Select Committee on European Union Twenty-Third Report



9. JUSTICE drew our attention to informal exchanges of data which take place among the police forces of the Member States, and the bilateral agreements on data exchange which already exist across many internal frontiers of the EU. Ms Madeline Colvin, Legal Policy Director of JUSTICE, said that the databases "have to be seen within the context of an increasingly informal system that is unlikely to go away because the databases are in existence". In her view, there was a danger in focusing on the databases, which have "relatively strong supervision, certainly on the face of their Conventions, and more than the informal systems" (Q 61).

10. In their memorandum, JUSTICE gave an interesting case study of cross-channel liaison work, in 1995, between the French customs service and the European Liaison Unit (ELU) of the Kent County Constabulary. Following the request from the French customs' officials for information on a vehicle suspected of carrying drugs, the ELU carried out checks on four national UK databases:

  • Driver and Vehicle Licensing Centre
  • Criminal Records Office
  • Police National Computer
  • National Criminal Intelligence Service Drug Registry

The Hounslow drug squad and local intelligence officer was also consulted.

11. Following a further request from the two French authorities, for information about two credit cards, a further check was made with the Kent Constabulary Central Intelligence Bureau. Kent Constabulary then also contacted HM Customs and Excise at Dover, and further contacts were made between:

  • Customs and Excise and the Hounslow drug squad
  • The French authorities and HM Customs and Excise

12. As JUSTICE point out, this example "begins to indicate the extent of existing police databases in Europe, any one of which might contain information on a given person" (pp 27-28).


13. Ms Colvin, for JUSTICE, raised the question whether there should be some rationalisation of the databases. She considered that the Third Pillar CIS database "could possibly be dealt with within the Schengen Information System", and pointed to other overlaps between Eurodac and the SIS (QQ 61-2). She argued that rationalisation of the databases would not only lead to greater efficiency but would also afford better protection of human rights: "The more there is overlapping information and the same personal data can be found on different databases, the more that this information can be passed informally and the more individuals are lacking the protections that we would say are sufficient" (Q 63).

14. On the other hand, Mr Wells, for HM Customs and Excise, said that the nature of the Customs Information System was rather different from the Schengen Information System. He argued that, "it might be that in very few cases there is some read-across, but the principal purposes of the Schengen Information System are quite different from those of the Customs Information System, and although both might be physically located at a port, I doubt that there would be much inter-relationship between these two systems" (Q 49).


15. JUSTICE drew attention to the Action Plan to Combat Organised Crime, adopted at the JHA Council in April 1997, which recommended that databases such as Europol, Interpol, the Sirene (Supplementary Information requested at the National Entry) bureau of the SIS and the CIS should be brought together at one location in each Member State (p 30). Mr Storr, for the Home Office, said that, in relation to Europol, the Europol Convention actually proscribed links to other information systems. It was possible that the UK's central Sirene, for the SIS, would be located at the National Criminal Intelligence Service (NCIS) "but the co-location would not suggest that there should be any mingling of data. It would simply be a convenient location" (Q 46).


16. JUSTICE pointed out that there is a developing overlap between categories of information held in the different databases. For example, Europol and Schengen will both contain information about illegal immigrants, while Europol and the CIS will both deal with money laundering or drug trafficking. The idea of creating links is therefore attractive from the point of view of operational effectiveness of certain police operations. But, as JUSTICE stated in their memoranda, there are inherent risks to the individual rights. "Where personal data is exchanged between the different European databases it becomes extremely difficult for individuals to exercise their rights of access". The questions of data protection and rights of access to data will be considered further in paragraphs 27-35 below. At this stage, we simply set out the proposals made to us for links between the existing and planned EU databases.

17. On the general question of links between databases, Mr Storr, for the Home Office, sounded a warning note. He said that, in many public and private sector computer systems, failures to deliver what was required were often the result of "over-ambitious expansion at too early a stage". As far as Europol was concerned, he said that the Home Office would reserve their position as regards links with any other information system until not only Europol but also other systems with which links might be proposed had "got up and running and proved their worth" (Q 47).


18. Mr Wells, for HM Customs and Excise, pointed out that CIS1 and CIS3 dealt with quite different information. In relation to the First Pillar, the data covered such matters as import duties, while in relation to the Third Pillar, the data essentially concerned smuggled goods. However, HM Customs and Excise would like there to be links between the two databases, so that it would not be necessary to carry out two investigations in relation to the same business or persons (Q 8).


