Examination of Witnesses (Questions 120-139)|
Mr Peter Thompson and Ms Harriet Nowell-Smith
25 OCTOBER 2006
Q120 Chairman: Incidentally, if there
are any legal postscripts you want to make to Peter Thompson's
evidence, you are of course very welcome to give them.
Ms Nowell-Smith: Thank you.
Q121 Baroness Bonham-Carter of Yarnbury:
I want to clarify one thing. You said the central database and
the national database have all the same material. Is that right?
Mr Thompson: Yes.
Q122 Baroness Bonham-Carter of Yarnbury:
As non-members of Schengen we cannot access the immigration data,
though we can the police data. How does that work practically,
if all the information is on our national database that is on
the central one?
Mr Thompson: The straightforward answer is that
that is a level of operational knowledge I just do not have. If
it would help, I am sure that I could ask Home Office colleagues
to write in and give you a sense of that. I do not want to stray
into areas about which I cannot say anything particularly knowledgeable.
Q123 Viscount Ullswater: Perhaps
we should get down a little more to the specifics. SIS II proposals
introduce the possibility of processing a new category of data,
which is the biometric data. Do the provisions on biometric data
provide sufficient protection for inaccuracy and misidentification
following this one-to-many search, as highlighted by the EDPS
opinion on the proposal? What is your view on that particular
Mr Thompson: Our view is that, in one sense,
what we are waiting for here is the Commission report. Set out
in the decision is an agreement that the Commission will come
forward with a report which is an assessment on the reliability
of the biometric technology, and indeed the state of readiness
of the various Member States. That report itself will be subject
to discussion in the Council and agreement by Council members,
and also consultation with the European Parliament. I am not trying
to duck your question at all. There is a sense in which we will
get a chance to have a cold and rigorous look at those issues
via that Commission report. It is envisaged, as I understand it,
that biometric data will be very much used in conjunction with
other data to verify. Used properly, one can see biometrics as
a means of reducing misidentification. So, for example, in a large,
EU-wide database, it must be quite possible that there will be
people on that database with the same name. However, the idea
that they will be on the database with the same name and, say,
the same fingerprint, I imagineand I am no expert in these
mattersmust be nil. I think that biometrics, properly used,
can help with the quality of identification.
Q124 Viscount Ullswater: Surely that
is the one-to-one search? To try and identify the person with
the same name is a one-to-one search, whereas a one-to-many is
when you flick the data into the huge database and see how many
matches you might get. That is the one-to-many, is it not?
Mr Thompson: My understanding is that, certainly
in the first instance, the one-to-one, as you call itor
the hit/no-hitis very much what is envisaged for the SIS
database. The Commission will be reporting on issues such as:
is the technology there, and are the Member States in an efficient
place where they can all sensibly and accurately add the data?
However, this report will also discuss in detail the various problems
associated with the kind of search you have been talking about.
That is when Member States can take a decision, and come to a
rigorous decision, about whether or not the sort of issue you
are raising is adequately covered. I appreciate that I am slightly
pushing my answer to a kind of "We'll know at a later date",
but I think that is the best guarantor we have here.
Q125 Lord Avebury: What you say is
really alarming, because it will be possible for a law enforcement
officer in a Member State to have a fingerprint, to enter that
fingerprint into the system and to compare it with millions of
other fingerprints. This is the kind of search which Viscount
Ullswater has referred to, where error rates of up to two per
cent have been found in other studies. Whatever the Commission
may say, therefore, we are anxiousor, at least, I think
that some of us areabout inaccurate false positives being
thrown up by the system, and the degree of protection which is
built in to safeguard against somebody being wrongfully accused
or even arrested on the basis of the biometric comparison at that
Mr Thompson: I hope that I did not give that
impression. What I was trying to suggest is that my understanding
of this data based on the use of biometricsand, again,
Home Office colleagues may be able to be more knowledgeable on
this than meis that a decision has simply not yet been
taken about whether to use biometric data in that way. A decision
will not be taken until Member States have had the Commission's
report, can air exactly the sorts of concerns you are raising,
and feel satisfied on the accuracy of the data, that the safeguards
are appropriate, and so on. We are not anywhere near that position
yet. By simply agreeing the SIS II Decision, it does not automatically
take us down that road.
Q126 Baroness Bonham-Carter of Yarnbury:
Picking up on that, as regards the decisions on collection and
storage of biometric data, are the Government concerned by the
absence of harmonised provisions? What are the main points of
conflict between data protection and the collection and use of
Mr Thompson: The first part of my answer I will
keep fairly brief, because there is a sense in which the answer
to part of your question is again the Commission reportand
that is something we will be looking atand whether or not
the Commission recommend harmonised provisions or, as may be more
likely, minimum standards. One clearly needs to feel secure that,
given that data is being inputted into the system from all Member
States via these national databases, the quality of the data being
put in is good. Also, one of the things that gives us comfort
here is that there is an agreement in the decision that there
will be special quality checksI think that is the phrase
usedwhich addresses that point too. On the conflict point,
I do not think that the Government see it in terms of conflict,
in the sense that data protection applies just as much to biometric
data as it does to other kinds of data. So it is not that they
are in conflict. What we want is an arrangement where we feel
that the data protection rules which apply to biometric data give
us the kind of comfort and security we want. It is not about conflict;
it is about compliance here, I think.
