Select Committee on European Union Fortieth Report


VISA INFORMATION SYSTEM (VIS) — ACCESS FOR CONSULTATION (15142/05)

Letter from the Chairman to Tony McNulty MP, Minister of State, Home Office

  Sub-Committee F (Home Affairs) of the House of Lords Committee on the European Union examined this draft Decision giving access to VIS to Member States' authorities responsible for internal security, and to Europol, at a meeting on 25 January.

  The Committee has considered this proposal alongside the Commission's Communication on the interoperability of EU databases (Document 15122/05) on which I have written to you separately. We will be examining further developments regarding the interoperability of EU databases once the Commission has completed its impact assessment and will subject to careful scrutiny any legislative proposals that might follow. In the meantime, could you explain whether the Decision giving law enforcement authorities access to VIS takes into account the plans on interoperability?

  We are very concerned about the implications of this measure on the privacy rights of a potentially high number of visa applicants—indeed we understand that the VIS system is estimated to be able to contain, as of 2007, the data concerning about 20 million visa applications annually. While we acknowledge that general and specific safeguards are built into this proposal—ie prohibition of routine access, decentralised access, subjection to third pillar data protection framework decision, etc—we believe that these need to be carefully assessed. We understand that an assessment is currently being made by the European Data Protection Supervisor, who is due to issue an opinion shortly. We hope that you will be seeking the views of the Information Commissioner on this proposal, and would be grateful if they could be copied to us.

  Progress on this proposal is closely linked to progress on the VIS Regulation itself. The UK Government does not participate in the VIS Regulation but we understand that some form of participation would be achieved under a separate agreement. We would welcome information on the state of play regarding this agreement. In addition, it would be helpful to know what kind of VIS database records the UK would be seeking to access under this agreement, and whether there is any likelihood that a similar agreement may be negotiated on access to immigration data in the Schengen Information System.

  The Committee has decided to keep this document under scrutiny pending receipt of the information requested and progress reports on negotiations.

26 January 2006

Letter from Tony McNulty MP to the Chairman

  Thank you for your letter of 26 January in which you raised a number of questions from the Committee about this proposal.

  The Committee asked whether this decision takes into account plans on interoperability, as set out in the Commission's recent Communication on the subject. The Commission's Communication is an initial, brief discussion document of potential areas for future action in the development of EU databases. It is not at this stage clear which, if any, of the suggestions in the Communication will become future legislative proposals. But there is a clear read across between the Communication and the VIS Council Decision. The Communication addresses the issue of access to EU databases, including VIS, by authorities responsible for internal security and notes that "in relation to the objective of combating terrorism and crime, the Council now identifies the absence of access by internal security authorities to VIS data as a shortcoming". The VIS Decision will address this shortcoming.

  The Committee also asked for an update on the state of play regarding an agreement enabling the UK to access VIS; for information on the records that the UK would be seeking to access under this agreement; and whether a similar agreement might be negotiated on access to immigration data in the Schengen Information System.

  In addition to supporting the EU's common visa policy, VIS will also facilitate application of the "Dublin II" Regulation (EC No 343/2003), as under the terms of the latter, issuance of a visa can be a key factor in deciding which Member State is responsible for any subsequent asylum claim lodged in the territory of the Member States. The UK does not participate in the VIS Regulation. But the Commission has acknowledged that as the UK is an equal participant in Dublin II, we should have the right to consult the VIS for this purpose and has proposed that a separate legal instrument be brought forward in order to allow us to do so. We have been discussing this issue with the Commission, but still await clarity on when they intend to table this proposal and what form it will take.

  In terms of access to VIS records, we would expect to have access to the same information as the other Member States for Dublin II purposes. The VIS Regulation will specify the VIS information that can be accessed by asylum authorities. As we do not participate in the VIS Regulation, we will have little influence over what information this will be.

  As with the VIS, the draft Regulation for the establishment of the second generation of the Schengen Information System (SIS II) enables Member States to access SIS II for asylum purposes. Unlike with VIS however, it has not been agreed that the UK should have access to SIS II data for this purpose. Our initial view is that this position is inconsistent with the position on UK access to the VIS and we are pursuing the matter further.

  Finally, I can confirm that we have asked for the views of the Information Commissioner on this proposal.

20 February 2006

Letter from Tony McNulty MP to the Chairman

  Further to your letter of 26 January, I am writing to provide you with a copy of the Information Commissioner's views on the above proposal.

  The Information Commissioner has welcomed a number of aspects of the proposal, such as the inclusion of a data protection supervisory regime, but has also set out a number of concerns, the majority of which relate to the participation of those Member States to which the VIS Regulation does not apply.

  We are grateful for the views of the Information Commissioner, and will take his concerns into account during negotiations on this proposal.

2 March 2006

Annex A

INFORMATION COMMISSIONER'S VIEWS ON THE COMMISSION PROPOSAL FOR A COUNCIL DECISION CONCERNING ACCESS TO THE VISA INFORMATION SYSTEM BY EUROPOL AND THE AUTHORITIES OF EU MEMBER STATES THAT ARE RESPONSIBLE FOR INTERNAL SECURITY (COM(2005)600)

INTRODUCTION

  The Information Commissioner, as the UK's independent data protection supervisory body established under the Data Protection Act 1998 (and as designated under s 81 of the Crime (International Cooperation) Act 2003) is pleased to provide his reaction to the above proposal. Any proposal which involves a substantial amount of personal information obtained in one context being disclosed to and used by unassociated third parties for different purposes does engage data protection concerns. The current proposals, whilst incorporating some welcome safeguards do raise a number of questions.