19. Article 6 (2) of the Europol Convention prohibits the computerised system being linked to other automated processing systems, other than the computerised systems of national units. This is, however, qualified by Article 5 which permits Europol to have access to computerised data held by other bodies, so long as this is provided for in other Conventions (p 70). As Statewatch's memorandum points out, Europol information may still be forwarded by non-computerised means, and rules have been adopted governing exchange of information with third parties[3] (pp 52-3). Proposals are, however, under consideration for links between Europol and other EU and external databases.

20. During the United Kingdom Presidency (January - June 1998), the Home Office put forward a proposal to "begin discussion on what would be involved in providing Europol with access to the CIS" (Q 20). A similar suggestion has been made by the Internal Affairs Committee of the European Parliament (p 36). However, the UK proposal was considered to be premature, before the CIS was in operation. Mr Wells, for HM Customs and Excise, considered the idea to be not dead but dormant (Q 20). According to Justice, discussions are taking place on a protocol to the CIS Convention giving Europol, and other international organisations, rights of access to the CIS database (p 30).


21. The EU's Action Plan on an Area of Freedom, Security and Justice recommends a direct link between Europol and the SIS (p 36). The Schengen Convention does not contain any provision prohibiting links to other databases, but the Europol Convention does. If there was to be any direct exchange of information between the SIS and Europol databases, a formal agreement approved by the Council of Ministers would be needed (pp 7-8). However, there is an overlap between the mandates of Schengen and Europol in regard to the smuggling of illegal immigrants and, according to JUSTICE, "it has been agreed unofficially that data collected within Schengen is passed to Europol for analysis. This is done through the Europol liaison offices in the Hague, who have access to the various relevant databases in their member countries" (p 32).


22. The draft Eurodac Regulation (formerly a draft Convention and Protocol), neither provides for nor prohibits any links with third states or bodies. According to JUSTICE, "in terms of the information held there will be a link with the SIS. Under Article 96 of the Schengen Convention, data on third country nationals to be refused entry may include refused asylum seekers" (p 35). The Home Office stated in their memorandum that "the only overlap (with Eurodac) will be with existing national databases of the fingerprints of asylum seekers/illegal immigrants". Much of the data that Member States will forward to Eurodac will be data that is already collected for domestic purposes (p 4). Statewatch, in their memorandum, argued that it would be "highly objectionable" if the Eurodac database were to be linked to Europol, CIS, SIS or any other database. They pointed out that Eurodac will be established for a very narrow and specific purpose, entirely unrelated to the crime fighting/immigration control purposes of the other EU databases (p 53). Mr Potts, for the Home Office, explained that "there is no way of fingerprint information being infused from any other systems". He said that fingerprint information was put on the system only when a Member State obtained the fingerprints of an asylum applicant, or of someone entering the country irregularly. Data would only be supplied to a Member State "if what they contribute matches with something which someone else has put on" (Q 27).

Links between EU and International databases


23. In the United Kingdom, the central point of contact with both Interpol and Europol is the National Criminal Intelligence Service (NCIS). Mr Storr, for the Home Office, said that this means "we have a co-ordinated approach to the information we both give and get from both organisations". Referring to the SIS as well as Europol, Mr Storr said that there was a "need to ensure that those systems develop in a way which is compatible with Interpol" (Q 22).


24. Mr Edwards, for the Home Office, said that it had always been envisaged that Europol would be able to enter into relations with law enforcement agencies in non-EU countries. Once Europol had established its full range of activities, he expected that agreements with other countries on the sharing of information would be developed (Q 31). Mr Storr said that the G8 and European Union Member States were increasingly looking at the possibilities for co-operation in this field[4] (Q 30).


25. Mr Wells, for HM Customs and Excise, raised the possibility that the World Customs Organisation (WCO) might, in future, have "some sort of access" to the CIS Third Pillar database. However, he said that, at present, there was no direct link between the CIS and any other databases. Where relevant information was obtained from a source outside the EU, it might be entered on the system, but would have to be physically transferred as a conscious decision by one of the Customs authorities of the Member States (Q 20).

