• Home /
• Analyses /
• 1999 /
• Memorandum on European Union Databases

Memorandum on European Union Databases

Topic

Country/Region

11 May 1999

Evidence submitted by Statewatch to sub-committee "F" of the House of Lords Select Committee on the European Communities's inquiry into European Union Databases

The Select Committee has asked for comments at this stage on seven separate (but related) issues concerning the CIS, SIS, Europol and Eurodac. This submission summarises and critiques the relevant provisions. Discussion of the "scope" and "purpose" of the databases, has been compressed into one section.

1. THE UK s POSITTON IN RELATION TO EACH OF THE DATABASES

(a) SIS

The UK never became a party to the Schengen Convention, which provides for the establishment and operation of the SIS. The "Schengen acquis", including the SIS7 will very shortly (likely at the Council meeting of 11 or 17 May) be integrated into the framework of the EU by a Council Decision allocating the Schengen acquis, adopted pursuant to Article 2(1) of the Schengen Protocol attached to the EC and EU Treaties by the Amsterdam Treaty. Political agreement on this Decision was reached at the last General Affairs Council, on April 26. However it is understood that apparently the Council could not reach agreement in this Decision on allocation of the provisions of the acquis relating to the SIS, with the result that these provisions are allocated to Title Vl of the EU Treaty provisionally by default, as provided for in the Schengen Protocol. Nevertheless, in accordance with Article 5(2) of the Protocol, any measure building upon the Schengen acquis must be taken pursuant to the relevant provisions of the EC or EU Treaty, and therefore any amendment to the SIS provisions of the Schengen acquis must be adopted under specific legal bases found in the EC or EU Treaty. In other words, such amendments cannot be allocated to Title VI EU by default.

This is relevant for the UK position. The UK indicated in March that it wished to join most of the provisions of the Schengen acquis, including the SIS (at least in part). Article 4 of the Schengen Protocol provides that the UK needs the unanimous support of the 13 existing Schengen states in order to join some or all of the Schengen acquis, and it seems possible that such support might be difficult to obtain as long as there is an argument over the application of some or all provisions of the acquis to Gibraltar. However, it should follow from Article 5 of the Protocol that if the UK wishes to join a measure building upon the Schengen acquis, it need only satisfy the conditions of Article 11 EC if that measure was adopted pursuant to the EC Treaty, or Article 40 EU if that measure was adopted pursuant to the EU Treaty. According to Article 11 EC, the UK needs only the support of the Commission to opt in to such measures under the EC Treaty, and according to Article 40(3) EU, its application to opt in will be deemed to be adopted unless a qualified majority of Council members votes against it. Therefore it is highly material how the SIS provisions are classified when the UK officially wishes to opt in to them. However, it is far from clear how to distinguish a measure building upon the Schengen acquis from the acquis itself. It might be argued that if the UK wished to join the SIS at a point when the provisions governing that system had been amended slightly from those presently in the Schengen acquis, the UK would have to satisfy both the rules relating to joining the acquis (because of the unamended provisions) and the rules relating to joining measures building upon the acquis (because of the provisions which had been amended). A further complication is that the territorial scope of the EC Treaty is specified (albeit rather ambiguously) in that Treaty and in the 1972 Accession Treaty, but the EU Treaty contains no provisions on territorial scope. Also, if some or all of the SIS provisions are allocated to the EC Treaty, it is arguable that the legal effect of those provisions is the same as Community law. It would be helpful to clarify these issues before the UK joins.