Q127 Lord Avebury: Can you tell us
about the question of transfer of data to non-EU states? The draft
Data Protection Framework Decision allows that, whilst the SIS
II Decision bars the transfer except to Interpol. Which rule will
prevail if the Framework Decision is adopted? When you are answering
that, can I also refer you to document 12924/06, which is a communication
from the Council of the European Union to the Multidisciplinary
Group on Organised Crime, in which they are saying that the adequacy
proposals should be dropped from Articles 15.4 and 16, and it
will be for each Member State to decide, where there is no bilateral
treaty with a third state, whether the data protection of that
state is adequate. We are therefore shooting at a moving target
here, are we not? When we ask whether you think that the Data
Protection Framework Decision should be the one that prevails,
you have to make an assessment of which particular variant of
the Data Protection Framework Decision will ultimately be adopted.
Mr Thompson: If it were that the Data Protection
Framework Decision prevailed, that would be so; but my understanding
is very much that SIS II rules apply in addition to DPFD rules
and that SIS II rules, in the example you have cited, would prevail.
Ms Nowell-Smith: I could say a bit more about
that, if you like. The way SIS II is drafted it provides higher
standards of data protection because it is dealing with a very
specific type of data, in a particular database. The DPFD covers
all manner of data and is therefore a more flexible instrument.
The relationship between the DPFD and SIS II is treated in two
places in the draft texts. SIS II says that all data must be processed
in accordance with Convention 108. The DPFD then says that in
SIS II, wherever you have a reference to Convention 108the
1981 Conventionall references to Convention 108 will be
replaced by the DPFD. However, many of the rules in SIS II are
not just based on Convention 108; the rule about sharing with
Interpol, for example, is in addition to Convention 108. The time
limits for keeping datathis three-year ruleare in
addition to Convention 108. So while the DPFD will slot in, if
you like, at the level of the Convention 108 protection, that
would leave in place all the additional protections that are in
Q128 Lord Avebury: Are you satisfied
that the reference of all these questions about the Data Protection
Framework Decision to the Multidisciplinary Group on Organised
Crime is a good way of dealing with the amendment of that document,
and that it will not have any effect on the data protection system
that applies to SIS II?
Ms Nowell-Smith: We are satisfied with that,
partly because it is already expressed on the SIS II instrument
the places in which the DPFD will come in to replace Convention
108. So the discussion about the level of protection that should
be in SIS II, this higher level of protection, has already been
had and is on the face of the SIS II document. No matter what
the DPFD comes out with as a minimum standard, it will not be
below Convention 108; it will be slotted in at that level and
the specific protections will remain in place in SIS II.
Mr Thompson: From memory, the Council reached
a common position on SIS II at the Justice and Home Affairs Council
in October. The discussions within the Council have therefore
finished. I think that the European Parliament vote on it this
week. If they agree and there is a so-called "first reading
deal", in effect the SIS II instrument is agreed.
Q129 Lord Corbett of Castle Vale:
Can we just stay with Interpol for a moment, please? Will the
Framework Decision be applied to evaluate whether Interpol and
its members offer adequate protection to personal data?
Mr Thompson: The basic point I would want to
make here, before going into some of the detail, is that no data
will be shared by Interpol with a third country that does not
have adequate data protection standards. They are not just going
to spray it around to anyone. In addition, there is an agreement
to be reached with Interpol, which from memory is Article 48AA
and Annex 4, which sets out the basic principles of what an agreement
with Interpol should be. I can quote it to you. These are quite
tight requirements. "Ensure the security of the storage of
transfer data"; "Mechanism for real-time update";
"Regulate the use of SIS II alerts by Interpol", et
cetera. While that agreement has yet to be finalised, we are quite
confident that SIS data that is shared by Interpol will be used
properly. They are actually stricter rules and would take precedence
over the rules that currently exist in the draft DPFD.
Q130 Earl Listowel: May I ask you
about the access by security services? The Council's latest draft
allows security agencies to have access to SIS II data and to
input alerts concerning surveillance into SIS II. Is it acceptable
that they will, as the latest draft provides, be exempt from the
Data Protection Framework Decision?
Mr Thompson: The first thing I would say here
is that anyone entering data or accessing data contained in SIS
II will be bound by the requirements in the instrument. As to
the DPFD, I am sorry, here I can be less forthcoming. That is
because discussions are pretty live and this issue is a pretty
live discussion. It is not at all clear yet in the Council working
group, let alone when it goes to ministers, as to how the security
service will be treated. I realise that is not a terribly useful
answer, but I am not sure I can really go beyond that at this
Q131 Earl of Caithness: I want to
come back and spend a little more time looking at the difference
between SIS II and the Data Protection Framework Decision, because
that Decision allows sensitive data to be processed in certain
cases whereas the SIS II Decision does not. Which rule will apply
if the Framework Decision is adopted?
