Previous Section Back to Table of Contents Lords Hansard Home Page

Along with being willing to take risks with our personal information, the Government seem willing potentially to get into a financial muddle. They say they have an estimate: £31 million, including running costs for the first year. They stress, however, that this is just an estimate and that a feasibility study will follow. I suggest that it is normal do a feasibility study beforehand; £31 million is not a trivial sum and, given the history of undercostings and expenditure overruns in the public sector, I fear that the House is entitled to view this figure with considerable scepticism. Can the Minister give more detail which might increase our confidence in the accuracy of this figure and the value for money that it may represent? The Government say that the public benefit deriving from the high cost will be justified. What is the evidence? Illustrations from PrĂ1/4m have been cited as examples but as the noble Lord, Lord Jopling, has noted, it is open to question whether, when the backlog of crimes has been cleared, the “hit” system will make a yield which is nearly so fruitful. Can the Minister give us more detail on the Government’s realistic expectations on the cost-benefit of this measure and the increases in crime detection that are actually likely to occur?

Many of the concerns of the committee, which are shared on these Benches, involve aspects of data protection—the circumstances in which data may be handed over, the uses to which they may be put and

6 Dec 2007 : Column 1915

the protection their storage and retention will be given. In this area there are now an alarming number of loose ends. On these Benches we hope that the Government will in subsequent negotiation pursue these important points and be willing to report further to the House on progress in establishing effective EU-wide rules of a sufficiently high standard. As I have said, the Conservatives welcome much of this agreement but the important questions raised on all sides of the House need to be answered to ensure greater clarity and public confidence, especially at a time when data security is so prominent in the public’s mind. Confidence in this Government’s record in this area is at present low, so I hope the Minister will be able to give some information which will go some way to restoring it.

6.16 pm

The Parliamentary Under-Secretary of State, Home Office (Lord West of Spithead): My Lords, I welcome the opportunity provided by this debate to discuss the two reports. I shall address the points that have been raised in a moment, but first I should like to acknowledge and commend the European Union Committee’s valuable and thorough work in its scrutiny of the European legislation and add my praise for the noble Lord, Lord Wright of Richmond, and his work in leading that committee.

The committee recognises in its report the value of data sharing in the fight against terrorism and serious crime and the benefits delivered both for the United Kingdom and for all the participating member states. The Government are in agreement with the committee on this issue. Criminals do not respect borders, so it is vital that we develop a cross-border capacity to respond to crime. This includes co-operation with our European counterparts as well as those in the United States in sharing data specific to countering terrorism and combating serious crime.

The review that I carried out, which was reported in the Prime Minister’s Statement on security to Parliament on 25 July, also highlighted the importance of enhancing existing co-operation to share more information between police and immigration services and internationally across countries. The first line of defence against terrorism is overseas at other countries’ ports and airports, where people embark on journeys and where terrorist suspects can be identified and stopped before they board planes, ships and so on. The Government have already announced how the Home Secretary will enhance the existing e-borders programme to incorporate all passenger information to help to track and intercept terrorists and criminals. We also set out that, in the identification of potential terrorist suspects, there should be maximum co-operation internationally. Both the EU-US agreement on exchanging passenger name records data and the PrĂ1/4m Council decision are important tools in the fight against terrorism and serious and organised crime. Wherever we take steps to enforce security, there must be proper safeguards in place to protect the individual.

I will address the EU-US agreement and PrĂ1/4m separately. I had hoped to speak for about 20 minutes;

6 Dec 2007 : Column 1916

there are rather a lot of questions but I will try to keep to that. On the EU-US PNR, the Government welcome the fact that a long-term agreement has been reached on the transfer of passenger data to the United States. This agreement recognises the need to balance preventing and combating serious crime and terrorism with providing data protection safeguards for air passengers. The letter from the United States provides the EU with assurances on the way in which the US intends to protect personal data under the agreement. In return, the EU has confirmed that, on the basis of the assurances that it has received, it considers the level of protection of PNR data in the United States to be adequate. There is a mechanism—the periodic review—for the EU to reassure itself that the assurances are being adhered to.

The noble Lord, Lord Wright, went into more detail about this letter. All I would add is that the letter provides the EU with assurances on how the US intends to protect personal data. The agreement is a legal instrument. Paragraph 1 refers to the assurances. The assurances from the US are contained in a statement about how it intends to apply its policies. You cannot really unpick the agreement and the letter; they are a package. The agreed package contains important commitments on how the US will handle PNR in respect of data protection.

The EU-led negotiations on PNR set out in the report were valuable. A copy of the report was given to the Commission and to the United Kingdom’s permanent representation to the European Union, and it was discussed with them. The EU Commission was aware of all the points at the time of the negotiations, which I think was very helpful.

Baroness Ludford: My Lords, I apologise for interrupting the Minister, but could he clarify what he just said? He said that the agreement is legally binding. Does he maintain that the whole package—the agreement plus the letter and the undertakings—is legally binding?

Lord West of Spithead: My Lords, perhaps I may get back in writing to the noble Baroness on that specific point. I am not clear on it myself.

