Examination of Witnesses (Questions 260-279)
23 JANUARY 2007
Q260 David Winnick: Professor Peers,
could I draw you a little on the question put to you by Mr Russell
regarding the Home Office. As part of your work, you study EU
justice and home affairs. Is the British Home Office under successive
governmentsand I emphasise "under successive governments"unique
amongst EU countries in having the sort of difficulties, to put
it mildly, that we have been experiencing more recently, as we
have in the past?
Professor Peers: There have certainly
been scandals in other countries. There was quite a large scandal
in Germany in the last two years about visas which were given
to Ukranians and so on without proper scrutiny, for instance,
so there have certainly been certain types of problems not always
identical to our problems. It is difficult to know, looking at
the issue at EU level, exactly what scandals are going on in different
Member States because of course the interior ministers or the
justice ministers are not too anxious to be showing their dirty
laundry to everyone else at EU level and the British media does
not always pick up the national scandals going on in other Member
States, but certainly there have been scandals of a comparable
nature to the Home Office. I am not sure if there have been quite
as many high profile scandals as we have had in the UK. Another
thing to keep in mind is that I am fairly sure we are unique in
having a single Home Office rather than the separate ministries
of the ministry of the interior and the ministry of justice. Certainly
Canada and the United States and other countries based on the
common law have split up their departments as well into several
different parts. I do not think they ever had anything that would
compare to the Home Office.
Q261 David Winnick: Some may say
it is part of the British way of life to have the Home Office
scandals coming out from time to time. To pursue again what Mr
Russell said, if it is trueand we have not had any official
confirmation, as I understand itthat the recommendation
from the Home Secretary to the Prime Minister and the Cabinet
is that there should be a split along the lines which have been
widely reported, do you really have much confidence that such
a split would deal with some of the problems that Mr Reid and
his predecessors over a number of years have faced? It is not
going to be some sort of panacea is it, by any means?
Professor Peers: No, a split will
certainly not abolish the possibility of serious scandals in what
is now the Home Office. I am not absolutely certain that it will
reduce it. I think it might. It has the capacity to reduce it.
At least each of these two individual departments would be more
manageable than the one large department but you still have a
risk where the two individual departments should be cooperating.
If you go back to one of last year's scandals, which was the failure
to keep track of people who should be deported from prisons, that
was a failure to keep track of information within one large department.
Under the Home Secretary's proposals, we would have one department
dealing with prisons and the other dealing with immigration, so
what might happen then is that you would get the information lost
between the two departments. It might be lost under either model.
But at least you would hope that each of the two departments within
themselves would be more coherent than they are as part of one
gigantic, single department.
Q262 David Winnick: It is sometimes
said that because home secretaries change so oftenagain
under successive governments: they, perhaps, on average, last
two years or lessis that the same for interior or justice
ministers in other European Union countries? In other words, no
one stays as a political head long enough to get a real grip on
the situation in the leadership of the Home Office.
Professor Peers: The answer is
that home secretaries or their equivalents, ministers of the interior
and justice, as far as I am aware do tend to stay for a little
bit longer. That is perhaps because you have a number of coalition
governments in the other Member States in which the particular
hosts are negotiated between parties. Germany is a particular
example where you always have a coalition government and a crucial
factor is the negotiation of which parties get which posts and
then senior people from those parties tend to hold the posts and
you do not have the ease that we have here of the Prime Minister
removing people from post and shuffling them around and so on
because that would violate the coalition agreement and the coalition
government would collapse. If only for that reason, home secretaries
and their equivalents tend, as far as I am aware, to stay in office
for a longer period. That is due more to the political system
of those states, perhaps, than due to the nature of scandals and
Q263 Mr Benyon: Could I return us
to the remit of this inquiry and ask about the pilot project that
has been set up between the countries France, Germany, Spain and
Belgium. It was mentioned by the Prime Minister last week that
the Government here is looking very carefully at how this pilot
project is working. Could I ask you first, Professor Peers, what
your assessment of the pilot project on the interconnection of
criminal records is and whether you detect that there are any
plans to roll out the project to other Member States? If so, should
the UK be part of that?
