The Daily Telegraph reports: “European bureaucrats are threatening to fine Britain millions of pounds for not sharing sensitive personal data of its citizens with other EU countries.”
It is important to recall that in 2008, the
Council adopted a Decision incorporating in the framework of the EU the main
provisions of the Prum Treaty. The Council Decision on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime, is intended to combat terrorism and cross-border crimes by facilitating and strengthening cross-border cooperation by exchanging information between agencies responsible for the prevention and the investigation of criminal offences. The aim is to create a network of databases where member states acquire automated access to each other's national databases. It creates a "hit/no hit" system to allow Member States to access data from other Member States' national DNA analysis files and automatic dactyloscopic identification systems.
The exchange of information related to personal data such as DNA records and fingerprints is based on the ‘principle of availability’, meaning that “information for law enforcement purposes needed by the authorities of one Member State should be made available by the authorities of another Member State, subject to certain conditions.” Consequently, under the Decision, Britain is required to ensure the availability of reference data from its national DNA analysis files to the law enforcement authorities of the other EU Member States, even if the offence in question is not a crime in this country.
Hence, for the investigation of criminal offences, Member States law enforcement officers have automatic access to reference data in their DNA analysis files, fingerprint identification systems. They have the power to conduct automated searches by comparing DNA and dactyloscopic data (fingerprints). The identity of a person can only be revealed if there is a match between DNA profiles or dactyloscopic data. There is exchange of information if there is a hit.
Under the terms of the Council decision any DNA profile must have six loci, which is what permits genetic profiles to be shared. Hence, a DNA profile is matched if there are six fully matching loci. It is important to note that in the UK at least 10 loci must match. The EU legislation entails therefore lower accuracy and standards for DNA checks than in the UK. Obviously, higher loci are necessary in order to reduce false matches and to correctly assess accuracy. The Daily Telegraph has reported that “Research conducted in Holland found out of 81 “matches” with six checks, some 67 per cent were false positives” whereas “there was just a five per cent error rate among 259 matches where seven checks were carried out.”
There is no harmonised approach within the EU on collection and retention of data, which are subject to different national rules. Member States collect DNA and fingerprints on different grounds and the retaining period of these data is also different among them. It should be borne in mind, that the UK DNA database includes profiles from all convicted offenders, including those who have been charged with minor crimes and of people who have never even been charged with a crime, while in the majority of the EU’s Member States they are kept just for serious crimes. In fact, the UK DNA database is the largest database in Europe, it contains details of over 4.5 million people, including people who do not have a criminal record. Hence, the UK is very likely to exchange DNA data more broadly than other Member States. Obviously, these raise concerns about data protection, and legal application of DNA evidence at the EU level. Taking into account, as above-mentioned, the lower accuracy and standards for DNA matches, there are concerns that innocent people might be wrongly identified as a match, being then linked to a crime committed in another member state and having their details passed on to foreign police authorities.
Furthermore, the law enforcement authorities have access to national vehicle registration with the power to conducted automated searches on data related to owners and operators as well as vehicles, if they have the full chassis or registration number. Hence, foreign law enforcement authorities will have access to the DVLA database. They will have, therefore, access to data bellowing to over 40 million people, including name, address, motoring convictions as well as some medical information. It is important to note that there are concerns that the DVLA database will be access for minor offences, which goes beyond the defined scope of cross-border crime and counter-terrorism.
In order to prevent criminal offences and to maintain public order and security for major events with a cross-border dimension such as big sport events and Council summits, Member States are require to share personal data if there are circumstances given reason to believe that the data subjects will perpetrate a crime at the event or creates a threat to security. The Council Decision also allows closer cooperation between police authorities by means of joint security operations and cross border interventions. Therefore, each Member State, as a host State, may confer executive powers on officers from the other Member States, involved in join operations. Consequently, police officers from a Member State may enter the territory of another Member State and participate in a joint operation carrying their usual service weapons and wearing their own national uniforms. Obviously, such provisions raise sovereignty concerns.
Moreover, the Decision contains data protection rules, but it is arguable whether it guarantees a sufficient standard of data protection. In fact, Peter Hustinx, European Data Protection Supervisor, has criticized the Council Decision on the Prum Treaty, for breaching privacy rights of European citizens.
