The Home Affairs Select Committee has advised government to put its weight behind neglected European efforts to hold the rapidly emerging system of police databases answerable to human rights legislation.
The committee's proposals, published today in a report on EU police and judicial co-operation, include a bar on agreements like the controversial PNR (Passenger Name Records) and Swift data sharing arrangements that the EU formed with the US in the name of the "war on terror".
It also recommends the government seeks to restrain EU efforts to share data between police forces by ensuring decent data protection laws are adhered to.
It noted how the EU (and largely the council) had been rushing ahead with plans to link European police databases, while legislation designed to protect citizens' fundamental rights against abuse from such powerful policing tools had been left to flounder.
"We consider that in the area of data protection there is evidence of insufficient political appetite for protective measures as compared to law enforcement ones," the report noted.
An EU measure to introduce data protection legislation into the third pillar of EU law (where matters regarding the police and judiciary sit) had been more or less abandoned because the council had failed to come to an agreement. Yet in the absence of an agreement, a cabal of EU states went ahead with their own police database plan called the Prüm Treaty, which contained weak data protections. This had subsequently been introduced as an EU framework, the committee noted, "almost as a fait accompli".
The committee was concerned about the precedent Prüm had set for European democracy, while noting the lack of scrutiny of these proposals in Westminster.
"There is a danger that if [Prüm] is not implemented with sufficiently rigorous safeguards, in particular robust data-protection arrangements, the principle risks the dissemination of personal data of UK citizens without sufficient control over the subsequent use of that data."
Experts told the committee how greater police co-operation across Europe could lead to greater abuses of human rights. Professor Steve Peers, of the University of Essex, warned that police would be tempted to use their databases to go on fishing expeditions unless their access was restricted.
Dr Valsamis Mitsilegas, from the University of London, said as police standardised their data formats, the sharing would become "quasi-automated", making it difficult for police to make checks that would uphold key data protections.
For example, data is supposed only to be used for the purpose for which it was collected, not shared with countries without proper protections, and not taken from sources that might have got the data through coercion or torture.
While people have found it easier to shuffle around EU states, police data sharing arrangements have been shoddy. Even the steps taken to improve matters in 2005 where inadequate, it noted. The 2005 legislation only made sure European police forces shared relevant data with one another about suspects and criminals on a weekly basis. It did not hold them to using common formats and ensuring a minimum standard of quality.
To illustrate the poor level of co-operation between European forces, the report noted the case of 63-year-old Belgian Michel Fourniret, who was arrested in 2003 for the murder of six French girls and one Belgian girl. Belgian police had no idea he had previously been sentenced for the rape and indecent assault of minors in France.
However, Home Office minister Joan Ryan said the UK was seeking to join an EU pilot for a more active police data link than those already being pushed through in legislation. The way the report described the pilot, it sounded as though it was exploring greater levels of integration between police databases than was presently accepted to be within the bounds of data protection.
The standard was set on the VIS (Visa Information System) legislation currently being passed through the Brussels legislature: it gave European police forces only limited access to one another's databases and only for good reason.
The principles behind these restrictions also prompted the committee to commend Ryan's suggestion that further agreements like the PNR data sharing arrangement with US terror investigators was "an area that the EU should hopefully be able to avoid".
The same went for other US data gathering exercises: "We consider that the casual use of data about millions of EU citizens, without adequate safeguards to protect privacy, is an issue of much greater significance than many of the other EU-related matters put to the UK government and Parliament for consideration," said the report.
"We recommend that the government and the European Commission should prioritise the question of provision of personal information to countries outside the EU as an issue of the greatest practical concern to its citizens."
It added that it was urgent that the government put its weight behind the EU proposal for data protection in police matters and that it ought to listen to the recommendations of the European Data Protection Supervisor (EDPS) if it wanted to see it done properly.
That should please the EDPS no end, because the headlong merger of police databases without proper regard for data protections is an illustration of just how well the EU Council has listened to the supervisor before now. ®