86.The UK currently has, or shortly expects to have, access to the most significant EU databases and agreements facilitating data-sharing among EU law enforcement agencies. Our witnesses emphasised that access to the information and intelligence currently sourced through those channels was vital for UK law enforcement. We were told that it was “mission-critical in protecting both the citizens of the UK and the citizens of Europe that the UK policing effort is able to access that information”. In the sections that follow, we examine the data-sharing tools that witnesses identified as particular priorities.
87.The Second Generation Schengen Information System (SIS II) is a database of ‘real-time’ alerts about individuals and objects of interest to EU law enforcement agencies. SIS II contains information on 35,000 people wanted under a European Arrest Warrant, as well as alerts on suspected foreign fighters, missing people, and alerts on people and objects of interest to EU law enforcement agencies. By allowing participating countries to share and receive law enforcement alerts in real time, SIS II helps facilitate cooperation for law enforcement and border control purposes. Each country participating in SIS II has a so-called SIRENE (Supplementary Information Request at the National Entry) Bureau, to provide supplementary information on alerts and coordinate activities in relation to SIS II alerts.
88.The UK connected to SIS II in April 2015. Between then and 31 March 2016, over 6,400 alerts issued by other participating countries received hits in the UK, allowing UK law enforcement agencies to take appropriate action, and over 6,600 UK-issued alerts received hits in other participating countries. In March 2016, 809 people were flagged on SIS II to the UK—including 192 wanted people, 96 missing people, and 358 people believed to be involved in serious organised crime. SIS II also helps participating countries tackle the terror threat from foreign fighters from across the EU returning from Syria and Iraq, tracking them as they travel around Europe. In April 2016 the UK received 25 hits on alerts issued by other participating countries in relation to individuals who could pose a risk to national security.
89.Our witnesses were emphatic about the operational significance of access to SIS II. The National Crime Agency identified it as one of their top three priorities for the forthcoming negotiations on the UK’s exit from the EU, describing it as “an absolute game-changer for the UK”. The NCA’s Deputy Director-General David Armond explained that SIS II was directly accessible by police officers on the street: “It is linked to the Police National Computer so that officers can stop a car with French plates and Hungarian nationals in it, undertake checks and find details of stolen property, wanted people, alerts and the like.”
90.The National Police Chiefs’ Council (NPCC) agreed that access to SIS II was “essential for mainstream policing”, noting that “the ability to understand whether somebody is wanted in another country, whether they are missing, whether the vehicle they are driving is stolen and so on” was critical in allowing officers on the street to make decisions (for instance in relation to custody) to safeguard the welfare of people across the country.
91.Both the NCA and the NPCC also drew our attention to the link between SIS II and the European Arrest Warrant (EAW). SIS II was said to have “increased exponentially” the number of EAWs for subjects wanted in the UK, leading to a 25% increase in the number of EAWs executed and people arrested in the year since it became available. Alison Saunders, Director of Public Prosecutions, highlighted cases when the Crown Prosecution Service “did not really know exactly which country an individual was in “where SIS II enabled them to “put out a European Arrest Warrant, find somebody and bring them back very quickly”. She cited the case of the murder of an elderly couple, in which the suspect’s car was found by the ferry terminal at Dover, and the suspect was therefore believed to be going to France: “Because we put the EAW out on the SIS II database, we found out days later that he was in Luxembourg. There was no intelligence to tell us he was there.” Ms Saunders suggested that the CPS “might have missed that had we not had the availability of both the EAW and the SIS II database”. The Crown Office and Procurator Fiscal Service endorsed her comments, describing SIS II as an “important tool, not only from the requesting state’s point of view in having an accused or convicted person returned to them to face justice, but also because it reduces the likelihood of significant and possibly dangerous criminals slipping through the fingers of law enforcement”.
92.The NCA emphasised that the intelligence agencies “are as concerned about the loss of SIS II as we are”, explaining that “there is a facility known as Article 36(3) which allows us to put on discreet alerts in relation to our CT [counter-terrorism] suspects”. SIS II was therefore said to play an important part in tracking people under surveillance by intelligence agencies—people who might be seeking to cause significant harm by means of terrorist attacks.
93.Lord Kirkhope also described SIS II as “absolutely crucial” to intelligence-sharing, and warned of the risk that without it “we will end up being a little island off the continent with no access to information and intelligence about who is likely to come to us and, more importantly, about what happens to our criminals when they go across to the continent”.