The noble Lord, Lord Wright, also mentioned the view of the Commission and the presidency. The Commission and the presidency, which led the negotiations, were well aware of the views of the European Parliament and the European data protection supervisor. A copy of the Select Committee’s report was given to the Commission. As the Article 29 working party on data protection acknowledged, these were extremely tough negotiations, in which the United States had a strongly held position.

The noble Baroness, Lady Ludford, mentioned the incentive for the US to move to a push system. A push system is obviously much better than a pull system for the reason that she gave. A deadline of 1 January 2008 obliges the DHS to move to a push system for all carriers operating out of the European Union that have implemented a system that complies with the DHS technical requirements.

6 Dec 2007 : Column 1917

Noble Lords mentioned the use of PNR data. The purpose set out in the previous interim agreement was retained in this new agreement. The US receives only that PNR that is necessary to prevent and combat,

for these crimes. The agreement also states that PNR data may be used, where necessary, for the protection of the vital interests of the data subject or other persons, for any criminal judicial proceedings or as otherwise required by law. This use of PNR data is not a new concept; it was mentioned in former undertakings.

I do not have the statistics for the agreement between the EU and the US on what has been achieved by PNR data. I would just cite Project Semaphore, which we have talked about in this House before. For example, on the very small quantity of PNR data that we have gathered on specific routes, we found that, as opposed to the one in 2,200 people whom in the past we were able to do anything about, we are able to get something like one in 12 of those people in whom we believe we have a legitimate interest. That shows the extent to which the data safeguard and enhance the rights of legitimate travellers who do not need to be subject to such detailed scrutiny, while successfully detecting the very small proportion of travellers who are breaking the law.

A number of speakers asked about profiling. By using PNR, we can build up a picture of suspect passengers; it is more their patterns of travel than a profile of the person. This enables us to identify individuals conducting those patterns of travel and to see whether they share common characteristics. That has enabled us to identify people who are more of a risk to us. It can also be used to facilitate legitimate travel and allow us not to have to bother with people who are travelling legitimately.

A number of speakers asked about the retention of data for longer. All I will say on that is that terrorist groups often operate over a long period and the recruitment and training of their personnel may be spaced over several years. It is therefore important that data be retained to allow retrospective analysis of intelligence to identify links between known operatives and others.

The noble Baroness, Lady Harris, asked whether passengers were aware of what personal data were held and under what conditions. The main United Kingdom airlines already provide passengers with information about how their data will be used; the EU and the US work with the aviation industry to publicise PNR systems and to raise awareness among passengers. In terms of redress, the new agreement allows people to seek redress if they think their PNR data are inaccurate or have been used. Passengers can also ask for their PNR data from the Department of Homeland Security under the US Privacy Act and Freedom of Information Act. I cannot talk much more about that on the Floor of the House, but if the noble Baroness would wish, I can write to her, setting out the interface between the US Privacy Act and Freedom of Information Act.

6 Dec 2007 : Column 1918

The noble Baroness, Lady Neville-Jones, asked about a proper mechanism for reviewing the workings of the agreement. The details of how the review will be carried out have yet to be agreed. For the European Union, the review will be undertaken by the Commissioner responsible for justice, freedom and security or by somebody whom he designates.

Finally, there was a question about PNR data elements and their purpose. The data will be received only to the extent to which carriers collect those data as part of their normal business, as they already collect a lot of data under the EU borders scheme. The agreement specifically limits the purposes for which they may be used.

I hope that I have answered all the questions on the PNR side. This particular agreement is a proportionate measure. It provides certainty to air carriers that they may transfer passenger name record data to US authorities in compliance with their data protection obligations. The Department of Homeland Security has made a policy decision to extend administrative Privacy Act protections to non-US citizens. That is an improvement over the previous agreement. Furthermore, as I have already mentioned, greater visibility for notices describing the PNR system will enhance transparency.

Turning now to PrĂ1/4m, the Government expect substantial benefits from this proposal for the work of UK law enforcement authorities. It will offer an enhanced UK law enforcement ability to search across the whole EU to establish matches of crucial forensic evidence in quicker time. This will allow officers to determine whether to pursue or eliminate lines of inquiry. The PrĂ1/4m model returns a hit or no hit on average in 50 seconds, but it can take up to a maximum of 24 hours.

I know that during the course of the committee’s inquiry, in the report which preceded this debate, and in today’s debate, there have been a number of what could be termed “process-related” issues and questions. I want to reiterate that, despite my short time in this post, I am none the less more than aware of the importance of the parliamentary processes and seek to ensure that we work within them.

The Government have endeavoured to keep Parliament informed of events as they have unfolded. The negotiations did move fast, but that is not necessarily a bad thing if it means that we see the benefits in quicker time.

The negotiations did not however bypass the usual requirements. All member states were offered opportunities in the relevant council committee and at the JHA Council to question and propose amendments to the text, and indeed the UK secured three significant changes to meet UK concerns, including concerns raised by the European Union Committee. Specifically, we secured the deletion of the provision on hot pursuit, which was an issue that the committee felt particularly concerned about; we secured a limitation to vehicle registration data to serious crime; and secured data protection provisions that were both robust and consistent with national law and sought to include a council declaration on the application of existing non-automated data searching between member states.

