Examination of Witnesses (Questions 140-154)|
Mr Peter Thompson and Ms Harriet Nowell-Smith
25 OCTOBER 2006
Q140 Lord Dubs: So what rule will
prevail, if the Framework Decision is adopted, for the data that
are not covered by SIS II?
Ms Nowell-Smith: The Framework Decision.
Chairman: I think you have just shot
Baroness Henig: I think I know the answer
to my question! That is, the SIS II instrument will prevail wherever
there are differences
Lord Corbett of Castle Vale: You are
giving the answer before we ask the question!
Q141 Baroness Henig: I will ask the
question, because the SIS II Decision does not provide for a right
to information, whereas the Framework Decision does. The Framework
Decision allows for the blocking of data and marking of data,
whereas the SIS II Decision does not. I am assumingbut
you will tell me if I am wrongthat the SIS II instrument
will prevail in these cases.
Mr Thompson: For once I can actually depart
from this typescript! In fact, there is a right of information
set out in the SIS II instrument, where the national legislation
permits it. That right does exist in the UK, and it is Articles
50 and 52.
Baroness Henig: So this is an area of
Q142 Viscount Ullswater: Could I
ask a supplementary? How does one exercise the right?
Mr Thompson: Off the top of my head, I am not
Ms Nowell-Smith: In the UK, do you mean?
Q143 Viscount Ullswater: Yes, for
the information held on SIS II. How do you exercise the right?
Ms Nowell-Smith: The data subject would write
to the police body. The SIS II instrument has not yet come into
force in UK law, so I do not know if there will be a central point
of contact or if it will be diffused. The Home Office could, I
am sure, tell you better than I could. However, the legal instrument
provides that the access is in accordance with domestic law. The
current position in domestic law under the Data Protection Act
is that data subjects can ask data controllers and receive their
subject access rights that way, and it is enforced by the Information
Q144 Lord Avebury: In the document
to which I referred earlier, that is the document where the Council
of the European Union asks the Multidisciplinary Group to consider
certain changes in the Data Protection Framework Decision, there
is a question about the deletion of Articles 19 and 20 of the
original proposal, which imposes an obligation on Member States
to ensure that data subjects would be informed of the fact that
data was being processed about them. Are you saying that the deletion
of these clauses is happening and that they will be replaced by
an article which leaves this to the legislation in individual
Mr Thompson: Perhaps I could ask Harriet to
take that question, if only because she is much closer to the
detail of the DPFD negotiations than I am. I think that she could
give you a fuller answer.
Ms Nowell-Smith: Again, there is not too much
we can say about the current state of the negotiations, because
they are regarded as confidential by the Commission and the position
of other Member States is something that I cannot really comment
on. The UK's position is that we provide access rights to data
subjects in this area under domestic law. We are content for it
to happen in the Data Protection Framework Decision. You might
also like to note that the articles you referred to distinguish
between data that is collected from data subjects and data that
is collected from third parties, which is an important distinction
to keep in mind in those sections. The basic principle that there
should be a right of access in Article 21 of the Data Protection
Framework Decision I believe is not referred to in that communication.
I do not have it with me today.
Q145 Lord Avebury: That is correct.
Ms Nowell-Smith: It is the provision that provides
right of access to data that is held about people. The articles
you are discussing, Articles 19 and 20, are about the different
circumstances in which the police, for example, have to notify
people that they do hold data. Sometimes it is obvious that the
police hold your data. If you have been interviewed by someone
in uniform at a crime scene, you will know that they have your
data. Sometimes, if there is a covert surveillance going on, hopefully
you will not know that the police have your data! So the notification
rules are complicated, but the basic right of access, to be able
to ask the police whether or not they have your data and to show
it to you, is something that is in Article 21, and I believe that
is not in question in the communication to which you have referred.
Lord Avebury: That is very helpful.
Q146 Chairman: I should have said earlier
that you will be sent a transcript of this meeting in due course.
When you look at the transcript, not only to make sure that you
are correctly recorded but if it occurs to you that there are
things that you should follow up in writing to us, that would
be very welcome.
Mr Thompson: Of course, yes. We will try and
do that as quickly as possible, because I know that you are making
good progress on this.
Q147 Lord Dubs: The SIS II Decision
and the Framework Decision both emphasise the importance of judicial
remedies as regards data protection. At present, British courts
cannot make references to the Court of Justice under Third Pillar
matters because the Government have not opted in to the Court's
jurisdiction. Is that something the Government are planning to
Mr Thompson: You will appreciate this is a government
position beyond the sole responsibilities of the Department for
Constitutional Affairs, but it is certainly true that the Government
keep under constant review this question about EC jurisdiction
and the Third Pillar. At the moment, we have no plans to change
our current position. From memory, there are 14 Member States
who have decided to come under the jurisdiction of the ECJ and
the Third Pillar. We are not one of them. From memory, I think
it is Ireland, Denmark, and probably the eight accession countries
comprise the others.
Q148 Lord Corbett of Castle Vale:
Are the Government content with the progress of negotiations on
the Data Protection Framework Decision?
