Data protection
22. Chapter 3 of the Heiligendamm report was
devoted to data protection, and in particular to the decision
of the G6 ministers that "rapid implementation of the availability
principle[18] must not
depend on the adoption of a framework decision on data protection
in the third pillar [DPFD]". This in our view, and the view
of the European Data Protection Supervisor who gave evidence to
us, was contrary to the decision reached by all the Member states
that the two Framework Decisions on the Principle of Availability
and on Data Protection should be negotiated in tandem, and that
the protection of the latter was an essential safeguard against
abuses under the former.
23. According to Ms Ryan, all that the G6 ministers
meant by this was that work on the principle of availability should
not be delayed by negotiations on the DPFD; "nor by the same
token would they want the DPFD to be delayed by work on the Principle
of Availability."
24. As we explained in our previous report, the
Finnish Presidency was committed to taking forward the principle
of availability, but paying particular attention to the data protection
issues before the principle of availability could be applied.
Ms Ryan, and Baroness Ashton of Upholland, the Minister responsible
for data protection, both told us that the Government would support
the Finnish Presidency in taking forward negotiations on the DPFD.[19]
25. Negotiations on the DPFD have indeed been
actively pursued. However most of the changes agreed have been
in the direction of diminishing safeguards for individuals. We
would deplore a situation whereby the DPFD could only be agreed
at the same time as (or before) agreement was reached on the Principle
of Availability by lowering the safeguards available to individuals.
26. We have no information on the state of play
of negotiations over the Framework Decision on the Principle of
Availability, nor does this proposal appear in the German Presidency
programme. It seems that they are seeking to implement the principle
through the Prüm Convention. We await a reply to the Chairman's
letter to Ms Ryan of 22 November 2006.
27. The latest draft of the DPFD was published
on 25 October 2006.[20]
We are keeping this document under scrutiny. The Chairman wrote
on 14 December 2006 to Baroness Ashton to say that the following
provisions cause us particular concern:
- the open-ended conditions which
would permit the processing of data for purposes other than those
for which the original processing took place, contrary to basic
principles of purpose limitation;
- the provision allowing as a general rule, though
subject to conditions, the processing of special categories of
data (race, ethnic origin etc), rather than prohibiting it with
narrowly defined exceptions;
- the lack of common standards and coordinated
decisions on the adequacy of data protection provisions in third
states, which would enable the authorities of those states to
obtain information from the Member State with the lowest legal
requirements for transfers;
- the right of information being dependent on a
request by the data subject.
- At the date of this report we
await Baroness Ashton's reply.
28. The Home Secretary stated in his letter to
the Chairman of 6 June 2006, and Ms Ryan repeated in the Government
response of 18 October 2006, that "all Member States have
domestic data protection regimes for law enforcement and judicial
processing that comply, at a minimum, with the Council of Europe
Convention on the processing of personal data." The latest
draft of the DPFD was published the following week. It seems to
us that some of the provisions to which we have referred would,
if agreed, lower the safeguards for the processing of personal
data to such an extent that they might not comply with the minimum
standards of the Council of Europe Convention.
Conclusions and recommendations
29. We believe that there has been some improvement
in the readiness of the Home Office to publicise the conclusions
of G6 meetings, and we hope that they will do better in future.
We look forward to seeing the conclusions of the next meeting
to be held under Italian chairmanship. But we do not regard the
publication of the conclusions of the meeting on a website, even
if complete, as an adequate substitute for a written ministerial
statement.
30. Where G6 ministers have agreed policies which
they would like to see adopted, they should adhere to the rule
which, according to the Conclusions, they already follow: they
should inform other Member States and the Commission of their
discussions fully and in good time for them to be carefully considered,
before making formal proposals for negotiation by all Member States
in the appropriate EU fora. We expect United Kingdom ministers
to urge this on their G6 colleagues at future meetings.
31. We have expressed the hope that negotiations
on the Data Protection Framework Decision will achieve an overarching
third pillar instrument providing strong safeguards for the protection
of personal data used for law enforcement purposes. We are concerned
that recent negotiations have lessened that protection. We look
forward to hearing from ministers what the Government propose
to do to reverse this.
32. We make this Report to the House for information.
1 40th Report, Session 2005-06, HL Paper 221, referred
to hereafter as the Heiligendamm report. Back
2
Now twenty-one, since the accession of Romania and Bulgaria. Back
3
The first meeting of the G5 (before Poland joined the Group) was
held in France in October 2003. The first meeting in the United
Kingdom was chaired by the Rt Hon David Blunkett MP in Sheffield
in July 2004. Subsequent meetings were held in Italy (Florence),
France (Evian) and Spain (Granada). The meeting of the G6 in Germany
(Heiligendamm) was the first attended by Poland. The first meeting
in 2007 will be under Italian chairmanship. Back
4
Heiligendamm report, Appendix 4, and oral evidence. Back
5
HL Deb 26 October 2006 cols 1285-1286. Back
6
http://press.homeoffice.gov.uk/press-releases/g6-meeting-conclusions?version=1 Back
7
Heiligendamm report, paragraph 13. Back
8
Czech Republic, Hungary, Poland and Slovakia. Back
9
Conclusions of the Stratford-upon-Avon meeting, penultimate paragraph. Back
10
Communication on "The global approach to migration one year
on: A comprehensive European Migration Policy", and Communication
on reinforcing the management of the EU's Southern Maritime Borders. Back
11
See our report Illegal Migrants: proposals for a common EU
returns policy, 32nd Report, Session 2005-06, HL Paper 166. Back
12
Heiligendamm report, paragraph 7. Back
13
The five original Schengen States (Belgium, France, Germany, Netherlands
and Luxembourg), together with Austria and Spain. Back
14
These are the words of the German Presidency's website. Back
15
i.e. the Coordinating Committee of officials set up under Article
36 of the Amsterdam Treaty. Back
16
Paragraph 16. Back
17
Evidence of the Rt Hon Geoff Hoon MP to this Committee, 12 December
2006. Back
18
i.e. the principle that all information available to the law enforcement
agencies of one Member State must automatically be made available
to the agencies of every other Member State. Back
19
Heiligendamm report, paragraphs 53-54. Back
20
Proposal for a Council Framework Decision on the protection of
personal data processed in the framework of police and judicial
cooperation in criminal matters, Council Document 13246/2/06 Rev
2. Back