94.The European Criminal Records Information System (ECRIS) has been in operation since April 2012, and provides a secure electronic system for the exchange of information on convictions between EU Member States. When a Member State convicts a national of another Member State, it is obliged to inform that country through ECRIS. Member States are also required to respond to requests for previous convictions for criminal proceedings. Criminal records information obtained through ECRIS means that when UK courts are making sentencing decisions, they can take into account previous offending behaviour in other EU Member States. ECRIS may also be used for other purposes such as employment vetting and immigration matters. No non-EU country currently has access to ECRIS.
95.Speaking on behalf of the National Police Chiefs’ Council (NPCC) and the Metropolitan Police Service, Deputy Assistant Commissioner Stephen Rodhouse described access to criminal records data from across the EU as “critical to volume policing”, and suggested that while all EU police and criminal justice measures were important, he “would prioritise the criminal exchange data as hugely significant”. He explained that ECRIS “can give very speedy returns when we inquire into the criminal background of somebody that we have in custody”, which in turn allowed “effective decisions to be taken about the risk that they pose and the opportunity of an immigration solution to having a risky offender in the UK”. He noted that in 2015, UK requests for overseas criminal convictions data revealed 178 cases of a conviction for rape abroad and 177 for murder. This allowed that information “to be put on the Police National Computer and to be at the fingertips of officers all over the country”. He warned that in cases where that information was not available, “it presents an ongoing risk to the UK”.
96.The Crown Office and Procurator Fiscal Service emphasised that being in receipt of criminal history data at the point of considering a case “is essential to ensure that the case is properly prosecuted in the public interest”, and can also inform risk assessments around bail.
97.The NCA ranked ECRIS fourth among their priorities, describing it as “a very important tool”, and warning that the UK would lose access to that information immediately if it left Europol. The NCA also drew our attention to the fact that ECRIS was “important not only in terms of people who have been arrested or who we have been making inquiries about but in identifying people who might be offered work with children in the UK”.
98.Advance Passenger Information (API) data are the data contained in the machine-readable zone of a travel document, such as the name of the passenger, their date of birth, nationality and passport number. In the United Kingdom, the UK Border Agency screens API data against watch-lists to allow early identification of persons of known interest for security, immigration, customs or law enforcement purposes. The obligation of carriers to transmit API data to border agencies is regulated by EU law under a 2004 Directive.
99.Passenger Name Record (PNR) data include other information held by the carrier or collected by the carrier when a passenger makes a booking, for example how travel was booked and for whom, contact details, and travel itinerary. In April 2016 the European Union adopted a Directive obliging air carriers to provide Member States’ authorities with PNR data for flights entering or departing the EU, and also including provisions on selected intra-EU flights. All EU Member States who participate in the measure have indicated that they will make full use of the provisions relating to intra-EU flights. Countries outside the EU will normally require either a direct agreement with the EU or bilateral agreements with individual Member States in order to acquire PNR for flights originating there.
100.The UK Government said in May 2016 that it had made “consistent calls” for PNR legislation to be adopted by the EU, noting that in the absence of this EU agreement, it would have been possible for certain Member States to choose not to develop a capability to process PNR. This would have meant international investigations running into difficulties every time an individual assessed to pose a threat to public security travelled on from (or arrived from) that Member State. The Government observed: “This could have made their true destination or origin untraceable.”
101.Helen Ball, the Metropolitan Police Service’s Senior National Coordinator for Counter-Terrorism Policing, identified PNR data as “very valuable for protecting people”, and therefore of particular interest to CT policing. The information contained in Passenger Name Records, combined with the powers of various agencies at UK borders, was “powerful in preventing the travel of people who are would-be terrorists, in spotting people who might be returning and might be a threat and, crucially, in protecting vulnerable and manipulated people”.
102.The NCA also listed Passenger Name Record data among their priorities, describing it as “incredibly important for the security of our border”. David Armond, Deputy Director-General, explained that, while the UK had already been accessing PNR data from key partners around the world for border security purposes, “until this measure, some European nations were not providing us with this data—Germany being a case in point”. He added that PNR data were important for the NCA’s work at the border and at the National Border Targeting Centre, providing not just the details of the subject but addresses, bank details, telephone numbers, “and a whole host of other data that can be really important when we are checking against criminal records and profiling those people who might be a threat to the UK”.
103.The Prüm Treaty was signed by Austria, Belgium, France, Germany Luxembourg, the Netherlands and Spain in May 2005. The aim of the Treaty was to improve “cross-border cooperation, particularly in combating terrorism, cross-border crime and illegal immigration”. It sought to achieve this by improving exchange of information, particularly through reciprocal access to national databases containing DNA profiles, fingerprints and vehicle registration data.