GENERAL OBSERVATIONS

  At a general level the proposal involves extending access to a collection of personal information collected with a specific context in mind, namely immigration control, to other parties for use in a different context. The Commissioner has already highlighted his concerns about the potential for "function creep" in relation to databases of personal information envisaged in the UK, such as with the National Identity Register under the Identity Cards Bill. Whilst the arguments for wider access may be superficially attractive any wider access should only be provided on the basis that there is a clear and pressing need for this new use/wider access. Any extension of access to information does run data protection compliance risks, in particular whether information which is quite adequate for its original purpose is of the appropriate quality/accuracy for the new purpose for which it is being deployed. Care needs to be taken to ensure that the arguments in favour of wider access are pressing, cannot be achieved by other means and the personal data in question are adequate for the new purpose.

  There are a number of aspects of the proposal that are welcome including:

    —  Inclusion of a data protection supervisory regime including keeping records of transactions for inspection.

    —  Prohibiting general access and restricting the types of crime that may permit a search to be made.

    —  Openness about the national points of access and limiting these to single points per Member State.

    —  Restricting further onward transfers.

  However, there are a number of specific areas of concern or ambiguity in the proposal, particularly in respect of the UK's participation as a Member State to which the VIS Regulation does not apply. These specific concerns are set out below.

SPECIFIC COMMENTS

  Article 4:  The designation of a single point for non VIS regulation Member States should also be considered to ensure that there is still proper control over requests emanating from authorities in those Member States.

  Article 5:  The requirement that access should only be granted "in a specific case" is welcome. The clarification of what is likely to be a specific case is essential in case the term could be interpreted too generously and more systematic access provided. It is not clear whether there would be any circumstances other than those defined. If there are no additional ones to those that are envisaged then the consultation should be limited to the specific circumstances particularised within the article. The article requires there to be "reasonable grounds" to consider that consultation of VIS data will "contribute" to crime prevention etc purposes. This does not seem a particularly restrictive test and alternative more restrictive approaches, perhaps based upon the test of likelihood of prejudice to crime detection etc if consultation does not take place or of "significant contribution" would be preferable.

  It is not clear whether all the information listed at Article 5.2 should be available for searching. It is not clear how well defined "purpose for travel" would be to enable it to be searched. Similarly it is not clear whether photographic images will be useful as a primary search criterion in practice, given the possible limitations of matching photographic images. These items should be moved to Article 5.3.

  Article 6:  This article should make clear the Framework Decision on Data Protection in the Third Pillar also applies to the processing of personal data by those authorities of the Member States to which the VIS Regulation does not apply to avoid any doubt about this matter. Given that the UK is one such Member State, there should be no room left for possible ambiguity and different levels of data protection safeguards occurring.

  Article 8:  This article establishes the framework of data protection supervision. However it is not clear how the national supervisory authorities and the European Data Protection Supervisor will cooperate together and coordinate their activities. Given that it will be important to examine data flows to make sure that information is used for the purposes it is sought, there will need to be close cooperation between national supervisory authorities/EDPS that may require coordinated action. The lack of a coordination procedure is a deficiency that needs rectifying. This could be achieved by following either the model of the 3rd Pillar joint supervisory authorities or that established under the "1st Pillar VIS" regime.

  The position of the UK national supervisory authority regime needs clarification. It is not clear whether the UK authorities as non VIS participant Member State authorities, will be covered by the inspection and monitoring regime. There should be no lessening of the regime ensuring that access is only for permitted purposes even though that access may not be provided on a direct access basis. The Commissioner would expect to be the UK's national supervisory authority. Given the limitations in the DPA 98 in respect of his inspection powers he would expect that these are extended in respect of VIS monitoring activities in the same way that they have for Europol, SIS, and CIS under s.81 of the Crime (International Cooperation) Act 2003.

  Article 10: The requirement to keep certain records for data protection monitoring purposes should extend to a requirement for those non VIS participant Member State authorities to keep a record of accesses etc. Whilst access may not be direct, it is important that a mechanism is in place for the UK authorities to account for why they requested details from others in order to ensure that there is a fully auditable process in these indirect access arrangements.

Letter from the Chairman to Tony McNulty MP

  Thank you for your letter of 2 March in which you provide us with a copy of the Information Commissioner's views on the above proposal. Sub-Committee F (Home Affairs) of the House of Lords Committee on the European Union examined this proposal again at a meeting on 29 March.

  We are grateful for the views of the Information Commissioner. In the meantime we have also obtained the Opinion of the European Data Protection Supervisor (EDPS) on this proposal. Both data protection authorities underline the crucial importance of granting access to authorities in charge of internal security and Europol only on a case by case basis and under strict safeguards. They suggest a few amendments to the text which would make the safeguards more stringent and close potential data protection loopholes. The Committee supports these amendments and is glad to hear that you will take these concerns into account during negotiations on the proposal. We would be grateful if in due course you could provide us with a progress report on negotiations.

  We would also like to receive information in reply to the queries in our letter of 26 January. We asked (i) whether the impact of law enforcement access to VIS had been assessed in the light of plans on interoperability of European databases; and (ii) whether negotiations were under way for a separate agreement to allow the UK some participation in the VIS Regulation, and the terms of such an agreement. These questions were not addressed in your letter of 2 March.

  The Committee will continue to keep this document under scrutiny pending receipt of further information and progress reports on negotiations.

29 March 2006

Letter from the Chairman to Tony McNulty MP

  You wrote to us on 20 February 2006 in answer to the questions the Committee had about his proposal. Due to an oversight, this letter was not considered on 29 March when Sub-Committee F (Home Affairs) of the House of Lords Committee on the European Union examined this proposal again in the light of the views of the Information Commissioner, which you had kindly forwarded on 2 March. We apologise for this, and are grateful that your letter of 20 February fully deals with all the points we had raised.

  The Committee will continue to keep this document under scrutiny pending a report on the progress of negotiations.

4 May 2006




 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2007