Another issue is the lack of clarity concerning the extent to which the UK wishes to opt in to the SIS. Home Office Press Release 084/99 of 12 March 1999 states that the UK wishes to opt in to "police, customs and criminal judicial co-operation, including the Schengen Information System" and includes the Home Secretary's description of the SIS as a "computer database which would help [law enforcement agencies] track down stolen vehicles and documents, missing and wanted persons". The Home Office memorandum submitted to this Committee during this enquiry states at pare 4X that the UK wishes "to participate in those areas of Schengen that relate to police co-operation, including the SIS". However, as the same memorandum points out correctly in the next paragraph, the SIS also includes data on third-country nationals who should be refused entry, pursuant to Article 96 of the Schengen Convention. Articles 5, 15 and 25 of the Convention make clear that persons listed in the SIS for Article 96 purposes will be refused entry, refused a visa, or refused a new or renewed residence permit, subject to certain exceptions. These are largely matters handled by the immigration authorities (and, to some extent, consular authorities) as distinct from the police. Articles 5,15 and 25 (and most related provisions) will presumably be allocated to the EC Treaty, and in certain circumstances some persons denied entry, a visa or a residence permit pursuant to an Article 96 listing already had rights accruing from Community law even before the Amsterdam Treaty. It is also arguable that EC data protection rules apply to all immigration and asylum matters from the entry into force of the Amsterdam Treaty. Therefore Article 96 is closely interconnected with the EC Treaty, even if it is not allocated to the EC Treaty. The Home Office memorandum appears to indicate (at pare 51) that the UK will not participate fully in the SIS as regards Article 96, but still intends to "share information in this area" with other Member States. It is essential that the Home Office clarify exactly how such information will be shared, because this would considerably widen the scope of UK participation, and raise in turn particular concerns about compatibility of such measures with the Human Rights Act and with Community law.

Finally, if the information stored in the SIS for the purposes of Article 96 is to be treated separately from the information stored for other purposes, a possible solution to the allocation of the SIS to the first and third pillars presents itself. There is already a precedent for operating a single database for both first and third pillar purposes, subject to separate first and third pillar measures (see discussion of the CIS, section l(c) below). It would seem open to the Council to adopt an EC Treaty measure governing the SIS for Article 96 purposes and an EU Treaty measure governing the SIS for other purposes. This would provide an opportunity to reconsider the inadequate data protection regime for the SIS, and in particular to provide greater data protection rights for Article 96 information than for other information, given that the disclosure of Article 96 information will rarely jeopardise ongoing criminal investigations.

While this is legally possible it is practically unlikely unless two separate systems are created. Whether on legal or practical grounds such a separation is likely to be opposed by more than one Schengen state. The effect of the UK's "application" to join parts of the Schengen acquis were set out on a Home Office memorandum dated 31 March 1999. The breakdown is as follows:

External borders NO

Internal borders NO

Visas NO

Schengen Information System YES

Police co-operation YES

Drugs YES

Judicial co-operation YES

(b) Europol

The UK has ratified the Convention, which entered into force on I October 1998 and it is expected to begin operations on I July 1999.

(C) CIS

The UK has ratified the Convention. The Home Office memorandum for this enquiry indicates that only one further ratification is needed for the Convention to come into force provisionally among eight Member States (at pare 2). As that memorandum also indicates, an EC measure (Regulation 515/97, OJ 1997 L 82/1) establishes a nearly identical database for first pillar customs information, which of course also covers the UK. Pursuant to Article 53(1), the Regulation entered into force on 16 March 1997 and has been applied from 13 March 1998, although as the Home Office memorandum indicates, the database established by the Convention is not yet in operation. Two further points are worth noting. First of all, the Regulation is the subject of an annulment action by the Commission (Case C-209/97, pending), on the grounds that it was adopted on the wrong legal base, although an Advocate-General's Opinion has advocated that the Court rule against the Commission. Secondly, it seems clear that any amendments to the Regulation or further measures in this field would, now the Amsterdam Treaty is in force, be governed by Articles 136 and/or 280 EC. Both these Articles are subject to qualified majority voting and co-decision of the EP, and both are in the "mainstream" EC Treaty, rather than Title IV of Part 3, so apply fully to all Member States, grant the Commission a sole right of initiative, and are subject to the unamended jurisdiction of the Court of Justice.

(d) Eurodac

The Justice and Home Affairs (JHA) Council of December 1998 reached unanimous political agreement (including the UK) on the Eurodac Convention and the JHA Council of March 1999 reached unanimous political agreement (including the UK) on a Protocol to that Convention. In both cases, the Council decided to "freeze" the text and to adopt a Community measure with essentially the same provisions after the entry into force of the Amsterdam Treaty. The Home Office memorandum is formally correct when it states (at pare 12) that the UK cannot decide whether to opt in to this measure until it is proposed as a Title IV EC measure. However, it would be extremely surprising if the UK opted out, given the link between Eurodac and the Dublin Convention, the prior agreement of the UK to the text of the Convention and Protocol, and the Home Secretary's statement of 12 March indicating that the UK would seek to participate in all asylum measures to be adopted by the Community.

