28 March 2012
Support our work: become a Friend of Statewatch from as little as £1/€1 per month.
European
Commission proposes "free market" for law enforcement
database access
Where at the moment there are strict rules on cross-border access data - for example in the Schengen Information System (SIS), that immigration data can be accessed by immigration and border officials and police data by police officers - these would disappear under this proposal.
The Communication's argument is as simplistic and illogical as another recent Communication on exchanging information on terrorist investigations: Is the EU trying to combat terrorism or crime? Analysis - which drew the comment from a UK parliamentary committee that the supposed link between terrorism and organised crime is based: "more on assertion than on evidence".
Tony Bunyan,
Statewatch editor, comments:
"This is yet another badly argued Communication from
the Commission which would be better called: Towards enhancing
surveillance by law enforcement agencies.
There is a big difference between exchanging specific data based on a targeted inquiry and allowing unlimited and uncontrollable access to all the data held on national databases by every other agency in the EU. Requests for data and information can already be routed through the Schengen Information System and national SIRENE bureaux and Europol, and spontaneous requests can be carried out under the Mutual Assistance Convention. If there is a specific needs - for murder inquiries or searches for suspected paedophiles - this should be the task of Europol.
To put forward
such a proposal without any indication of data protection rights
for suspects or those simply held on "intelligence"
files is quite irresponsible but not surprising - we have been
waiting since 1998 for the Council or the Commission to come
up with data protection rights under the "third pillar"".
The
proposal - the free movement of data
The long title of the
Communication is:
"Towards enhancing access to information by law enforcement agencies (EU Information Policy)"
The cited remit comes from the special EU Summit "Declaration on terrorism" adopted in the aftermath of the bombings in Madrid on 11 March 2004 that called for: "simplifying the exchange of information and intelligence between law enforcement authorities of the Member States". It was one of the many proposals that the "Statewatch Scoreboard" found had little or nothing to do with combating terrorism (see: Scoreboard).
The objective of "simplifying the exchange of information and intelligence" can be interpreted in many ways. The Communication sees it as:
"achieving free circulation of information between law enforcement authorities... [and overcoming] the legal, technical and practical problems hindering exchange between Member States" (emphasis added)
The Commission is proposing "a full stock-taking exercise" with a:
"broad and open consultation with all interested stakeholders, namely the European Data Protection Supervisor"
The European Data Protection Supervisor may well be a worthy person but certainly he does not represent "all the interested stakeholders".
Furthermore, it is claimed that "major threats, like terrorism" will be "avoided" by introducing "intelligence-led law enforcement (a concept already in place in most national police forces), which, in turn, will apparently allow the EU to assume an "international role".
In justification the Communication says that access is needed to:
"prevent and combat terrorism and other forms of serious or organised crime as well as the threats caused by them. In this respect it should be borne in mind that often criminal activity that would not appear to come from within the category of "serious or organised" can well lead or be connected to it"
Like the Communication on exchanging information on terrorist investigations such a logic is "based more on assertion than on evidence". By collapsing terrorism, serious crime, organised crime and then all crime into one continuum it seeks to justify sweeping new powers of access.
The objectives are said to be establishing "the free movement of information between law enforcement agencies" through the "principle" of the "right of equivalent access to data" through the right of access to databases held in other member states "on the same conditions as national law enforcement officials". There is therefore a need to standardise the form in which "data", "information" and "intelligence" are held across the EU.
The Communication also, it appears, intends to allow access by law enforcement agencies to data "not collected for law enforcement purposes" which presumably refers to commercial databases (referred to as: "cooperation between public and private sector actors").
The overall objective is spelt out::
"The Commission is of the view that the only viable option for the future will be the creation of interoperable and interconnected EU systems. A conceptually comprehensive IT architecture that integrates national, European and international inter-linkages offer in the long run considerable savings, synergies and policy opportunities, both in the area of criminal intelligence and in the broader context of an evolving European Security Strategy."
Here we go again - policing and criminal intelligence are to be part of "an evolving European Security Strategy".
Not content with giving all law enforcement agencies access to all data the Communication proposes that the Police Chiefs Task Force - an ad hoc group with no legal basis in the EU - should have yet another role. The compilation of:
"EU strategic assessments would allow the Council to set law enforcement priorities"
and:
"The PCTF should hand down the operational assessments to the operational levels within national law enforcement communities"
This would, apparently, mean that the Council (the 25 EU governments) would not only set "priorities" but expect "specific outcomes, for instance making arrests, seizing or forfeiting assets from criminal activities".
The central proposal - to allow a "free market" with the "free movement" of data and intelligence - is on top of proposals already on the table which would allow:
"enhanced interoperability between European databases (SIS II, VIS and EURODAC) in order to exploit their added value within their respective legal and technical frameworks in the prevention and fight against terrorism"
However, the planned "interoperability" is not limited to "terrorism" but extended to crime in general and immigration and border controls.
