The Select Committee on Home Affairs said that the Government
was so focused on law enforcement that it was ignoring the need to
ensure adequate protection of citizens' personal information.
"We consider that in the area of data protection there is
evidence of insufficient political appetite for protective measures
as compared to law enforcement ones," said the Committee's
just-published Third Report. "We note the Minister's expression of
continuing Government support for the Data Protection Framework
Decision. However, if proposals for a Framework Decision were to be
superseded by the data protection provisions in the Prüm Treaty, we
would have serious concerns as to whether these were adequate."
The Prüm Treaty is an agreement between seven European countries
on the sharing of police DNA and fingerprint information. Agreed
outside of the structures of the European Union, it is regarded as
a more lax agreement when it comes to privacy than any which would
be agreed within Europe.
There is now a proposal to have the Prüm Treaty adopted as EU
policy.
"We note the lack of EU-wide consultation over the contents of
the Prüm Treaty, arising from its origins as an agreement between a
small group of member states which did not include the UK," said
the Committee's report. The Committee said that the Government
should pursue a policy of ensuring data protection in matters of
justice and home affairs, known as the 'third pillar'.
Such an agreement has been debated, but has floundered as the
various parts of EU government could not reach agreement on the
proposal.
The Prüm Treaty is based on a 'principle of availability' of
police information agreed by its signatories in the aftermath of
terrorist bombings in Madrid in 2004. That principle is open to
abuse.
"You would certainly hope that every police force in the EU
would restrict itself to only searching for very important
information where it has legitimate reasons to search," Professor
Steve Peers of the University of Essex told the Committee. "But I
suspect there is a risk that in some cases some uncontrolled
fishing expeditions will take place. That is the risk from the data
protection point of view."
The Committee said that the Government should be worried about
the problems the Prüm Treaty could cause. "The proposed
transposition of the Prüm Treaty into the legal framework of the EU
raises serious questions," it said. "The UK has missed out on an
opportunity to influence a major European multi-country project
from the start. Even more importantly, Prüm sets a worrying
precedent whereby a small group of Member States may reach an
agreement amongst themselves which then is presented to the wider
EU almost as a fait accompli."
The Committee also attacked two high profile examples of wide
data sharing that have attracted severe criticism, the sharing of
airline passenger name records (PNR) with US authorities and
international funds transfer body SWIFT's sharing of European
transaction details with US authorities.
"Both the Passenger Name Record and SWIFT cases give cause for
serious concern," said the Committee. "We consider that the casual
use of data about millions of EU citizens, without adequate
safeguards to protect privacy, is an issue of much greater
significance than many of the other EU-related matters put to the
UK Government and Parliament for consideration.
"We recommend that the Government and the European Commission
should prioritise the question of provision of personal information
to countries outside the EU as an issue of the greatest practical
concern to its citizens. We repeat our earlier recommendation that
the Government should seek urgent agreement on a comprehensive
EU-wide data protection framework in the third pillar and ensure
that specific minimum standards ensuring adequate data protection
are agreed for data exchange with third countries," said the
Committee.