6 Dec 2007 : Column 1919

It was unfortunate that it was not possible to clear the proposal from scrutiny before it was agreed. In responding to the committee’s report within a week, we hoped to be in a position to have this debate before the June JHA Council. That did not prove possible. As such, after much consideration, the then Home Office Minister decided to override the parliamentary scrutiny reserve and agree the PrĂ1/4m Council decision. The reasons for that were set out in a letter to the committee dated 11 June 2007.

As noble Lords will be aware, we have recently participated in a general approach to the PrĂ1/4m implementing agreement. I am aware of the committee’s views on the use of general approaches, but place on record that the Government do not consider this to be an override, given that work is continuing at expert level on the detailed accompanying technical annexe.

Coming to the data protection issues, I reiterate that the Government secured specific data-sharing provisions to be included in the Council decision to ensure a balance between the rights of the individual and the need to share data for public security purposes. We believe that the PrĂ1/4m Council decision and implementing agreement provide such provisions and safeguards.

The noble Lord, Lord Wright, asked why we had been browbeaten into accepting PrĂ1/4m without cost analysis. We were not browbeaten. There was a full discussion of the text. However, it was not accompanied by full and proper cost analysis—in that, he is completely right. I have to say that that was extremely unfortunate. During the negotiation, there was an expert seminar to explore the experience of the seven original PrĂ1/4m states, which allowed us to assess resource and cost implications—it was not fully satisfactory, I have to say, but it gave us a baseline. The noble Lord asked why we accepted that before a data protection framework was in place. PrĂ1/4m has its own data protection framework, which is robust and tailored to the specific system. It is a bespoke system.

The noble Lord also asked why we agreed to implement the agreement while it was under scrutiny. The Government do not accept that the general approach at the November JHA Council—the ongoing negotiations are detailed in the annexe—is an override, because we reserve the right to reopen the text at any time.

A number of speakers asked about access to our own databases and the complexities of our databases compared with those in the European Union. It would not be appropriate to allow direct access to our databases; indeed, that is not intended. We would allow a search on data from reference or shadow DNA or fingerprint databases, but that would be only to ascertain whether there was a hit or no hit on the data. Further information would have to go through the current secure police channels, including mutual legal assistance, once we knew that there had been a hit. Consequently, any disclosure of personal information about individuals whose profiles are on the UK databases would be under existing conditions. That provides for a case-by-case consideration of the legal basis, as well as the necessity for proportionality and justification of disclosure, taking into account data protection and ECHR considerations.

6 Dec 2007 : Column 1920

In closing, I stress the importance that the Government attach to these initiatives. The UK Government take data protection very seriously. It is paramount to ensure that when we share information proper measures are in place to protect the data shared. Data sharing is a key part of keeping our communities safe and protected. With ever-increasing travel by offenders and the transnational nature of organised crime, the necessity to share information increases accordingly.

PrĂ1/4m is a new system for tackling organised transnational crime in a more modern way, allowing for a speedier and more efficient data-sharing mechanism. An important element in ensuring that we are able to share, retain and use data is the data protection standards and safeguards that the PrĂ1/4m Council decision provides, with which the Government are satisfied.

The agreement between the EU and the US on the exchange of PNR also strikes that balance between the need to combat terrorism and serious and organised crime and the need to provide data protection safeguards. We all agree that the collection of PNR data is a valuable weapon in the fight against terrorism. However, we should not lose sight of the immense value of PNR in combating serious crime, including human trafficking and drug smuggling, as well as its value in securing borders.

I hope that I have addressed all your Lordships’ concerns satisfactorily, but I am willing to write on any issues that I have failed to cover in my speech.

6.35 pm

Lord Wright of Richmond: My Lords, I am grateful to all noble Lords who have taken part in the debate. I would like to express my particular pleasure in sharing a debate for the first time with my former colleague—colleague, not pupil—the noble Baroness, Lady Neville-Jones. I thank the Minister for his attempt to respond. I do not say “attempt” condescendingly; I mean an attempt to respond to our criticisms. They are criticisms mainly of delays and failures that predate his watch—if I have the expression right. I am also grateful for his offer to write further, if, on looking at Hansard,he and his officials consider it useful to bring up other things.

I merely want to take up one point that the Minister made that relates to the intervention of the noble Baroness, Lady Ludford. He said that we cannot unpick the package of the PNR agreement and the DHS letter. Our particular criticism is that the letter does unpick the agreement.

On Question, Motion Agreed to.

Passenger Name Record (EUC Report)

6.37 pm

Lord Wright of Richmond: My Lords, I beg to move the Motion standing in my name on the Order Paper.

Moved, That this House takes note of the report of the European Union Committee on The EU/US Passenger Name Record (PNR) Agreement (21st Report, Session 2006—07, HL Paper 108).—(Lord Wright of Richmond.)

On Question, Motion agreed to.

Next Section Back to Table of Contents Lords Hansard Home Page