Legal base	Articles 30(1)(a) and (b) and 34(2)(b) EU; consultation; unanimity
Department	Home Office
Basis of consideration	Minister's letter of 9 November 2004
Previous Committee Report	HC 42-xxvii (2003-04), para 7 (14 July 2004); HC 42-xxxii (2003-04), para 17 (13 October 2004); and see (25536) 8200/04: HC 42-xxi (2003-04), para 7 (26 May 2004)
To be discussed in Council	No date set
Committee's assessment	Legally and politically important
Committee's decision	Not cleared; further information requested

Background

9.1 Following the declaration on terrorism by the European Council on 25 March 2004, Sweden has brought forward a proposal (document (a)) and an explanatory memorandum (document (b)) on the creation of a "common and simplified framework" for the exchange of information and intelligence between law enforcement authorities of the Member States during the investigation of crime or in the course of a criminal intelligence operation.

9.2 When we considered the draft proposal on 14 July and 13 October, we raised a number of questions with the Minister. First, we drew attention to the use of the term "does not imply" in the context of a provision intended to make clear that obligations were not being imposed on Member States to gather and store information and intelligence only for the purpose of providing it to the authorities of other Member States, or to provide information and intelligence for use as evidence before a judicial authority in another Member State, or to obtain information or intelligence by means of coercive measures in the requested Member State. We urged the Government to address the ambiguity created by use of the expression "does not imply" in relation to an obligation, and did not consider it satisfactory that there should be ambiguities in this sensitive area, or that poor drafting should be retrieved by references to an explanatory note which had no binding force.

9.3 Secondly, we agreed with the Minister that the meaning of the term "coercive measures" as used in Articles 1 and 2 was not clear. We welcomed the Minister's intention to seek a clear definition of this term which would exclude the interception of communications from the scope of the proposal. We also looked forward to an account, in due course, of what has been achieved to ensure that the proposal does not inhibit cooperation between the UK and third countries.

9.4 We shared the Minister's concern over the current wording of Article 6, and agreed that in the case of exchanging information on persons who are not suspects, there should be a much closer link between the person in question and the alleged offence before requests for information could be made.

9.5 The Minister undertook to provide us with the views of the Information Commissioner as soon as these were received.

The Minister's reply

9.6 The Parliamentary Under-Secretary of State at the Home Office (Caroline Flint) informs us of the views of the Information Commissioner in her letter of 9 November 2004. The Information Commissioner prefaces his remarks on the present proposal with a number of general observations on data protection issues arising under measures adopted under the justice and home affairs provisions of the EU Treaty.

9.7 The Information Commissioner points out that a number of systems already exist for the sharing of information between law enforcement authorities in EU Member States (such as the Europol Information System, the Customs Information System and the Schengen Information System), each of which contains provisions for the protection of data. The Information Commissioner adds that it is for this reason that he has always encouraged UK law enforcement authorities to use these formal channels for the exchange of personal information rather than the less formal channels where comparable controls may not be in place. The Commissioner refers to the similarities between the rules and standards in each of the formal channels, since they are based on the Council of Europe Convention on Data Protection (Convention 108 of 28 January 1981), but also to their differences, and raises the question of how supervision by independent data protection authorities will be guaranteed in circumstances other than those applying within the particular system.

9.8 The Information Commissioner adds these further general comments:

"There is a parallel with the First Pillar. In the First Pillar there is a Data Protection Directive (95/46/EC). It was introduced to facilitate the free flow of personal information within the single market. Article 1 of the Directive provides that member states shall neither restrict nor prohibit the free flow of personal data between member states on privacy grounds. In effect the principle of free exchange of data is already established in the First Pillar. It is, though, established on the basis that member states must implement the data protection controls in the Directive through their national laws and must provide redress for individuals where its provisions are breached. There is also a requirement for independent supervision. In the First Pillar it was considered necessary to use an EU legal instrument to ensure that broadly equivalent controls are in place throughout the EU as a counterbalance to the removal of cross border restrictions on the exchange of, and access to personal information. In this context, it should be noted that although most member states had already ratified the Council of Europe Convention on Data Protection, the provisions of this Convention were not considered to be sufficient to deliver the degree and consistency of protection deemed necessary.

