections. This had subsequently been introduced as an EU framework, the committee noted, "almost as a fait accompli".

The committee was concerned about the precedent Prüm had set for European democracy, while noting the lack of scrutiny of these proposals in Westminster.

"There is a danger that if [Prüm] is not implemented with sufficiently rigorous safeguards, in particular robust data-protection arrangements, the principle risks the dissemination of personal data of UK citizens without sufficient control over the subsequent use of that data."

Experts told the committee how greater police co-operation across Europe could lead to greater abuses of human rights. Professor Steve Peers, of the University of Essex, warned that police would be tempted to use their databases to go on fishing expeditions unless their access was restricted.

Dr Valsamis Mitsilegas, from the University of London, said as police standardised their data formats, the sharing would become "quasi-automated", making it difficult for police to make checks that would uphold key data protections.

For example, data is supposed only to be used for the purpose for which it was collected, not shared with countries without proper protections, and not taken from sources that might have got the data through coercion or torture.

While people have found it easier to shuffle around EU states, police data sharing arrangements have been shoddy. Even the steps taken to improve matters in 2005 where inadequate, it noted. The 2005 legislation only made sure European police forces shared relevant data with one another about suspects and criminals on a weekly basis. It did not hold them to using common formats and ensuring a minimum standard of quality.

To illustrate the poor level of co-operation between European forces, the report noted the case of 63-year-old Belgian Michel Fourniret, who was arrested in 2003 for the murder of six French girls and one Belgian girl. Belgian police had no idea he had previously been sentenced for the rape and indecent assault of minors in France.

However, Home Office minister Joan Ryan said the UK was seeking to join an EU pilot for a more active police data link than those already being pushed through in legislation. The way the report described the pilot, it sounded as though it was exploring greater levels of integration between police databases than was presently accepted to be within the bounds of data protection.

The standard was set on the VIS (Visa Information System) legislation currently being passed through the Brussels legislature: it gave European police forces only limited access to one another's databases and only for good reason.

The principles behind these restrictions also prompted the committee to commend Ryan's suggestion that further agreements like the PNR data sharing arrangement with US terror investigators was "an area that the EU should hopefully be able to avoid".

The same went for other US data gathering exercises: "We consider that the casual use of data about millions of EU citizens, without adequate safeguards to protect privacy, is an issue of much greater significance than many of the other EU-related matters put to the UK government and Parliament for consideration," said the report.

"We recommend that the government and the European Commission should prioritise the question of provision of personal information to countries outside the EU as an issue of the greatest practical concern to its citizens."

It added that it was urgent that the government put its weight behind the EU proposal for data protection in police matters and that it ought to listen to the recommendations of the European Data Protection Supervisor (EDPS) if it wanted to see it done properly.

That should please the EDPS no end, because the headlong merger of police databases without proper regard for data protections is an illustration of just how well the EU Council has listened to the supervisor before now. ®

Beginner's guide to SSL certificates

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
'Internet Freedom Panel' to keep web overlord ICANN out of Russian hands – new proposal
Come back with our internet! cries Republican drawing up bill
What a Mesa: Apple vows to re-use titsup GT sapphire glass plant
Commits to American manufacturing ... of secret tech
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?