26. Statewatch drew attention to a precursor of the CIS, in existence since the early 1990s; the SCENT system ("Systems Customs Enforcement Network"). This is an electronic messaging service used in joint operations. This system, although mostly used for third pillar customs co-operation, is accessible not only to the EU Member States, but also, by telex, to other European countries. The reason for this is that there is overlap between the activities of the EU and WCO in this field. According to Statewatch, "the theoretical legal distinction between first and third pillar intelligence-gathering and operation, EU and WCO, is simply ignored" (p 53).


27. The basic provisions relating to supervision of the databases and data protection arrangements are set out in Table 1. Each of the databases has its own supervisory authority, and different legal instruments governing data protection apply, depending on whether the database is established under the first or third pillar. Thus, the Eurodac database, which is now proposed to be established under a First Pillar measure, will be subject to the provisions of the 1995 EC Directive on Data Protection[5]. For the CIS 1 (First Pillar) database, the provisions of the Data Protection Directive will also apply, but CIS 3 will be subject to a mixture of the provisions of the 1981 Council of Europe Convention and national laws. Europol, which was established by a Third Pillar Convention, is also subject to the Council of Europe Convention. For Schengen, the position is that the Convention itself contains provisions on the use, checking, correction, amendment and deletion of data. However, as the Schengen Information system is likely to be split between the First and Third Pillars of the EU, the same hybrid situation will apply as is currently the case with the two CIS databases (p 36).

28. The main provisions of the 1981 Council of Europe Convention and the 1995 EU Directive are set out in an additional memorandum from the Home Office (pp 22-3). Mr Edwards, for the Home Office, stated that all the Conventions establishing the databases under discussion drew on the basic principles of the Council of Europe Convention. However, they all did so in different ways. He said that Italy had recently proposed that there was a need to look again at the data protection requirements of the various Conventions to see "whether there might not be scope for developing some over-arching data protection regime, and with a view to ensuring that the differences in the Conventions in their provisions regarding safeguards owed themselves to the specific nature of the Conventions and were not simply an inadvertence" (Q 28).

29. Ms Colvin, for JUSTICE, suggested that "the right of subject access to the data and the right to correct the data [are] cornerstones of any data protection regime" (Q 64). JUSTICE's memorandum expressed concern over the lack of consistent data protection provisions between the various Conventions, and the complications arising from the part played by national data protection regimes in, for instance, the SIS and Europol databases (p 36). Ms Colvin argued that "there is a question mark over whether traditional data protection principles can cope with exchanges of data that are now processed in different ways from when the data protection principles were first drafted". The problems were first, finding out on which databases information was held, and secondly, that exemptions from police data made it almost impossible to gain access to sensitive information which might be used in the prevention or detection of crime. In Ms Colvin's view the difficulties which the citizen faced rendered the data protection provisions illusory, and she proposed that compensatory measures were needed. These might include tighter controls on information going on to a system, and a re-examination of the distinction between "hard data" (factual information) and "soft data" (police intelligence information) (QQ 64 - 5).

30. Mr Bunyan, for Statewatch, was concerned that the brief of the supervisory bodies was too narrow and focused exclusively on data protection: "it is not to do with human rights or democratic accountability". He gave the example of information on Europol's database which might have come from a third country and said that "it is difficult to see how … a data protection body is going to be the judge of whether the human rights standards are correct in the country from which the information is coming" (Q 141). Dr Busch, for Statewatch, said that the supervisory body would have to consider first, what was the reason for data being entered onto a system by the originating country, and second, whether it was justified that the information should reach a country which wished to use it. The problem was that "the further away the information goes from the point it is created, the more difficult it is to judge if the information is correct" (Q 141).


31. The Italian proposal (see para 28) for the establishment of a working party on harmonising data protection provisions has been taken up by the Council. This move was welcomed by JUSTICE, who agreed that the "lack of a pan-European set of data protection rules across the third pillar agreements … does need to be tackled" (p 36). JUSTICE also considered that a single data protection authority with enforcement powers and a proper budget was likely to be more effective than the present fragmented arrangements for supervision of the databases. However, this needed to be examined fully, preferably at the same time as proposals for the European data protection authority, to be set up under Article 286 TEC (p 36). Mr Spencer, for JUSTICE, pointed out that this would have the practical advantage that members of national data protection authorities would need to attend only one European body, instead of many separate bodies (Q 91).

32. Mr Bunyan pointed out that the Europol Convention contained data protection provisions, but it did not have a "police complaints authority side". He suggested that, in addition to a mechanism for ensuring the protection of personal data, consideration should be given to a body with responsibility for "complaints about the operation of the whole organisation" (Q 152).