The Home Office assertion that "the legal basis for [Eurodac has not] been agreed" (also at pare 12 of its memorandum) is again formally correct because there is not yet any official proposal for the adoption of Eurodac as a Community measure. However the Commission's recent discussion paper on asylum procedures (SEC (1999) 271,3 March 1999) assumes that the legal base for Eurodac will be Article 63(1)(a) EC (granting the Community the power to adopt measures establishing "criteria and mechanisms" for allocating responsibility for asylum applications), and this conclusion appears obviously correct in light of the link between Eurodac and the Dublin Convention. Article 63(1)(a) provides for a unanimous vote in the Council and consultation of the EP, with limited jurisdiction of the Court of Justice and a UK right to opt in or out. It might be argued that Eurodac should also be based on Articles 63(3)(b) and 66 EC (granting the Community the power to adopt measures concerning illegal immigration and co-operation between administrations), but this is a distinction without a difference, for these additional legal bases would not alter the legislative or judicial system governing Eurodac or the position of the UK.

2. SCOPE AND PURPOSE

(a) SIS

The SIS exists firstly for the use of national police, customs and border control authorities when making checks on persons at external borders or within Schengen states; and secondly, for the use of immigration officers when administering third-country nationals, in particular when deciding whether to issue visas or residence permits (Art 92(1)).

(b) Europol

Europol has a role where "an organized criminal structure is involved and two or more Member States are affected.... in such a way as to require a common approach" (Art 2(1), Europol Convention) and only for specified crimes. As the Europol Convention was drafted, these specified crimes were drug trafficking, trafficking in nuclear and radioactive substances, illegal immigrant smuggling, motor vehicle crime, and "traffic in human beings", along with associated money-laundering and "related criminal offences", defined broadly and non-exhaustively (Arts 2(2) and 2(3)). The Council, acting unanimously, can grant Europol competence over a huge range of further criminal acts listed in an Annex (Art 2(2)). Moreover, the Council can "amplify, amend or supplement" the definitions of various crimes contained in that Annex, including definitions of its initial competencies (except drug trafficking) (Art 43(3)). All these expansions of scope can be decided without consulting the EP or national parliaments.

The Home Office memorandum does not mention (at pare 30) that the Council took Decisions in late 1998 to extend Europol's competence to cover terrorism early, from the start of its activities (OJ 1999 C 26/22), and to redefine "trade in human beings" so that it included action against child pornography (OJ 1999 C 26/21). The December 1998 JHA Council also agreed in principle that Europol should also have powers over forgery of money and means of payment, with agreement on a formal Decision to this end at the 29 April 1999 Industry Council (not yet published), and the December 1998 Recommendation on arms trafficking (unpublished) contemplates Europol having competence in this area.

(c) CIS

The CIS, according to the TEU, is confined to assisting in "preventing, investigating and prosecuting serious contraventions of national [customs] laws" (Art 2(2) of Convention), namely the movement of goods which Member States can ban or restrict in accordance with Articles 30 and 296 (former 36 and 223) EC (the former concerns exceptions from the free movement of goods and the latter concerns the arms trade) and the use of property or proceeds derived from international drug trafficking (Art 1(1)). It should be observed that Member States lose the power to restrict movement of goods under Article 30 EC once the Community establishes rules fully regulating such goods under internal market legislation, and that the precise scope of Article 296 EC is unclear in the absence of any definitive ruling from the Court of Justice.

The purpose of the CIS, according to the Regulation, is to prevent the contravention of customs rules and to help mutual assistance between the member states customs authorities and between them and the Commission. Apart from the inclusion of the Commission as a partner in the data exchange the provisions of the Regulation regarding the CIS are almost identical to those in the Convention. In reality there are not two separate systems, but one system, based at and maintained by the Commission.

The Home Office memorandum makes no mention of the relationship between the third pillar CIS Convention and the first pillar system based on a Regulation. While there are many similarities between these systems, the scope of the European Court's jurisdiction to receive preliminary rulings will likely be different at least if the UK continues to object to the Court's jurisdiction. Rules on the first/third pillar distinction have been agreed (Council document 12861/98, approved 3 December 1998), but these rules are designed for use by officials. From an individual's point of view, it may not always be clear whether his or her personal information has been placed in the first pillar section of the database or the third pillar section. The CIS Convention thus represents a particularly good opportunity for the Government to rethink its opposition to the Court's jurisdiction over preliminary rulings over third pillar measures.