Mr Thompson: Pretty much the rule I mentioned
before. As a general rule, SIS II rules prevail. In this case
again, SIS II is adding additional data protection rules over
and above what is in the DPFD. So in the particular case you cite,
SIS II rules prevail.
Q132 Earl of Caithness: Are you happy
that they should in this instance?
Mr Thompson: Yes, we think that is quite appropriate.
SIS II is not a closed database, if you like, because data comes
in and out; it is entered. However, it is a very specific database,
used for defined purposes, and we think that the rules set out
in the instrument as a whole are appropriate.
Q133 Earl of Caithness: If that is
going to be the case, why is there such a difference between the
Framework Decision and SIS II, if SIS II is going to end up ruling
Mr Thompson: SIS II only works in relation to
SIS II data. What the Framework Decision is trying to do is give
a set of broad rules, if you like, right across the Third Pillarwhich
have been lacking. It is trying to bring general coherence and
to stop Third Pillar instruments always reinventing the wheel
in terms of data protection rules. It provides this minimum standard,
this "floor" if you like, and the SIS II instrumentwhich,
as I say, is quite a specific, contained database for a specific
purposeshappens to have additional rules. I think that
the difference is because they are trying to do different things.
I do not know if there is anything you would want to add, Harriet,
to illustrate that point?
Ms Nowell-Smith: The list of types of data that
you can put into SIS II is defined in the instrument and it is
very narrow. There is no need to put sensitive personal data in
there. It is not relevant to any of the listed categories, and
it should not be in the SIS II database. The Data Protection Framework
Decision covers all data processed in the context of police and
judicial co-operation. For example, information about a witness
or a victim, if a victim has suffered physical injury due to an
assault, that would be relevant data to be shared across borders
in the context of co-operation in the police or the judicial sphere.
If a British person is harmed in France and the authorities want
to share that datait could be information about their religion,
if it was a hate crime, or it could be information about their
physical healthall that sensitive personal data is highly
relevant to police and judicial co-operation and needs to be treated
in the Data Protection Framework Decision, because obviously you
need that kind of data for the purpose of police and judicial
Q134 Lord Avebury: Does not that
raise a question in your minds that, if the rules in SIS II always
trump the Data Protection Framework Decision with regard to SIS
II, we are aiming at inadequate standards for the Third Pillar
as a whole?
Mr Thompson: No, I do not think so. I think
it is more a recognition of the fact, as Harriet has said, that
because this is trying to provide an overview of the Third Pillar,
and the range of data and the uses to which it would be put are
so varied, it is inevitable that the Data Protection Framework
Decision is a morefor want of a better wordsubtle
instrument: one that has to cope with more variation. It is just
the nature of these two things. One is trying to provide a very
general application; the other is a very specific instance.
Q135 Lord Dubs: Is that therefore
your answer to my question as well? My question is about the time
limits for storage of personal data. SIS II is quite precise;
the Framework Decision is rather vague on this.
Mr Thompson: I am afraid this is where I get
into broken-record territory. Yes, SIS II rules in this particular
example do prevail.
Q136 Lord Dubs: I do not want to
put words into your mouth, but you justify it by saying that the
Framework Decision covers a wider range of things which are not
so precise and do not need to be so precise?
Mr Thompson: It is not that they do not need
to be so precise. I think that that level of precision in the
wide range of cases that the DPFD covers is not practical. I think
that is the distinction.
Q137 Lord Dubs: What you are saying
applies to all personal data then, other than the bits covered
by SIS II? I can see why in general terms there may be instances
where the Framework Decision is appropriately wider or vaguer
than SIS II, but I do not see why that should apply to something
as clear-cut as time limits for storage of personal data. It seems
to me that is a fundamental safeguard.
Mr Thompson: One of the reasons why time limits
in the DPFD are longer than the three years in SIS II is for audit
purposes. There are cases of people who have taken action where
their data has been five years old, so there is a real point about
audit in terms of data storage. Of course there must be a point
at which time limits are very relevant, but the point is surely
that the data is stored, treated properly, regardless of whether
that data is kept for period-of-time "x" or period-of-time
Q138 Lord Dubs: May I move on? It
seems to me that also there is a difference between the SIS II
and the Data Protection Framework Decision as regards the further
data processing that is permitted by the SIS II Decision. Will
that prevail if the Framework Decision is adopted?
Mr Thompson: Again, in terms of further processing,
in this case the SIS II rules apply to SIS II data.
Q139 Chairman: I am sorry, could you
Mr Thompson: The SIS II rules prevail here again.
They are the rules that apply to the SIS II data.