104.In 2008 the Council of Ministers adopted two Decisions (the Prüm Decisions) incorporating most of the Prüm Treaty’s provisions into EU law. The Prüm Decisions require Member States to allow the reciprocal searching of each others’ databases for DNA profiles (required in 15 minutes), Vehicle Registration Data (required in 10 seconds) and fingerprints (required in 24 hours). Searches of DNA profiles and fingerprints are on a ‘hit/no hit’ basis; a hit can be followed by a request for the personal details of the person concerned. In 2010, two non-EU countries—Norway and Iceland—concluded agreements with the EU to access Prüm, but neither agreement has yet entered into force.
105.The Prüm Decisions were not included in the list of 35 pre-Lisbon police and criminal justice measures that the Government indicated it would seek to re-join after exercising the UK’s block opt-out under Protocol 36 to the Lisbon Treaty. The Prüm Decisions therefore ceased to apply to the UK on 1 December 2014, the date on which the UK’s block opt-out took effect. This approach was reflected in a transitional Council Decision adopted in November 2014. The Government did, however, indicate at that time that it would “undertake a full business and implementation case in order to assess the merits and practical benefits of the United Kingdom re-joining the Prüm Decisions”.
106.The Government published a Command Paper on 26 November 2015 analysing the options open to the United Kingdom (to maintain the status quo; to re-join the Prüm Decisions; or to develop some alternative mechanism for police cooperation and data sharing) and recommended that the UK re-join the Prüm Decisions. We published a report endorsing the Government’s recommendation on 7 December, and later that month both Houses of Parliament passed motions supporting the Government’s intention to re-join the Prüm Decisions. The European Commission adopted a Decision confirming UK participation in May 2016.
107.The Government’s Command Paper envisaged that Prüm would be phased in gradually, starting with a small-scale pilot in 2015 exchanging police DNA profiles with four other Member States, connecting to Prüm in 2017, and establishing a full connection by 2020. The Government has recently confirmed that it is continuing with implementation of Prüm, and is confident that data exchange will start to take place in 2017.
108.In May 2016, the Government indicated that “the ability to check speedily other countries’ databases helps EU law enforcement agencies to connect crimes committed in different countries, and provides them with crucial information, for example on the identity of a person who left DNA at a crime scene”. It suggested that it was “thanks to Prüm—and other co-operation and data exchange tools available to European countries” that the French and Belgian authorities were quickly able to identify Salah Abdeslam following the terrorist attacks in Paris in November 2015. The Government also highlighted the small-scale pilot in 2015, from which the UK obtained 118 matches (from around 2,500 DNA profiles) covering offences such as rape, sexual assault, arson and burglary.
109.The National Crime Agency told us that they had not yet seen the full effect from Prüm, but that the pilot had sped up their ability to share hits from UK DNA datasets and fingerprint hits with other Member States: “That has made us feel that we should continue with it and get the whole of Europe involved because that would be very effective. If not, we have to fall back on an arrangement which exists through Interpol that is time-consuming, bureaucratic and nowhere near as effective for protecting the public.” Helen Ball, the Metropolitan Police Service’s Senior National Coordinator for Counter-Terrorism Policing, also told us that police forces would want to continue to share biometric data, “and indeed increase our sharing, through Prüm”.
110.All countries with access to SIS II are either full EU Member States or are members of the Schengen border-free area (Norway, Iceland, Switzerland, and Liechtenstein). Noting that there were no precedents for a non-Schengen, non-EU country to be a member of SIS II, the NCA acknowledged that “if we are to continue to be a member of SIS, that will be a very different deal from one that anyone else has”. Professor Peers also pointed out that were the UK to seek continued access to SIS II, it would be “asking for something which is not normally given since we will not be joining Schengen”. He added that “you can ask for it, but it might be difficult”.
111.ECRIS is even more exclusive, since no non-EU country, including the Schengen countries, currently has access. In May 2016 the Government pointed out that the Schengen countries instead use the 1959 Council of Europe Convention on Mutual Assistance in Criminal Matters or informal Interpol channels, in order to exchange data on international criminal convictions. The Government warned that “this is more time-consuming, complex and expensive than the ECRIS procedure”, adding that “neither the UK’s existing bilateral agreements nor the Interpol channels require countries (by law) to supply data within specified timeframes—as they are required to do under ECRIS”.