(d) Eurodac

Since neither the "frozen" text of the Convention and Protocol or the proposed Community act replacing them have yet been published, all references are to Council documents 12942/98,17th November 1998 (parent Convention), and 6324/98, 26 February 1999 (Protocol), which are understood to be the "frozen" texts. The scope of the Convention and Protocol covers the exchange, storage and checking of fingerprint data and related personal information.

The "sole purpose" of Eurodac is "to assist in determining" the Member State with responsibility for an asylum application pursuant to the Dublin Convention (Article 1(1), Eurodac Convention). More precisely the Convention aims to check whether an asylum applicant has made or will make multiple applications in different Member States. The Protocol extends this purpose to include "otherwise facilitating the application" of the Dublin Convention (Article I of Protocol). It extends the scope of Eurodac to include storage of fingerprints of third-country nationals who have "irregularly" crossed an external border, and also permits Member States to check the prints of "suspected illegal immigrants" found in a Member State (prints of the latter group will not be stored in Eurodac).

3. THE TYPES OF INFORMATION HELD AND THE CRITERIA FOR ENTRY

(a) SIS

To achieve the purposes of the SIS, Member States can enter certain types of information about or relating to persons (name, physical features, date and place of birth, sex, nationality, whether armed or violent, reason for report, and action to be taken: Art 94(3)) as well as specified information on vehicles and objects with related personal information (finding of person or object; place, time and reason for check; route and destination of journey; persons accompanying primary subject of surveillance or also in a vehicle; vehicle used; objects carried; circumstances of finding person or vehicle: Art 99(4); motor vehicles, trailers and caravans, firearms, blank documents, identification documents and bank notes: Art 100(3)). However, the SIS cannot store the very sensitive data listed in the first sentence of Article 6 of the 1981 Council of Europe Data Protection Convention ("the 1981 Convention" (ETS 108)): racial, political, religious, health and sexual information (Art 94(3)).

There are six broadly defined reasons for which information can be included in the SIS:

(a) when a person is "wanted for arrest for extradition purposes" (Art 95);

(b) when a person has been placed on the joint "blacklist" as a person to be refused entry to all the Schengen states (Art 96), because he or she is subject to a deportation or expulsion order or is considered "a threat to public order or national security or safety", particulary when:

(i) a person has a conviction for an offence with a sentence of over one year; or

(ii) there are "serious grounds for believing" a person has committed serious offences in a Schengen state; or

(iii) there is "genuine evidence of an intention to commit" serious offences in a Schengen state;

(b) when a person has disappeared or needs to be placed in a secure location to protect his or her safety (Art 97);

(c) when a judicial authority in one state wants to know the whereabouts of a person (such as a witness or a person being prosecuted) in another state during the course of a prosecution (Art 98);

(d) when one Member State wants others to subject a person to discreet surveillance or checks, because of indications that a person "intends to commit, or is committing numerous and extremely serious offences" or "where an overall evaluation of the person", particularly his or her prior offences, "gives reasons to suppose" that he or she "will also commit extremely serious offences in future" (Art 99); and

(e) where objects are sought "for the purposes of seizure or for evidence in criminal proceedings" (Art 100).

These provisions are extremely broad.

The data on the SIS mainly concerns wanted persons and objects. Thus the individual data sets on the SIS are very brief, containing no more than 150 bytes. Overall the majority of data sets relate to Article 96 making the SIS a technical means for expulsion and rejection at the border. The number of criminals wanted by judicial warrant (Article 95) is very small and there are certainly more data sets on persons and vehicles to be placed under discrete surveillance (Article 99).

In practice discrete surveillance is linked to the production of "intelligence" on the movement of persons. Although the information held about a person on the SIS is comprised of a small amount of data, the storage on the SIS of discrete surveillance alerts is used to produce a picture of a person's movements and their contacts_the person is not necessarily a "suspect" or an accused person in the legal sense. The link is even more tenuous where the person's "contacts" are recorded and notified to the authorities in the requesting member state.

It has to be borne in mind that Article 99 also allows the internal security services to put a person on the SIS.