Professor Peers: I am not familiar
with the details of the implementation of that project. I suspect
that if the perception is that it is successful, this is something
that perhaps the form of the EU proposal on criminal records will
now start to take. It might be restructured and rethought to take
the form that, rather than follow the Commission's proposal, we
are now going to extend this pilot project to other Member States
if it turns out to be correct that this is working efficiently
and effectively from the point of view of the law enforcement
services. But, of course, we should also consider whether it is
working effectively from a civil liberties perspective; whether
or not, for instance, rules on rehabilitation of offenders are
still being observed within a cross-border context, for instance,
and how often the wrong person with the same name, for instance,
is being identified as having committed a criminal offence in
another Member State. You still have to be aware of that perspective,
whether it is working well from that point of view.
Q264 Mr Benyon: Great emphasis has
been placed on the interoperability of diverse EU databases. There
seems to be a problem within the pilot project of this scheme
whereby a crime may not be a crime in an individual's own state.
If, for example, an individual commits a crime in France which
is not a crime back where he comes from in Germany, the Germans
will not enter than on its database, and there may be further
manifestations of that, if, for example, we were to enter it.
We may have a different approach to that particular crime and
the reporting system could be an almost impossible one to create
such a database. What happens if a number of systems become inoperable?
What rules would apply? Are there adequate safeguards within that?
Mr Thompson: On the broad point
about the pilot projectand this takes me back to my opening
remarksthese are operational matters which are the responsibility
of the Home Office. It would just not be appropriate for me to
comment on them.
Ms Lewis: I could say a few words,
if it would be helpful, about the data protection rules that would
seem to be relevant when we are looking at EU data systems becoming
interoperable. As Peter said, we are not familiar with that particular
pilot project at the moment but, in general, the sorts of complications
that we would expect in those circumstances would be if the systems
being brought together or the information that was being pooled
originally had different bespoke data protection rules attached
to it. This might give rise to technical issues. For example,
if you had information originally from database A coming into
this interoperable system that would normally be deleted after
just three years and then you had information coming from database
B that could be retained for, say, six years, there would need
to be some way of rationalising those differences. Generally,
it would seem sensible to go with the highest standard of data
protection but that would need to be looked at on a case-by-case
Mr Smith: There is a framework
decision under discussion within the European Union on the exchange
of criminal records. Our understanding is that this is making
rather slow progress. It may be that is linked in some way with
the Data Protection Framework Decision. The idea of having a framework
decision on data protection is that you put in, if you like, data
protection measures across the board under which all these other
information sharing initiatives can operate, including criminal
records, without having to re-address the data protection questions
each time a new initiative is developed. That is why we are very
supportive of the framework decision. The DCA representatives
are quite right, there are some real difficulties in bringing
together information from different sources together in a common
database. As a general rule, where you are talking about sharing,
and sharing of criminal records here, we would prefer linkages
between systems rather than the setting up of a new central database,
if that makes sense. Setting up a new database brings real problems
as to how you interpret the information to common standards. If
you are interrogating a French database, you know it is French
information, they are French categories of crime and so on. There
are some difficult areas. In the earlier evidence session, Chairman,
reference was made to murder and that murder is always a terrible
crime. What is murder in the UK may not be murder in some countries
which allow euthanasia. It is illustrative of how easy it is to
think you can compare things which appear to be the same but in
fact are not. The cross-border comparison of DNA gives us particular
difficulties because I think there are very different approaches
in Member States to this issue. As you probably know, the DNA
are retained in the UK of anybody not only who has been convicted
but of anybody who has been arrested for a possible offence; whereas
in Germany, for example, DNA are only taken where serious crimes
are involved. The use that is made of DNA is very different. I
do not know whether you are familiar with the concept of familial
searching, where if the police find a DNA sample at a scene of
crime and they try to match it against the DNA database and they
do not find an exact match, they can look for close matches because
those close matches might be members of the blood line of the
criminal. I am not familiar with German law, but when I talk to
my data protection colleagues they say that sort of approach is
unthinkable in Germany. It would be too much of an invasion of
the privacy of family members who are not themselves suspects.
That is not the view we have taken in the UK. We have taken what
we would consider a more measured view, of saying, "This
is appropriate but only for serious crime and only where you can
reasonably narrow down the number of suspects." To say, if
you like, that German information on DNA is then available in
the UK and could be used for familial searching I think raises
all sorts of difficulties. Some of these things sound very encouraging
in theory but there are a lot of practical problems of trying
to get different approaches to work across borders.