112.Passenger Name Records are “slightly simpler”, according to Lord Kirkhope, because the EU already has agreements with other countries such as the United States and Canada. He nonetheless warned that “it may not be possible in future to access all the data, including specifically the intra-EU data for PNR”. Lord Kirkhope emphasised the importance of the intra-EU provisions, “because most people aiming to do us harm do not fly, for the sake of argument, from Istanbul to Heathrow; they would fly from Istanbul to Madrid and from Madrid to Stockholm, from Stockholm to Berlin and from Berlin to London”. He also drew our attention to the fact that the EU-Canada PNR agreement “has run into some obstacles; our old friend the ECJ has deliberated negatively on this”.
113.The Prüm Decisions fall somewhere in between: the only two non-EU countries to have secured access in principle are Norway and Iceland, both Schengen members. The Government has been at pains to emphasise, however, that while the Council Decision on the signature of the bilateral agreement makes reference to Norway and Iceland’s participation in the Schengen acquis, the agreement does not itself form part of the Schengen acquis. Rather, the EU has reached the agreement with Norway and Iceland through its power to enter into international agreements under Article 216 TFEU. The Government concludes that it has “no reason to believe that such an international agreement could not be reached with the UK after the UK leaves the EU”. Professor Peers appeared to concur, observing that although Norway and Iceland are Schengen members, in the case of Prüm there was not the direct link with Schengen that applied in the case of the Schengen Information System. In his view, this meant that “the fact we are not in Schengen should not count against us in access to Prüm”.
114.Our witnesses also pointed out that there was a mutual interest in finding a way forward. Professor Peers suggested that if the UK found itself asking for something unprecedented, it could emphasise that there was an advantage to the EU-27 from the UK having access to, for instance, SIS II: “where they are sending us a lot of European Arrest Warrants … it clearly makes it easier to find people, and there is a risk that we will be the kind of Brazil of Europe if we do not have access to these European databases”. He suggested that a similar argument could be made in respect of ECRIS, namely that “the usefulness of them having information on British criminal records, as well as the other way round, justifies access to the ECRIS system”.
115.Tony Bunyan made a similar point in respect of Prüm, observing that “it works both ways”:
“There will be some British nationals who are suspected of crimes on the continent, or people who have a prior history in Britain whom we have data on, and it is useful for them to be able to make the request to us; plus we have a huge DNA database which I am sure is very attractive to other Member States.”
116.The Government highlighted two further factors that could count in the UK’s favour in any negotiation, namely the UK’s status as a “known commodity” to the other Member States, and the UK’s track record of leadership in this area. The Minister of State for Police and the Fire Service, Rt Hon Brandon Lewis MP, emphasised that the UK would not be “coming to this as a completely fresh partner with whom the EU countries have no background and need to build a new relationship. We are a known commodity.” He noted that the UK had “led the way” on PNR, and was “acknowledged to have a highly developed system”. It also had “significant expertise for example on fingerprints” and was “very effective” in how it used both biometric information and fingerprints and DNA more generally: “we know that Member States value that”.
117.The Government therefore believed that the UK brought “an awful lot to the table in terms of our expertise and knowledge”, and that it would be able to draw on “a relationship that none of the others who have negotiated deals has had before and a known back record which is positive”. For these reasons, Mr Lewis argued, “the off-the-shelf presumptions around looking at what any other country has done are a false representation”. The UK should instead be looking for a “bespoke deal that is right for us and covers these things”.
118.Compliance with EU data protection standards is likely to be a necessary pre-condition for exchanging data for law enforcement purposes. Professor Peers warned that the UK “will not have access to these databases unless we have equivalent laws to the European Union on data protection”. He suggested that the UK would “always, practically speaking, be required to maintain the same level of protection as the EU. After all, it is not just things like fingerprints and the rest of it; it is the entire online economy every time you buy something by credit card over the internet, so there is a real necessity for us to keep our rules at the same level.” Lord Kirkhope raised the same issue, suggesting that there could be mileage in “leveraging the collective influence of the non-EU third countries to co-operate, such as the United States and Canada, to make sure that we have equivalent levels of data protection and redress in the use of data”.
119.As recently as 2014 and 2015, the Government and Parliament judged that it would be in the national interest for the UK to participate in flagship EU data-sharing platforms such as the Second Generation Schengen Information System, the European Criminal Records Information System and the Prüm Decisions. We see no reason to change that assessment, not least as the threat from terrorism in particular has escalated further—and the EU has responded, for example by adopting the Passenger Name Record Directive earlier this year.