In practice this means that a German secret intelligence officer (for example, the Verfassungsschutz) can formally request a Dutch police officer to check on, place under surveillance, and report back on a named person(s).

(b) Europol

There are essentially two levels of database within Europol: the more general information system established by Title II of the Convention (Arts 7-9) and the creation of analysis files pursuant to Title III (Arts 10-12). The general information system can store data related to persons who are "suspected of having committed or having taken part in a criminal offence" within Europol's competence, "or who have been convicted of such an offence", and persons "who there are serious grounds under national law for believing will commit criminal offences" within Europol's competence (Art 8(1)). This data may include the name (where necessary) physical features, date and place of birth, sex and nationality of such persons (Art 8(2)), along with criminal offences and alleged crimes, means which were or may be used to commit them, departments handling the case and their filing references, suspected membership of a criminal organization and criminal convictions related to offences within Europol's competence (Art 8(3)), and unspecified additional information concerning the persons upon whom information can be held (Art 8(4)).

Europol's analysis files are subject to different rules, for when Europol staff open analysis files, they are allowed to collect and process even more data than will appear in the information system. Analysis files may include not only information on definite or suspected criminals, but information on actual or possible witnesses, victims, contacts and associates, and informers (Art 10(1)). Indeed, they can include information falling within the highly sensitive categories of the 1981 Convention, as long as Europol staff do not collect information on a particular group of persons solely on the basis of such data. The rules on analysis files list 12 categories, and 66 sub-categories, of information which can be held on criminals, suspects and their contacts and associates (Art 6 of rules, OJ 1999 C 26/1).

(c) CIS

The types of data which can be included in the CIS are very similar to the types which can be included in the SIS (compare Art 4, CIS Convention to the Schengen provisions): information about or relating to persons (certain personal details and an indication of whether they are armed or dangerous) as well as specified information on vehicles and objects. The CIS, like the SIS, cannot store "very sensitive" data as defined in the 1981 Convention.

There are two differences between the SIS and the CIS. First, the CIS has specific purposes which concern only customs activities. Under the TEC these relate to contraventions of community customs regulations and, under the TEU, it covers all nationally-regulated offences which concern the import or export of forbidden or controlled goods (including money-laundering). Secondly, as the CIS is a customs data system its purposes are to technically assist customs operations. This means that discrete surveillance is the most important purpose for recording a person and/or vehicle on the CIS. The system thus functions mainly as a means for tracking operations, large "control operations", or "controlled deliveries". Each data record may be very small but each "sighting" is recorded leading to a "tracking" record.

(d) Eurodac

The parent Convention requires Member States to take the fingerprints of every asylum applicant over the age of 14 and transmit it to Eurodac (Article 4(1)), provides for the inclusion of the Member State of origin of fingerprints, along with the date and place of the asylum application; the fingerprints themselves; sex; reference number of state of origin; date on which prints were taken; date of transmission; date of entry details regarding recipients of transmitted data (Article 5(1)). The Protocol requires Member States to take and transmit the fingerprints of every third-country national over 14 "who is apprehended by the competent control authorities in connection with the irregular crossing by land, sea or air of the border of that Member State having come from a third country and who is not turned back" (Art 3).

4. ACCESS RIGHTS

(a) SIS

Article 101 of the Convention allows extremely broad access to SIS information for police, customs, and immigration authorities. There are no provisions concerning forwarding SIS information to third parties.

(b) Europol

Access to the Europol information system is limited to authorised Europol staff, liaison officers and the national police intelligence services (Art 9, Europol Convention). Complex rules in Title III of the Convention govern the extent to which analysis files concerned with operations can be shared with Member States not directly affected by an operation. An index system, which serves as a "guide" to the information in the analysis files, helps Member States' liaison officers to determine whether the Member States they represent are affected (Art 11), although the implementing rules governing the index system have apparently not been agreed yet.

(c) CIS

Direct access to the CIS system is limited to national customs authorities and other national law enforcement authorities (Art 7).

(d) Eurodac

Member States may search only the data which they have transmitted to Eurodac and the comparisons of fingerprint checks which they have received; and searches can only be carried out by designated authorities (Art 11). This provision applies mutatis mutandis to the Protocol (Art 8 of Protocol).

5. RELATIONSHIPS BETWEEN DATABASES (AND OTHER ONWARD TRANSMISSION ISSUES)

(a) SIS

This subject is not specifically mentioned in the Schengen Convention.