Mr Thompson: We have always supported rapid
progress on the DPFD. From memory, it came out at the tail end
of our presidency; so we were not able to do much with it. We
supported progress during the Austrian presidency, and we have
certainly supported the efforts that the current Finnish presidency
has made to up the pace on negotiations. My understanding is that
the Finnish presidency hopes to conclude the DPFD by December
of this year. If that is not possible, we would hope that the
German presidency, which follows them, would similarly give this
Q149 Lord Avebury: I am wondering
whether you can say anything about the legal status of the Multidisciplinary
Group on Organised Crime. What was the legislative instrument
under which it was set up? Is it really satisfactory that the
Council should delegate responsibility for progress on the DPFD
to a body whose members are anonymous and where we do not know
if it contains any experts on data protection?
Mr Thompson: On the first point, I am afraid
that offhand I do not know its legal basis. It is very much a
Home Office lead. My understanding is that the Multidisciplinary
Group is merely throwing its comments into the ring, if you like.
The main body conducting discussions on the DPFD is the Council
working group, with representatives from all the Member States,
and that is the body of which we, the Department for Constitutional
Affairswho, after all, are responsible for data protection
in the UKmeet with our colleagues, our opposite numbers,
and that is where the main negotiations take place. I do not know
if you have anything to add, Harriet?
Ms Nowell-Smith: We do attend the MDG. I do
not know the legal basis on which it was set up.
Mr Thompson: If it is helpful, we can either
speak to the Home Office or ourselves write back to you and clear
Chairman: That would be very helpful.
Q150 Lord Avebury: Do you know whether
it contains any experts on data protection?
Ms Nowell-Smith: I feel I can assure you that
it does. The UK delegation is represented by the Department for
Constitutional Affairs, so we are the ones who attend these working
groups. That is because it is primarily a data protection instrument.
Many countries also send data protection experts. If they send
crime experts, they are crime experts with an expertise in data
protection, as far as I am aware.
Mr Thompson: Can I record that I have made a
mistake there? It slipped my mind that in this particular case
the Council working group I referred to is of course the Multidisciplinary
Working Group. That is confusion on my part, and I would like
to correct that for the record, if possible.
Q151 Lord Corbett of Castle Vale:
Would the adoption of the SIS II Decision or the Framework Decision
entail any amendments to the UK's national data protection laws?
Mr Thompson: Implementation of SIS II is for
the Home Office. I know that they are considering this matter
at the moment, although they have not reached a decision. My understanding
is they are looking for a solution which is practical; something
one can do quickly and which is, clearly, legal. I just do not
know beyond that.
Q152 Earl Listowel: If I may, I would
like to ask a question about the Schengen evaluation team. This
came up in our first evidence from the Home Office. I think that
there is some scepticism about the effectiveness of that team.
Can you reassure us that this is in fact well resourced? That,
for instance, if it has concerns about new accession countries,
they have the resources to address them? Do they report back?
Is there clarity to the public about those reports?
Mr Thompson: I do not think there is much I
can add, in the sense that I have not heard any concerns that
they are either under-resourced or not doing a proper job. You
are right that there is this Schengen evaluation team, made up
of representatives from Member States. Before anyone can join
the Schengen Information System, they make an assessment as to
whether or not that particular Member State's systems are sufficiently
good. I have not heard any concerns, but I cannot really go beyond
Q153 Earl of Caithness: May I ask
a question about how some of this will work in practice? What
are the implications for our police and judicial services when
they are collecting data, when they have to determine whether
it will be used solely within the UK, or whether it will be used
within the Framework Decision, or whether it will be used within
SIS II and hawked round the EU and other countries outside? How
will poor Mr Policeman, when he collects the data, determine that
and the way in which he takes the data? Because the way he collects
it and the way he handles it will have implications, depending
where it finally ends up.
Mr Thompson: I am not sure there is anything
by way of real detail I can say that is useful here. Our department's
interests are in the appropriate data protection rules that apply
to the database as a whole. What we do not have responsibility
for is how we implement it and how the police will. I just do
not have that kind of information at hand. What I do know is that
the main components of SIS data, for example, will tend to be
people who are wanted for some reason. An obvious example might
be that there is a European arrest warrant against them. That
would be an obvious trigger as to why you would put something
on SIS. People who are missing and people who are under surveillancemy
understanding is that is very much the bulk of people who might
actually be on SIS. I do not know whether there is any extra detail
you are aware of, Harriet?
Ms Nowell-Smith: It is easier to think of it
in a staged way. Therefore, when you are collecting detail and
you are a policeman just doing your normal job, you would be applying
the Data Protection Act already. When you decide to enter information
on to SIS II, at that point you have to think about the rules
in SIS II. Most of the rules in SIS II, though, would be about
the length of time for which you keep data. That kind of rule
I would not expect to be applied by each policeman putting data
into SIS II. It would be managed by the national body that maintains
the database. So that part you would address only when you were
entering information on to SIS II. We do provide a high level
of data protection in the police and judicial areas already, so
there is less risk for the UK than for some other Member States
of having divergent levels of data protection for different types
of data. Obviously we want a simple system that everyone can understand
and work with.
Q154 Chairman: Thank you both very much
indeed. You have been very helpful and we are most grateful to
you for answering as you did. I remind you that we would very
much welcome any subsequent written comments, if you think that
those are required when you look at the transcript. I think that
now, in a seamless way, we will change witnesses. You are both
very welcome to stay if you want to.
Mr Thompson: Thank you very much. Once we have
seen the transcript, we will certainly bear in mind whether or
not we need to get back to you and clarify matters.