Q265 Mrs Dean: I understand the issue
about operational matters, but, if the UK might be getting involved
in the pilot project, are DCA going to be consulted on possible
data protection issues?
Mr Thompson: Certainly. We have
a very close working relationship with the Home Office and that
broad schema I set out roughly divides how the department might
lead on an issue and another may support. The important point
is that we have this very close working relationship and the Home
Office will discuss with us any particular data protection policy
Q266 Mrs Dean: Have you been consulted
up to now?
Mr Thompson: I am not aware.
Ms Lewis: I am not aware of any
approach but I am not sure where the Home Office is in terms of
looking at and proposing that the UK signs up to this sort of
Q267 Mr Benyon: I would like to turn
to the European Index of Offenders. Professor Peers, in the light
of information that was revealed to this Committee a week or so
ago, the Home Secretary has announced a review of databases carrying
details of criminal convictions as well as the way in which information
is shared and exchanged between the EU countries and non EU states.
Do you see added value in a European database of offenders?
Professor Peers: If you have a
single database it would probably be much easier to search that
individual database than searching the national databases of all
the individual Member States. Even if that were permissible, it
would be difficult to do. You would probably have to do it by
a series of separate searches and it would be technically difficult,
perhaps, to have a single search of them. Setting up the single
database would be easier but then you have some serious problems
with that, not only the problems I identified before of potential
confusion of identity for people with similar names and so on
but also the question as to whether or not we should be taking
into account a criminal conviction for something in another country
which either would not be criminal in the UK or would be considered
as spent in the UK by now if it had happened here or for which
we would perhaps have acquitted even if it were a criminal offence.
Similarly, the same questions arise in regard to all the other
Member States. That fundamentally is the problem: the purpose
for which that data is going to be used and the complications
that arise from the inevitable differences in criminal justice
systems of the Member State as well as the data protection concerns.
Q268 Mr Benyon: Mr Smith and DCA,
you may feel you have already answered this, but the possibility
of an index would seem a good idea in the light of the systematic
failings that were exposed last week. Are there any other data
protection issues you feel it raises and under what conditions
would you feel that an index would be worth supporting?
Mr Smith: I think I have covered
some of the points, Chairman. I am not entirely sure what is meant
here. An index suggests, if you like, that it may simply be a
name and identifying information which is held centrally.
Q269 Mr Benyon: Our understanding
is that it is simply a name and that if further information is
required there is an agreement that they can then go to the nation
state and get full details of the criminal record held in that
country. That is my understanding.
Mr Smith: I do not see any intrinsic
data protection problems in going down that route. That is a preferable
route from a data protection point of view to a central database
which contains all the conviction information. I am not sure if
I can add greatly to what Professor Peers has said about the difficulties
of ensuring identities are correct. There are challenges there.
But, no, it is not an insuperable problem.
Ms Lewis: I think we would agree
with the comments made by ICO. It would certainly seem to be safer
to have that index of names, rather than having a whole host of
information, including some personal data that sits behind it.
The issues we would be interested to consider from a data protection
point of view would be those that would be attached to any large
electronic database. There would be issues such as access. How
could you control access to that database? How could you restrict
the use to which the information in it was put? Obviously that
is less of a concern if it is just somebody's name, but there
are also things like: How long would you keep the data? How long
would you keep the names that were entered into the database for?
How could you make sure it was deleted after the proper amount
of time? In line with comments people have already made, it would
seem to be a useful step forward if it would promote better, more
effective, safer data sharing and improve law enforcement cooperation
between EU Member States.
Mr Smith: In practical terms,
Chairman, it may make sense to limit it, at least to start with,
to some categories of serious offences. That very much limits
the number of records and the scope of the task that is taken
on and this is really the crux of the problem. We really do have
difficulty with things like shoplifting convictions which were
incurred 30 years ago being available. We have problems with them
being available in the UK, if you like, let alone being available
Q270 Gwyn Prosser: There will always
be a tension between the law enforcers who want to have increased
data sharing and the guardians of data protection who want restrictions.
Has there ever been a balanced impact study comparing the advantages
of one with the risks of the other?
Ms Lewis: It is a very important
question. Perhaps I might relate my answer to the Data Protection
Framework Decision, which is the area that was the core part of
my work. We held a comprehensive stakeholder consultation process
where we contacted all of our stakeholders: the people it would
have a direct impact on, such as the police, the agencies, the
prosecutors, the customs authorities. We sat down with those people
over a series of days for several hours and worked through the
proposal line by line, article by article, looking at the implications
for their business and the kind of data sharing they needed to
be able to carry out in order to fulfil their statutory functions.
As part of that consultation process we also involved the ICO,
which is one of our very important stakeholders, in order to represent
the views of the data subject. We also contacted academics and
we contacted rights agencies, such as Justice and Liberty, and
sought views from those people as well, to try to achieve the
balanced view that you have mentioned about the operational side,
where people need to be able to share data to fulfil their functions
properly and effectively but also to make sure that the views
of the data subject are represented and to make sure that we balanced
the needs of the end-users with effective data protection.
Q271 Gwyn Prosser: Do you think we
have the balance right in present legislation with regards to
the subject we are discussing this morning?
Ms Lewis: In terms of the Data
Protection Act, which is the UK national legislation, I think
the balance is right. In terms of the Data Protection Framework
Decision it is much harder to answer that, because, as has already
been mentioned, it is essentially a moving target. The UK would
negotiate to make sure the final version of that text had appropriate
data protection safeguards in it, but what we have at the moment
is probably not what we would end up with, so it is harder for
me to answer that.
Q272 Gwyn Prosser: Given that many
third pillar information systems have their own data protection
regimes, do you think there is a need to have a more general data
protection measure built into the third pillar?
Ms Lewis: I think there is. In
the third pillar this would be the Data Protection Framework Decision.
That sets an overarching minimum standard of data protection.
I think we still need to have the flexibility to add in extra
bespoke, specific data protection measures in other instruments.
For example, if instruments deal with very specialised types of
data or if they are for a very precise and narrow purpose, it
would seem sensible to build those extra provisions into the individual
instruments instead of trying to have an enormous minimum standard
that tried to cover every single eventuality. We would expect
the Data Protection Framework Decision to add value by avoiding
working groups from reinventing the wheel every time data protection
was discussed. If we have a sensible, more detailed minimum standard
to which people can refer, then we would not need to start negotiating
more basic data protection provisions in third pillar dossiers.
I think the freedom needs to be there for those extra, more precise
data protection safeguards to be built in if they are needed.
If you do not mind, I will ask Harriet if there is anything she
would like to add.
Ms Nowell-Smith: I suppose we
could just note for the Committee that there are some minimum
standards already throughout the EU in the form of European Convention
on Human Rights and also the Council of Europe Convention 108
which has provided some protection in this area since 1981. We
do understand from the European Commission that all Member States
have in fact implemented the Data Protection Directive outside
the first pillar. That is something that we did in the UK. We
only had a duty as a matter of European law to implement the directive
in the first pillar areas of life; we chose to implement across
the piece and to cover police information handling as well, as
a policy matter, and we have learned that all of the other Member
States have done something similar. We do not know exactly what
provisions they have, though, in the third pillar, and, as Belinda
said, the Data Protection Framework Decision would harmonise provisions
in this area.
Mr Smith: I wonder if I might
add something on that point. The Data Protection Framework Decision
and the data protection measures in the other areas like Europol
and Eurojust are essentially forms of regulation. We are the UK
regulator. I think we are very keen to keep in mind the purpose
of the regulation. It is a form of regulation to protect the rights
of individuals. We are keen that the regulation is, as far as
possible, clear, simple and consistent, so that police forces
and others who have to follow it know what they have to do and
so that individuals who want to exercise their rights, whether
it is access to data or to get data corrected, can do it simply
and easily. When you have a proliferation of different measuresdifferent
ones applying to Europol, different ones to Eurojust, a framework
decision, a first pillar instrumentit becomes extremely
complicated. That is one of the reasons why we favour a framework
decision for the third pillar, to give one overall standard which
is hopefully clear, simple and easy to follow. It is also why
we favour, as far as possible, that the framework decision in
the third pillar is comparable to the Data Protection Directive
which already exists in the first pillar. One of our concerns
is that, as negotiations are going on on the framework decision,
in some areas it is drifting further away and there is a risk
we will lose that harmony.