The functioning of the SIS cannot be separated from the SIRENE network (Supplementary Information Requested at the National Entry). There are 48,775 SIS terminals in the nine participating Schengen states. Whereas the SIRENE network is, currently comprised of nine national SIRENE bureaux with a few terminals each. The SIS allows an officer/official on the ground to check a person or a vehicle and provide very basic data (around 150 bytes). The officer does not know why a person should be detained or excluded simply that they should be. The underlying, broader, information (the full details on file) is supplied by the SIRENE bureaux located at the central offices of the national police.

The role of the SIRENE bureau is to determine what should be done in the case of a "hit". Thus, for instance, a record on the grounds of Article 95 is equivalent to an extradition request. The necessary information to effect the extradition is transmitted between the SIRENE bureau of the state where the "hit" is made and the SIRENE bureau of the state which issued the "alert". However, there is no clear legal regulation on the scope and purpose of the SIRENE network. The electronic links between the SIRENE bureaux also allow the transmission of other "intelligence" for instance, until now, the SIRENE handbook is unpublished and classified "Confidential".

(b) Europol

While it is accurate to state that Article 6(2) of Europol does not allow any direct link to the Europol system except for national liaison computers (pare 46 of Home Office memorandum), Europol information may still be forwarded by other means. Europol's external relations are potentially very far-reaching. Four sets of rules governing its powers to send and receive information from third states or bodies have been adopted (receipt of information from third parties (OJ 1999 C 26/17); transmission of information to third parties (OJ 1999 C 88/1); external relations with third states and non-EU bodies (OJ 1999 C 26/19); external relations with EU bodies (OJ 1999 C 26/89). These rules apply relatively strict controls on the sending and receipt of information, but the treatment of information acquired in violation of human rights is problematic. A draft model agreement with third states copies many of the rules and restrictions which appear in internal Europol rules, but does allow Europol to supply the highly sensitive data which the 1981 Convention usually rules "off-limits" (albeit only if "absolutely necessary") (Council document 7856/98,28 April 1998). EDU staffand American law enforcement agencies have already had extended contacts (see programme for EDU visit to America (Council document 6950/2/98, 8 April 1998). There were early discussions about links between Europol and UCLAF (the body within the Commission investigating allegations concerning fraud against the EC budget), focusing on breaches of EC law falling within Europol's competence and possible exchanges of information and skills, placement of liaison officers and access to databases (Council document 7306/98 3 April 1998). Presumably similar relations will be agreed with the new Community body about to replace UCLAF. One of Europol's most important relationships will be with Interpol, which also has an information and analysis system, but wider membership and competence. Here, early suggestions are for: similar technical rules and analytical techniques; exchanges of liaison officers; rules on jurisdiction over cases; co-operation in operational analysis; and exchange of non case-related information (Council document 7879/98, 28 April 1998).

(c) CIS

Whereas the CIS (TEC and TEU) is still not operational information has been exchanged since the beginning of the 1990s through the SCENT system (System Customs Enforcement Network). SCENT is a mailbox system operating between the national customs offices. It is used in joint surveillance operations or "controlled deliveries" carried out by customs authorities. The Commission has developed specific software programmes for SCENT which are used for operations mostly under the TEU (for instance, "maritime surveillance screen").

However, SCENT is not only accessible for customs authorities of the EU member states but also, by telex, to other European countries. The logic behind this is that surveillance operations are not only carried out under the roof of third pillar customs co-operation but also under the World Customs Organisation (WCO).

There is a long-standing division of labour between the EU and the WCO. The EU carries out joint surveillance operations at sea and passenger surveillance operations for air traffic. The WCO specialises in the surveillance of the "Balkan drug smuggling route" and of air cargo. The same division can be found in data banks used by European customs services since the mid-1980s. In the context of the "MAG" (Mutual Assistance Group, forerunner of the third pillar Customs Working Group) the MAR-Info and YACHT-Info were set up. In the context of the WCO the BALKAN-Info and the CARGO-Info were created. They contain customs intelligence. The German Zollkriminalamt (customs criminal office) co-ordinates these four information systems. Messages from the respective "Infos" are also sent out via SCENT. The theoretical legal distinction between first and third pillar intelligence-gathering and operation, EU and WCO, is simply ignored.