"There is no equivalent of Directive 95/46/EC in the Third Pillar. The Information Commissioner's understanding is that most member states, although not obliged to, have extended their national laws implementing the Directive to law enforcement agencies. The other member states have specific data protection laws covering police files. There is certainly no evidence available to the Commissioner to suggest that these data protection controls are inadequate. There can, nevertheless, be significant differences between member states. It is also the case that the legal framework of the EU does not currently underpin these controls nor does it ensure equivalence of protection across the EU in the same way that is achieved by Directive 95/46/EC in the First Pillar. There is therefore no guarantee that the requirements of the Draft Framework Decision will be met by existing legislation. This is a potential weakness. Differences in the law and practice across member states could become more apparent and act to the detriment of individuals as cross border and exchange of information increase. As previously mentioned these data protection differences could become an obstacle to increased cross border co-operation in the Third Pillar. If the divergence of laws increases in the future so will this risk.

"The Information Commissioner therefore sees a case for developing one data protection framework that will apply across the Third Pillar. Such a framework would supersede Article 9 of the Draft Framework Decision and would ensure a degree of consistency in the application of rules and standards to the exchange of personal information that does not presently exist and is not guaranteed by Article 9. The Commissioner understands that such a common data protection framework is under development.

"A common data protection legal framework for the Third Pillar must not though undermine existing data protection provisions. It is important that any legal framework addresses the specific issues that arise in the Third Pillar, including those in the Draft Framework Decision, and goes beyond simply restating basic principles of data protection. The framework should draw as much, if not more, from Council of Europe Recommendation R (87)15 of 17 September 1987 on the use of personal data in the police sector, relevant legal instruments in member states and original thinking as it should from the existing EU data protection instruments in the First Pillar."

9.9 The Information Commissioner makes a number of specific comments on the text of the Framework Decision. Article 1 (1) states that the Framework Decision shall not affect "more favourable" provisions in national law, bilateral or multilateral agreements, but it is not clear what "more favourable" means. The Information Commissioner considers that the data protection controls referred to in Article 9 should apply to all cross-border exchanges within the EU. The Commissioner shares our concern over the meaning of "coercive means" in Article 4 (1) and asks if it is meant to extend to any information provided by a suspect under caution.

9.10 The Information Commissioner finds the purpose of Article 4a(2) to be unclear (it sets out a list of offences in respect of which Member States must provide information within 12 hours) and raises the question of whether such matters as conduct which infringes road traffic regulations or infringements of intellectual property rights (both of which are listed in Article 4a(2)) really fall within the area of serious crime at which the Framework Decision is aimed.

9.11 The Information Commissioner considers that Article 9 (3) should recognise that personal data obtained in the course of one set of proceedings cannot necessarily be used in another set of proceedings whether or not those proceedings fall with the Framework Decision. By way of example, the Information Commissioner points out that witnesses may be prepared to give evidence on condition or on the understanding that it will be used only in connection with a particular murder investigation and considers that such information cannot then be used for the investigation of other crimes even if they were to fall within the scope of the Framework Decision.

9.12 In relation to Article 10 (which concerns the confidentiality of information), the Information Commissioner considers that the implementation of this Article would be greatly assisted by the adoption of common confidentiality markings among all those responsible for law enforcement in the EU.

Conclusion

9.13 We are grateful to the Information Commissioner for his detailed consideration of the data protection issues raised by this proposal. We agree with those views and ask the Minister for her views , in due course, on these comments.

9.14 We shall hold the documents under scrutiny pending further information from the Minister on the progress of negotiations, particularly on those points we identified in our previous Report.