The Communication does actually say that there must be "robust data protection" but nowhere is the issue addressed, except as below.
Planned legislation
The Communication has three Chapters and the last "Chapter III" is all of 14 lines long and entitled: "Legislative initiatives linked to this Communication". In full it reads as follows:
"The Commission will continue to develop policy, including
legislative initiatives in the related areas of protection of
personal data in the third pillar and the use of passenger information
for law enforcement purposes, the latter in accordance with the
principles set out in the Commission’s Communication of
December 2003 (COM (2003) 826 final of 16.12.03 on the Transfer
of Air Passenger Name Record (PNR) Data. A Global EU Approach).
The proposal for a Framework Decision on Data protection will
establish common standards for the processing of personal data
exchanged under Title VI of the Treaty on European Union in order
to empower access to all relevant law enforcement data by police
and judicial authorities in accordance with fundamental rights.
This Framework Decision should provide a single general data
protection framework for the purpose of co-operation to prevent,
detect, investigate and prosecute crime and threats to security.
It will establish a framework for the more specific provisions
contained in the different legal instruments adopted at EU level,
and will further reduce the practical differences in information
exchange between Member States on the one hand and Member States
and third countries on the other hand, and embedded in it a mechanism
that ensures the protection of fundamental rights."
So the Commission is planning to introduce at least two measures. The first on "protection of personal data in the third pillar" which sounds promising as we have been waiting since 1998 for a measure actually protecting personal data in the "third pillar" (policing, immigration and judicial cooperation). But wait, the next paragraph says the purpose is not to establish rights for citizens but rather to "empower access to all relevant law enforcement data by police and judicial authorities" for the purpose of "co-operation to prevent, detect, investigate and prosecute crime and threats to security". And further the intention is not only to "reduce the practical differences in information exchange between Member States" but also between "Member States and third countries". The idea that such a proposal can also ensure "the protection of fundamental rights" is beyond belief.
It is worth noting that as recently as 14 May 2004 the full meeting of the Commissioners discussed a draft of this Communication which was entitled "European information policy for law enforcement and related data protection issues" (C (2004) 1799, 6 May 2004).- it seems between this date and 16 June "and related data protection issues" was lopped off.
Of course if there was any real commitment to provide citizens with meaningful data protection when data and "intelligence" is held on them it might be expected that the Presidency's "multiannual programme building the area of freedom, security and justice" (doc no: 11122/04) would mention it - but it is silent on the issue.
The second new proposal the Commission intends to put forward concerns "the use of passenger information for law enforcement purposes". But wait a minute did not the Council on 29 April 2004 adopt a "Council Directive on the obligation of carriers to communicate passenger data" - despite the European Parliament twice rejecting the proposal? [See: EU-PNR: JHA Council to agree the surveillance of airline passengers: Report and documents]. This Directive - at the last minute - had inserted into it provisions for law enforcement agencies to keep passenger data for as long as they want and gave all agencies (not just immigration and border controls) the right of access to the data.
So why is the Commission proposing another measure? Could it be that as the above Directive only covers those flying into and out of the EU it is intended to extend the surveillance of passengers to internal travel as well? Certainly the Commission's Communication on the "Transfer of Air Passenger Name Record (PNR) Data: A Global EU Approach (COM (2003) 826, 16.12.03) envisaged collected personal data on all passengers whether travelling within or into the EU.
What ever
happened to data protection?
The issue of data protection
in the "third pillar" (justice and home affairs: policing,
immigration and asylum and judicial cooperation) has long been
recognised as a "gap" in EU policy (the 1995 Directive
on data protection does not cover this area). The issue
of data protection in the “third pillar” was first
raised in the Council of the European Union (the 15 governments)
in May 1998. The German Presidency of the European Union, 8 June
1998, said to the: “search for the (lowest) common denominator
in this field is not new”. However, the “Action Plan
of the Council and the Commission on how best to implement the
provisions of Amsterdam establishing an area of freedom, security
and justice” (13844/98) said that data protection issues
in the “third pillar” should be: “developed with
a two year period” (IV.47(a)).
It was not until August 2000 that a draft Resolution drawn up by the Working Party - this was revised five times, the last being on 12 April 2001 under the Swedish Presidency of the EU (6316/2/01) when agreement appeared to have been reached - and the Article 36 Committee was asked to address outstanding reservations. This draft, although peppered with exceptions and derogations, could have been the basis for a public debate.
However, since 12 April 2001 there has been silence - and under a rationalisation of the Council's working parties from 1 July 2002 (6582/1/02 REV 1) (reducing the number of Working Parties from 26 to 15) the Council's Working Party on data protection was abolished without explanation.
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: MayDay Rooms, 88 Fleet Street, London EC4Y 1DH. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.