120.Access to EU law enforcement databases and data-sharing platforms is integral to day-to-day policing up and down the country. Were the UK to lose access to them upon leaving the EU, information that can currently be sourced in seconds or hours could take days or weeks to retrieve, delivering an abrupt shock to UK policing and posing a risk to the safety of the public. The UK therefore has a vital national interest in finding a way to sustain data-sharing for law enforcement purposes with the EU-27.
121.The starting point for the UK in seeking to negotiate access to these tools is different from that of any other third country, both because of the UK’s pre-existing relationship with the EU-27 and because of the value it can add through the data it has to offer. We therefore accept the Government’s view that the precedents for access to EU data-sharing tools by non-EU and non-Schengen members may fail to capture the range of options that could be available to the UK. With that in mind, we believe there is a strong case for the Government to pursue a bespoke solution and seek access to the full suite of data-sharing tools on which the UK currently relies, as well as those it is still planning for.
122.At the same time, we recognise that the two data-sharing tools that witnesses identified as the top priorities for the UK—SIS II and ECRIS—are also those for which there is no precedent for access by non-EU (ECRIS) or non-Schengen (SIS II) countries. The price of accessing these databases has thus far been membership of the EU and/or Schengen. Therefore a UK negotiating objective of seeking continued access to these vital tools would be particularly ambitious.
123.With regard to Passenger Name Records, the Government should explore the precedents for EU agreements with third countries. We note, however, that losing access to intra-EU PNR data would be a serious handicap, and that the CJEU’s ruling on the EU-Canada PNR agreement does not bode well for the EU’s ability to conclude similar agreements promptly and reliably in future.
107 Helen Ball, Senior National Coordinator for Counter Terrorism Policing, Metropolitan Police Service,
108 HM Government,
116 Written evidence from the Crown Office and Procurator Fiscal Service (), p 2
119 HM Government, , para 1.30
121 Written evidence from the Crown Office and Procurator Fiscal Service (), p 2
123 Council Directive 2004/82/EC, 29 April 2004 on the obligation of carriers to communicate passenger data, (6 August 2004)
124 Directive (EU) 2016/681, 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime, (4 May 2016). See also the European Union Home Affairs Sub-Committee’s report on the UK opt-in decision in respect of that Directive: European Union Committee, (11th Report, Session 2010–12, HL Paper 113)
125 Denmark does not participate in the measure.
126 HM Government, , paras 1.19–1.20
130 Council Decision 2008/615/JHA, 23 June 2008 on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime, (6 August 2008) and Council Decision 2008/616/JHA, 23 June 2008 on the implementation of Decision 2008/615/JHA on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime, (6 August 2008)
131 This was because the UK did not have the technical capability at the time, and did not wish to risk infringement proceedings, rather than because the Government objected in principle—see para 16 of this Committee’s 5th Report, Session 2015–16, December 2015.
132 Council Decision 2014/836/EU, 27 November 2014 determining certain consequential and transitional arrangements concerning the cessation of the participation of the United Kingdom of Great Britain and Northern Ireland in certain acts of the Union in the field of police cooperation and judicial cooperation in criminal matters adopted before the entry into force of the Treaty of Lisbon,
(28 November 2014)
133 HM Government, Prüm Business and Implementation Case, Cm 9149, November 2015:
134 European Union Select Committee, (5th Report, Session 2015–16, HL Paper 66). The House of Commons debate and vote took place on 8 December 2015, see HC Deb 8 December 2015, . The House of Lords debate took place on 9 December 2015, see HL Deb, 9 December 2015,
135 Commission Decision (EU) 2016/809, 20 May 2016 on the notification by the United Kingdom of Great Britain and Northern Ireland of its wish to participate in certain acts of the Union in the field of police cooperation adopted before the entry into force of the Treaty of Lisbon and which are not part of the Schengen acquis, (21 May 2016)
136 Letter from Brandon Lewis MP, Minister of State for Policing and Fire Services, to Lord Boswell of Aynho, Chairman of the House of Lords European Union Select Committee, 19 October 2016:
137 HM Government, , para 1.22
138 Ibid. para 1.23
143 HM Government, , para 1.33
145 Letter from Rt Hon Brandon Lewis MP, Minister of State for Policing and the Fire Service to Sir William Cash MP, Chairman of the House of Commons European Scrutiny Committee, 20 October 2016: