Documents considered by the Committee on 27 February 2019 Contents

11Interoperable EU information systems for security, border control and migration management

Committee’s assessment

Legally and politically important

Committee’s decision

Cleared from scrutiny; drawn to the attention of the Home Affairs Committee and the Justice Committee

Document details

(a) Proposal for a Regulation establishing a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration)

(b) Proposal for a Regulation establishing a framework for interoperability between EU information systems (borders and visas)

Legal base

(a) Articles 16(2), 74, 78(2)(e), 79(2)(c), 82(1)(d), 85(1), 87(2)(a) and 88(2) TFEU, ordinary legislative procedure, QMV

(b) Articles 16(2), 74, 77(2)(a), (b), (d) and (e) TFEU, ordinary legislative procedure, QMV

Department

Home Office

Document Numbers

(a) (39366), 15729/17 + ADDs 1–3, COM(17) 794

(b) (39368), 15119/17 + ADDs 1–3, COM(17) 793

Summary and Committee’s conclusions

11.1These Regulations, proposed in December 2017, are intended to close the information gaps and “blind spots” which hinder effective cross-border security cooperation by making existing and planned new EU information systems in the field of migration, border control and security interoperable so that information on cross-border security threats and irregular migration can be shared more rapidly. The Government has decided to participate in the first proposed Regulation on the interoperability of EU asylum and law enforcement information systems,67 document (a), which covers two existing EU information systems in which the UK takes part (the Eurodac asylum database and the police cooperation parts of the Schengen Information System—”SIS II”) and one new EU information system on which negotiations have recently concluded (the European Criminal Records Information System for Third Country Nationals—ECRIS-TCN).

11.2The second proposed Regulation on the interoperability of EU border control and visa information systems, document (b), covers existing or proposed new EU information systems in which the UK is unable to participate as they are based on parts of the Schengen rule book dealing with border control and visas which do not apply to the UK. These are the border control provisions of SIS II, the Visa Information System (VIS), the EU Entry/Exit System (EES) and the European Travel Information and Authorisation System (ETIAS).

11.3The proposed Regulations would establish a framework for interoperability based on four key elements:

11.4Our earlier Reports listed at the end of this chapter provide a detailed overview of the proposed Regulations, the concerns we have raised and the Government’s position.

11.5The Commission anticipates that it may take until the end of 2023 to develop and test all the technical components needed to make EU border, migration and security information systems interoperable.69 The new interoperability framework is therefore unlikely to be up and running before the end of the transition/implementation period envisaged in the draft EU/UK Withdrawal Agreement. The Government nonetheless supports the aims of the proposed Regulations which it says should “prevent incorrect or fragmented data amongst JHA [justice and home affairs] databases and improve their efficiency and usage by law enforcement”. It considers that the UK’s participation in document (a) should “maximise the benefits to the UK from access to these databases”, even though it is not yet clear whether the UK will retain access to EU databases post-exit.70

11.6The Council agreed a general approach on the proposed Regulations in June 2018 (the UK abstained), paving the way for trilogue negotiations with the European Parliament. Responding to our concern that the provisions in the proposed Regulations on cooperation with third (non-EU) countries were highly restrictive,71 the Minister for Policing and the Fire Service (Rt Hon. Nick Hurd MP) told us that the UK had repeatedly raised this issue in negotiations and advocated the inclusion of provisions similar to those contained in the Eurojust Regulation on the sharing of “operational personal data”.72

11.7In his letter of 28 November 2018, the Minister conceded that the trilogue process was unlikely to deliver the changes sought by the Government, noting that there was “no appetite to lift the absolute bar on sharing with third countries” and that “any ongoing access to the interoperability components or the underlying systems [would] form part of our negotiations for our future relationship”. Whilst indicating that there would be “no specific operational impact” if the UK were unable to access the interoperability system, he recognised that loss of access to the underlying EU information systems in the event of a “no deal” exit would harm security cooperation between the EU and the UK “in terms of the quality and quantity of information sharing” and reduce data flows in both directions.

11.8A Council press release issued on 5 February 2019 announced that the Council and European Parliament had reached a provisional agreement on both proposed Regulations. The European Commission has greeted the compromise deal as delivering on “a quintessential piece of our security infrastructure”, providing frontline police and border guards with the tools they need to protect EU citizens. According to the European Commissioner for the Security Union (Sir Julian King), the new interoperability framework “is not about creating one big database or collecting more data but using existing information in a smarter and more targeted way to help law enforcement do their job, all while fully respecting fundamental rights”.73

11.9In his letter of 12 February 2019, the Minister says that the trilogue negotiations have resulted in an erosion of the operational benefits originally envisaged by the High Level Expert Group set up in 2016 to advise the European Commission on the interoperability and interconnection of information systems and data management for border management and security.74 He highlights police access as a particular concern:

This was a key part of the value of the system to the UK. The trilogue negotiations have added additional conditionality and restrictions on how and when police use the system to identify individuals and for investigative purposes. For example, in the Council text, the cascade system was to be removed, allowing police to quickly and efficiently check Eurodac in the course of their investigations. This system has been retained in the text resulting from trilogue negotiations.75

11.10The Minister nonetheless accepts that the interoperability framework that has emerged from the trilogue process will retain some of the “core functionality” originally envisaged by the High Level Expert Group and the European Commission:

It will still link together data in ECRIS-TCN, Eurodac and SIS II. It will also provide a single search portal to check these systems and some Europol databases. It should provide asylum officials [with] a greater dataset when checking the identity of asylum seekers.