33. Mr Bunyan also suggested that monitoring the work of agencies in the Justice and Home Affairs area should be the responsibility of national parliaments and the European Parliament acting together, and urged that those questions should be debated in the national parliaments and in COSAC (the Conference of European Affairs Committees) (QQ 142-144).


34. The UK's position with regard to Schengen is that it wishes to opt in to those areas that relate to "police and judicial co-operation, including the SIS". The SIS contains information on both persons and objects. There are 5 categories of persons which may be entered onto the SIS:

  • Persons wanted for extradition (Article 95)
  • Persons to be refused entry (i.e. "unwanted aliens") (Article 96)
  • Missing persons or those in need of protection (Article 97)
  • Witnesses or those subject to a criminal judgement or summonses to appear (Article 98)
  • Persons to be kept "under surveillance" or subject to specific checks (Article 99)

Four of these categories relate to police and individual co-operation, and only one (Article 96) to immigration and border controls.

35. JUSTICE have pointed out that the majority of entries on the SIS (703,688 out of 1,223,768) relate to immigration and border controls (entered under Article 96) (p 31). The Home Office states that "information on persons to be refused entry to the Schengen territory …… should be of limited use to the UK, given that we intend to maintain separate frontier controls. We intend to discuss with our partners how best to share information in this area" (p 6). Statewatch commented that "it is essential that the Home Office clarify exactly how such information will be shared, because this would considerably widen the scope of UK participation, and raise in turn particular questions about compatibility of such measures with the Human Rights Act and with Community law" (p 48).


36. JUSTICE's memorandum stated that "the need for consistent judicial supervision of bodies operating at a pan-European level has now become a well-developed issue in relation to the third pillar". Following the Amsterdam Treaty, in their view, judicial supervision of all EU databases has become "even more of a lottery". The three categories into which a database may fall are:-

    (i)  If it is in the First Pillar, it will be subject to the jurisdiction of the Court, with the important proviso that, if its legal base is Article 62 in relation to border controls, it will be subject to the exception of excluding the Court's jurisdiction over any matter relating to the maintenance of law and order.

    (ii)  If it is a Third Pillar Convention already in force (i.e. Europol and CIS 3), the respective protocols continue to apply. The protocols allow Member States to opt-in to preliminary ruling jurisdiction of the Court either from any level of court or only from the final court of appeal. The UK has declined to accept ECJ jurisdiction over these databases.

    (iii)  For future Third Pillar instruments, ECJ jurisdiction will depend on the decision of individual Member States (as in (ii) above). But, in relation to these measures, the Court shall not be entitled to review the validity or proportionality of operations carried out by law enforcement agencies or the exercise of maintaining law and order generally (pp 37-38).

37. JUSTICE pointed out that the exact implications of the exemption in the Treaties for ECJ jurisdiction over law and order matters are unclear. They argue that it is important to clarify what action taken by national law enforcement authorities will fall within the exemption, and whether any activities of bodies such as Europol could fall within the exemptions (p 38). Ms Colvin argued that, while it was perfectly justified to have limitations on ECJ jurisdiction in respect of national policing, more clarity was needed about the effect of these exemptions on police co-operation at EU level (Q 99). Mr Noorlander, for JUSTICE, argued that the different ways in which ECJ jurisdiction could be invoked in respect of the different databases was "not conducive to providing effective oversight". He said that the ECJ should provide consistency, and play a 'standard setting role' taking into account human rights principles (Q 98).

38. JUSTICE's memorandum concluded by referring to the UK's position on Europol and the ECJ as "anomalous". They considered that "its reluctance to accept the Court's jurisdiction over any measure that is inter-governmental, even if only in part, runs counter to its commitment to human rights" (p 38). Mr Storr, for the Home Office, said that the case for bringing Europol within the purview of the ECJ had been "extremely carefully gone into and debated at length", but that the Government were looking, as Europol and the other databases developed, "to ensure that the safeguards we have are good ones and work well" (Q 40).

39. In relation to the two CIS databases, Statewatch argued that the scope of the ECJ's jurisdiction to receive preliminary rulings was likely to be different in respect of CIS 1 and CIS 3, at least if the UK maintained its opposition to ECJ jurisdiction. From an individual's point of view, it might not be clear whether his or her personal information had been placed on the CIS 1 or CIS 3 database. In Statewatch's view, the CIS Convention gave the Government "a particularly good opportunity …… to rethink its opposition to the Court's jurisdiction over preliminary rulings on third pillar measures" (pp 49-50).