It is important to recall that before the Lisbon Treaty entered into force “Police and Judicial Cooperation in Criminal Matters” (third pillar measures) were subject to the intergovernmental method and unanimity. The then Labour Government could have vetoed the Council Decision incorporating the Prum Treaty into the EU framework but it choose not to do it. It should be noted that the 2009 Conservative European Election Manifesto read “We are gravely concerned that the Labour Government has also signed up to the incorporation of the Prüm Treaty into EU law, facilitating the sharing of DNA, fingerprint and vehicle registration details across Europe.” Moreover, it stressed “since we have the biggest DNA database in the world – including samples of a million innocent people – this would have a disproportionate impact on the UK.”
Member States were required to take all the necessary measures to comply with the Decision’s provisions relating to information exchange on major events and in order to prevent terrorist offences as well as on joint operations and assistance in connection with mass gatherings, disaster and serious accidents by 26 August 2009. Moreover, they were required to comply with the provisions of the Prüm Decisions relating to information exchange concern automated searching of DNA profiles, dactyloscopic data and vehicle registration data (VRD) by 26 August 2011. However, several member states due to IT and financial problems, logistic, legal and political decision making problems have not met the 26 August 2011 deadline. The majority of member states have not implemented the Prum Decisions by the deadline required.
The Government has not implemented yet the Prum Decisions. But, it has put forward proposals for the retention of DNA and fingerprints in the Protection of Freedoms Bill tabled in February 2011. The Government is presently evaluating the different options to deliver the technical changes required to meet the obligations of these decisions. In a letter to Bill Cash, Chairman of the European Scrutiny Committee, from last February, James Brokenshire, the Home Office minister, said “Early work to identify the cost of meeting our Treaty obligations suggests that we will not be able to afford full implementation of all the Prüm requirements within this Spending Review period” but the government expects “work to concentrate on the Vehicle Registration Data and DNA elements of Prüm later in the 2011-2015 period which we hope will go some way towards meeting our implementation obligations.”
The European Commission adopted last December a report on the implementation of the ‘Prüm Decision’. It noted that not all member states are connected to each other, as they are still experiencing technical implementation problems, particularly with the installation of automated data exchange software.
According to the European Commission, in October 2012, 23 Member States “have indicated that they are considerably advanced in the required steps for the automated exchange of DNA data and are likely to become operational in early 2013.” However, the European Commission has stressed that the UK, as well as other 3 Member States “still need to step up their efforts significantly.”
The implementation in the area of exchange of fingerprints has been particularly difficult, the Commission noted, “As at 31 October 2012, only 14 Member States were ready for searches in their automated fingerprint identification systems (AFIS) by other Member States.” It also stressed that it remains unclear whether the UK “will go operational.”
The implementation deadline has been met by 9 Member States in the area of automated vehicle registration data (VRD) exchange and only 13 Member States were in operation in this area by October 2012. The European Commission criticised the UK for not having “undertaken any noteworthy activities”.
According to the European Commission “Given the various possibilities to obtain support and the long period of time that has elapsed since the adoption of the two Prüm Decisions, it is hard to see any reasons which could justify
lack of implementation.” It stressed, “What is needed above all seems to be political will and appropriate prioritisation to overcome barriers at national level.”
Hence, according to the European Commission “the state of implementation is insufficient” consequently it “invites Member States to make all efforts necessary to implement the Decision in full.” Nevertheless, the Commission’s report noted,
“A considerable number of Member States consider that the matching rules, in particular for DNA data, are not fully satisfactory and should be designed in a better way so as to avoid matches that are identified as false upon subsequent verification.” It also pointed out that several Member States have suggested “more efficient use of limited search capacities in the area of fingerprint data” as they are concerned over the “danger of overloading national systems.” The European Commission is therefore aware that the Prum system is far from perfect.
The former Government has not conduct a proper impact assessment before allowing the Prüm Decisions to be incorporated into EU law. According to a provisional estimate the start up costs for the exchange of DNA, fingerprint and vehicle registration data would be around £31 million. However, no clear figures have been provided yet on the annual cost of running the Prüm system. According to the House of Lords European Union Committee “the cost to the United Kingdom of supplying information to other States may be one of the highest, given the size of its DNA database.” The UK taxpayers are likely to face a huge bill for the implementation and operation of the Prum systems. The Coalition Government now has to allocated human and financial resources for the implementation and the running of the Prüm systems, draft manuals for the use of the new legal instruments, training staff and to adapt the national databases and workflows in line with the Prüm requirements.
It is well known that the Lisbon Treaty has given the EU competence to legislate in the area of criminal law. Hence, decision making on criminal matters is now subject to the Community method, ordinary legislative procedure, qualified majority voting and the European Court of Justice’s jurisdiction. The UK has an opt out for all matters of the Area of Freedom, Security and Justice of the TFEU, but it will lose protection every time it decides to opt in, transferring jurisdiction from the UK courts to the ECJ jurisdiction.