11.11He anticipates that both Regulations will be formally adopted during the current legislative term, ahead of the European Parliament elections in May, and sets out the next steps:

I understand that the Presidency will seek political agreement on both texts first at COREPER on 13th February followed by Council approval at the JHA [Justice and Home Affairs] Council in March or April depending on the time needed for lawyer linguist revisions. In parallel the EP’s LIBE [Civil Liberties] committee will vote on either the 18th or 19th of February, and the plenary vote will likely be scheduled for April with adoption as soon as possible thereafter. I understand that most other Member States will also support this text.

11.12Whilst acknowledging the political imperative for the swift adoption of both Regulations, the Minister underlines the importance of the legislation being effective. As the final compromise texts do not meet the Government’s expectations and, he suggests, will be of “significantly less value to Member States than the original ambitions”, the UK will abstain when the Regulations are brought to a vote in Council. The Government intends to make a statement setting out its aspiration for “further work to regain some of the ambition in future legislation in this area”.

Our Conclusions

11.13We note the Government’s concern that the compromise reached by the Council and the European Parliament would erode some of the operational benefits which interoperable information systems are intended to bring, not least speed of access to data held in some of these systems, and its intention to place on record its disappointment at the lack of ambition in the final agreed texts. We understand the Government’s reasons for deciding to abstain when the Regulation in which it has chosen to participate—document (a)—is brought to the Council for a vote.

11.14As there is no prospect of securing further changes, we clear both Regulations from scrutiny. In doing so, we note that no ground has been given to the UK in its efforts to secure more favourable provisions on third country access to personal data obtained through the new interoperability framework. As we have indicated in our earlier Reports, this does not bode well for future EU/UK security cooperation if the UK leaves the EU without a withdrawal agreement or if there is a gap between any post-exit transition period ending and a new agreement on data sharing in the criminal justice and law enforcement field taking effect. We draw this chapter to the attention of the Home Affairs Committee and the Justice Committee.

Full details of the documents

(a) Proposal for a Regulation establishing a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration): (39366), 15729/17 + ADDs 1–3, COM(17) 794; (b) Proposal for a Regulation establishing a framework for interoperability between EU information systems (borders and visas) and amending Council Decision 2004/512/EC, Regulation (EC) No 767/2008, Council Decision 2008/633/JHA, Regulation (EU) 2016/399 and Regulation (EU) 2017/2226: (39368), 15119/17 + ADDs 1–3, COM(17) 793.

Background

11.15The proposed Regulations encompass six centralised EU information systems, of which three (Eurodac, SIS II and VIS) are already operational and three are under development (the EES, ETIAS and ECRIS-TCN). With the exception of SIS II, the remaining five information systems are “exclusively focussed on third country nationals”, meaning that post-exit, they will include the data of British citizens.76 A new EU Agency—eu-LISA—was set up in 2012 to oversee the operational management of large scale justice and home affairs information systems and will be responsible for making the systems interoperable.77 Each system has its own founding instrument which contains detailed rules on the information that can be stored in each database, the purposes for which it may be used, and data protection requirements. Currently, the systems cannot communicate with one another through the exchange of data or sharing of information unless their founding instruments allow them to do so.

11.16The table shows which of the existing or recently agreed EU information systems are open to UK participation.

Information system

Schengen or non-Schengen

UK position

Visa Information System “VIS”

Schengen

UK excluded

Schengen Information System “SIS II “(border control component)

Schengen

UK excluded

Schengen Information System “SIS II” (police cooperation)

Schengen

UK participates

EU Entry/Exit System “EES”

Schengen

UK excluded

European Travel Information and Authorisation System “ETIAS”

Schengen

UK excluded

Eurodac

Non-Schengen

UK participates

European Criminal Records and Information System—extension to third country nationals “ECRIS-TCN”

Non-Schengen

UK participates

Previous Committee Reports

Forty-seventh Report HC 301–xlvi (2017–19), chapter 2 (5 December 2018), Forty-fourth Report HC 301–xliii (2017–19), chapter 9 (14 November 2018), Thirty-eighth Report HC 301–xxxvii (2017–19), chapter 22 (12 September 2018), Thirty-fifth Report HC 301–xxxiv (2017–19), chapter 5 (11 July 2019) and Sixteenth Report HC 301–xvi (2017–19), chapter 9 (28 February 2018).


67 See the letter of 30 May 2018 from the Minister for Policing and the Fire Service (Rt Hon. Nick Hurd) informing the Chair of the European Scrutiny Committee of the Government’s decision.

68 This service would not apply to the European Travel Information and Authorisation System—ETIAS—as it will not contain biometric data.

69 See the timeframe set out on p.96 of the Commission’s legislative financial statement attached to document (a).

70 See the Written Ministerial Statement issued by the Minister for Policing and the Fire Service (Mr Nick Hurd) on 5 June 2018.

71 Article 48 of the original Commission proposals provides: “Personal data stored in or accessed by the interoperability components shall not be transferred or made available to any third country, to any international organisation or to any private party […]”.

72 See the Minister’s letter of 28 August 2018 and letter of 18 October 2018 to the Chair of the European Scrutiny Committee.

73 See the press release issued by the European Commission on 5 February 2019 and fact sheet.

74 The High Level Experts’ final report was published in May 2017.

75 The cascade system means that police authorities would first have to exhaust other means of establishing identity before being able to query information held in Eurodac.

76 See p.5 of the Commission’s explanatory memorandum on document (a).

77 See Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, as amended by Regulation (EU) No 603/2013 establishing Eurodac..




Published: 5 March 2019