Q273 Gwyn Prosser: For my partand
it is no criticism of the witnessesI do not find the discussion
we have had this morning at all easy to follow, but I will have
a look at the transcript later on. We have had this quite long
discussion about the complexities and even the niceties of data
protection versus enforcement versus data sharing. Given the massive
increase in the risk of terrorist attack and the incidents we
have seen in the United States and more recently in London, have
we got the liberty and the luxury to discuss these matters in
such detail? Should we not just be concentrating on bringing the
criminals and the terrorists to book?
Mr Smith: In simple terms, no,
but I understand the point you are making. We are protecting a
whole range of different rights. There is the right to the protection
of your life but there is also, under the Convention of Human
Rights, the right to the protection of your private life. There
is no doubt that, in some areas, in the interests of preventing
terrorism we have to give up some aspects of protection of our
private life and our privacy. We see that all the time. I saw
it coming into the building today when I was searched. That is
understandable but we do not have to give it up completely. There
is a balance to be struck. I understand your comment that this
is a very complex areaand I am sorry. I find it complex
Q274 David Winnick: He is being the
devil's advocate. He does not really believe that.
Mr Smith: Maybe I could start
with where we were in the first pillar and why we introduced the
Data Protection Directive in the first pillar. The Data Protection
Directive in the first pillar was not just introduced to protect
privacy; it was introduced as part of developing the single market
in the European Union to enable the flow of personal information,
if you like, without borders around the European Union by saying,
"We have common data protection standards, so no one can
put up data protection barriers to the flow of information."
Essentially, it is the same thing we are trying to do in the third
pillar, saying, "Yes, you are absolutely right, we need to
exchange more information to prevent terrorism and other criminal
activities, but data protection does not stop. What it does ensure
is that that is done in a way which respects individuals' rights."
If I have a right of access to my data, that does not stop the
prevention of terrorism but it is important that I preserve that
Gwyn Prosser: I agree. Thank you.
Q275 Martin Salter: I would like
to follow up with some questions on the Data Protection Framework
Decision. David, you referred to the problem of the definition
of a crime in one country or another. For example, Austria does
not recognise Holocaust denial.
Mr Smith: Yes.
Q276 Martin Salter: Euthanasia, as
you have said, has different interpretations.
Mr Smith: Tax as well. Some things
are taxation matters and not criminal offences in some member
Q277 Martin Salter: That is right.
In parts of America, as I understand it, tax is seen as a crime
in itself! Does the Data Protection Framework Decision make any
provision for offences which are not crimes in both states?
Ms Lewis: I do not believe it
does. The Data Protection Framework Decision is about data that
is used in conjunction with prevention, investigation, detection
or prosecution of criminal offences. In the UK, if something was
not a criminal offence I am not sure that the Data Protection
Framework Decision would apply.
Ms Nowell-Smith: That is correct.
There is not yet an EU definition of crime. You can look to the
jurisprudence of the Strasbourg Court under the European Convention
of Human Rights and that has some guidelines about what areas
of life one should expect certain kinds of trials and certain
kinds of legal proceedings to follow, but there is no EU definition
Q278 Martin Salter: Why does the
EU need to define crime? Surely crime is defined by what is a
crime as determined by the parliament in the sovereign state.
Ms Nowell-Smith: That is the basis
on which the framework decision operates. It does not attempt
to define crime.
Q279 Martin Salter: Why does it need
to define crime? Surely one could establish a framework whereby,
for crime A, which might not be a crime in France, the data could
still be shared because it would be of use to people wishing to
monitor potential criminal activity in another Member State. There
does not need to be an EU definition of crime, does there, beyond
what is determined as a crime in individual countries?
Ms Lewis: I think that is right.
I think we would agree with that. As Harriet mentioned, the Data
Protection Framework Decision is not driving at trying to have
a definition or list of things that are commonly recognised criminal
offences. If we were in a situation where perhaps the UK was asked
for personal data which related to a criminal offence in another
EU Member State which was not recognised as a criminal offence
in the UK, that would seem to fall outside of the scope of the
Data Protection Framework Decision and I think it would be judged
on a case-by-case basis. Whether it was the UK police or UK customs
or whoever in the UK was approached about that, they would need
to consider, given the circumstances of the request, whether or
not it would seem appropriate for the UK to cooperate. As far
as I am aware, there is not any obligation on the UK to cooperate
with requests like that.