It important to recall that Protocol no. 36, annexed to the Treaties, on transitional provisions covers the Court’s jurisdiction and Commission competence overt third pillar matters before the entry into force of the Lisbon Treaty. According to Article 10 of this Protocol, the Court limited jurisdiction over police and judicial cooperation in criminal matters is retained for existing measures for five years after the Lisbon Treaty entry into force.
The UK is not subject to the ECJ jurisdiction as regards existing measures on police and judicial cooperation for a five years period. Moreover, the Commission does not have powers to initiate infringement procedures against Member States concerning the implementation of these matters in their national law, for a five years period. Hence, the Commission had no power to bring infringement proceedings against the UK when the deadline for implementing the Prum Decisions has passed. However, if a proposal to amend the Council Decisions is adopted before 2014 and the UK decides to opt into it, then if the UK fails to implement it, it would be subject to infringement proceedings.
The Prüm Council Decisions are therefore subject to the transitional provisions in Protocol no.36 to the EU Treaties, where the UK must decide in 2014 whether to accept the Court’s jurisdiction on such measures or opts out entirely from them.
The Secretary of State for the Home Department has recently made announced that “the Government’s current thinking is that we will opt out of all pre-Lisbon police and criminal justice measures and then negotiate with the Commission and other member states to opt back into those individual measures that it is in our national interest to rejoin.” The Secretary of State pointed out “discussions are ongoing within the Government and therefore no formal notification will be given to the Council until we have reached agreement on the measures that we wish to opt back into.” It is essential that in 2014 the Government decide to opt out from all third pillar measures adopted before the Lisbon Treaty and which have not subsequently been amended or repealed, including the Prum Decisions. As Dominic Raab said, “if we opt in, with a million innocent people’s DNA on our police database and a 67 per cent error rate under the EU scheme, more and more UK citizens risk finding themselves mistakenly dragged into criminal investigations abroad.”
The Commission pointed out “Prüm was adopted under the former third pillar, so the usual rules for control of national implementation do not apply during a transitional period.” But, it also stressed, “As of December 2014, … the Commission will have the possibility of using infringement proceedings.” The Daily Telegraph pointed out “the Commission is now threatening “infringement proceedings” for the delays, which could mean a fine of at least £7.5 million for not doing Europe’s bidding.”
James Brokenshire, the Parliamentary Under-Secretary for Security has recently said to the European Scrutiny Committee, as regards the European Commission’s report on the implementation of the ‘Prüm Decisions’, “The report mentions some very real problems with the technical and administrative specifications for Prüm. These include the matching rules for DNA hits which, should the UK implement Prüm, potentially cause some major problems with adventitious matches. (…) Other technical difficulties exist in the fingerprint area; these include the possibility that verification rules around hits are not sufficiently tight and capacity problems with Member States’ verifying authorities and within their Automatic Fingerprint Identification System (AFIS) databases.”
The Minister recalled, “The Prüm Decisions are, of course, included in the list of police and judicial cooperation measures which are subject to the UK’s 2014 opt-out decision” and noted, “As the report does not propose new measures or changes to the legislation, this situation is not altered.” James Brokenshire also explained that the Home Office acceptance of EU funding to support implementation of the provisions on DNA data exchange, “does not in any way prejudge this decision and should not be taken as an indication one way or the other as to whether the UK will exercise its opt-out, or if it does so, that it will ultimately opt back into the Prüm Decisions.”
Although the Minister has questioned the usefulness of some requirements contained in the Prüm Decisions, namely that fact that Member States are required to designate national contact points responsible for different elements of Prüm cooperation, he has not provided, as the European Scrutiny Committee pointed out, “the Government’s
view on the practical and operational utility of Prüm cooperation or, given the concerns expressed about the accuracy of matches based on DNA profiles, the implications of the Decisions for the protection of fundamental rights.”
According to the European Scrutiny Committee the delays in the UK implementation of the Prüm Decisions concerning the automated exchange of DNA, fingerprint and vehicle registration data “are largely a result of financial constraints, rather than an unwillingness to play a full part in Prüm cooperation.”
Looks like we will have to “borrow” yet more money to pay fines to foreigners that Members of our British Government have given THEIR temporary Authority (Sovereignty) to.
Remind me, exactly WHO Govern’s Britain? Those we elect and pay to Govern this Country, or those that pay to give their sovereignty to govern this Country away?