40. As these networks are, for the most part, only at the development stage, we were unable to take any direct evidence on the specific security issues which might arise. Given the sensitive nature of the material to be included, it is quite possible that evidence would not have been forthcoming. We had the benefit, however, of a session of evidence from Mr Mark Vernon, a freelance journalist specialising in this area. A brief summary of Mr Vernon's evidence is included here, and his memorandum and oral evidence will be found at pp 65-72.

41. In Mr Vernon's view, "there is no such thing as a 100 per cent foolproof, secure network. It is a question of whether you can make it secure enough . . . . . it is a question of managing the risk associated with the network" (Q 158). The size of a network is not necessarily an indication that it is not secure. Multinational businesses run networks with tens of thousands of terminals attached, and banks doing business over the Internet have tens of thousands of customers. There were risks inherent in scaling up networks to many users. This might bring to light security issues which were not evident in pilot schemes

42. Methods of accessing large banking networks vary. Some banks use the Internet, while others use direct dialling, which is more secure. This is an area where "best practice" has not been settled, and where different banks clearly take different views of the risks involved (Q 159). One method of improving the security of a network is knowing as much as possible about those who will be accessing the network (Q 160). One of the problems in assessing the security of existing networks was that the organisations running them did not want information about security breaches to become public knowledge (Q 175).

43. Comparisons with the security of traditional filing systems are relevant to this area. Proper procedures are needed to prevent wrong information getting into a filing cabinet, and electronic filing systems are no different in this respect (Q 161-63). Data can also be stolen from a conventional filing system - perhaps with greater ease than from a computer database (Q 182). But if a computer system is successfully broken into, it is likely that a lot of information can be obtained very quickly - if you are physically carrying files out of a building it is much more difficult to do that (Q 183).

44. Mr Vernon identified three categories of person likely to pose an external security threat: casual hackers, illicit information brokers and ideologically-driven "cyber-warriors". Analysis was needed to assess the risk of external parties hacking into a network and to assess the provisions made against this (p 65). Internal security threats also needed to be considered. This might imply careful control over the identification of users, training and responsibilities of users, and monitoring time spent online (p 65). Mr Vernon pointed out that computers are successful at controlling hierarchies of access, with different levels of permission to access and/or modify data (Q 166). Hardware also needed to be considered when establishing a very large network, such as the SIS, issues of hardware compatibility and security were important (Q 178). There was common ground among consultants about certain aspects of system design, in particular keeping the server (which runs the system) separate from the computer that stores the information.

45. In creating large cross-border networks, encryption technology is necessary for the safe transmission of data. Mr Vernon noted that discrepancies exist between the theoretical and actual security of encryption technology. However, these discrepancies might, in practice, be less significant than they appeared, as encryption was only one of many security factors (Q 177).

46. Finally, public confidence was important. Mr Vernon noted that public acceptance of new technology took time. Automatic teller machines at banks were an example, where customers had initially been concerned that money could be lost from their accounts. However, as their use became widespread, confidence developed. Public confidence in major IT projects could be damaged if those projects were not thoroughly planned. However, there was no easy answer to building public confidence. "It happens over time" (Q 185).

3   See our Report on Europol: Third Country Rules, HL Paper 135, Session 1997-98 Back

4   Four sets of rules, referred to collectively as the "Third Country Rules", establishing a regulatory framework for operational co-operation between Europol and third (non-EU) States and EU or non-EU bodies have been agreed. They were the subject of our Report, Europol: Third Country Rules (1997-98, HL Paper 135). A draft Council Decision authorising the Director of Europol to enter into negotiations on agreements with third states and non-EU bodies is likely to be adopted before the end of 1999. The draft decision envisages the opening of negotiations with the following non-EU States and bodies: Bulgaria, Canada, Cyprus, Czech Republic, Estonia, Hungary, Iceland, Latvia, Lithuania, Malta, Norway, Poland, Romania, Russian Federation, Slovakia, Slovenia, Switzerland, Turkey, the USA, ICPO-Interpol, UN offices and bodies active in areas falling within Europol's remit, and the World Customs Organisation. Back

5   EC Directive 95/46 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ L 281, 23 November 1995). Back

previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries

© Parliamentary copyright 2000