Legal niceties are also ignored when it comes to access to the CIS by international or regional organisations - if the Member States agree a Protocol to that effect (Art 7 of Convention). However, Member States may use information from the CIS "for administrative or other purposes", share it with national authorities other than customs administrations, or pass it on to non-Member States and international or regional organisations, if the Member State supplying the information agrees (Arts. 8(1) and 8(4), CIS Convention). These provisions are objectionable because they do not place any absolute or specific controls on the forward transmission of CIS data, and there are no "tracing" rules ensuring that third parties will be notified of any CIS information found to be incorrect and that third parties are bound to correct this information. See also comments on "future developments" at point 6(c) below.

(d) Eurodac

As the Home Office notes (pare 24 of memorandum), there is no provision for access to the Eurodac database. It should be added that linking the Eurodac database to the Europol, CIS, SIS or any other database would be highly objectionable. Eurodac will be established for a very narrow and specific purpose entirely unrelated to the crime-fighting purposes of the CIS and Europol databases or the crime-fighting and general immigration control purposes of the SIS database. As a result, it has a more generous data protection regime (and will arguably be subject to the EC's data protection directives); this regime would become "contaminated" with the extremely weak data protection rules that apply to the SIS, CIS and Europol, if there were a link between Eurodac and the other databases.

6. PROSPECTS FOR FUTURE DEVELOPMENT

(a) SIS

As the Home Office memorandum indicates at pare 64, there is advance planning for future versions of the SIS. Again, it would be helpful to know if the UK wishes to participate in all aspects of the SIS, for that will affect the future development of the system. In addition, if any further plans to alter the SIS are contemplated, such proposals must be disclosed in detail to the public immediately so that their merits can be discussed as widely as possible. It would be unacceptable to repeat the secrecy and unaccountability that characterised the negotiation and implementation of the Schengen Convention and the allocation of the Schengen acquis within the EC and EU legal system. As suggested in section l(d) above, it would be advisable for the Council to adopt separate measures govering the EC Treaty and EU Treaty data included in the SIS, and to amend the inadequate data protection rules applying to the system.

(b) Europol

The Home Office memorandum makes no mention of a very important dispute between the UK and the German Presidency concerning the future role of Europol (for details, see the 16th Report of the House of Commons European Scrutiny Committee, 1998-99), This dispute concerns the extent of Europol's future relationship with national police forces, rather than the Europol database; however, any change in the former might necessitate changes in access rights to, or the scope of, information held by the latter. Tt would be useful if the Home Office could explain what effect any change in the relationship between Europol and the national police would have on the Europol database, so that the merits of the former change could be discussed more fully. In addition, it is questionable whether the Council should continue to extend the scope of the Europol database and to redefine the forms of crime which Europol has competence over without fuller discussion of the merits of such decisions at national and EP level. Similarly, any decision to amend the Europol implementing rules adopted by the Council or the Management Board, to adopt new ones (concerning index files, for example), and to sign treaties on information exchange with third states or bodies, should be subject to full public scrutiny at national and EP level.

(c) CIS

It may be questioned whether it would be practical or appropriate to make any significant amendments to the CIS system, or to send or receive data from other databases, until all Member States have ratified the CIS system. Furthermore, it would be inappropriate to agree significant amendments to or information sharing with the system until it has been operational for some time, because it is possible that there will be many "startup" difficulties that will have to be ironed out over the first months and years of operation. Any damage to individuals that results from errors during the start-up period would then be more confined.

(d) Eurodac

The Home Office memorandum states that "it is not possible to consider future developments" (paragraph 26). However, since Eurodac is so closely linked to the Dublin Convention, there are two important specific questions concerning its future that could be mentioned now. First, the Community is obliged, pursuant to Article 63(1 )(a) EC, to adopt a measure on allocation of requests for asylum within five years after entry into force of the Amsterdam Treaty. Such a measure will obviously have the same scope as the Dublin Convention and will effectively replace that Convention, although the Council might well take this opportunity to alter the rules in the Convention given some member States' dissatisfaction with the Convention's operation. Substantial changes in the allocation rules may require a rethink of Eurodac, and indeed a radical change in the rules (for example, allocating responsibility in most cases to the first Member State in which a person applied for asylum) might render Eurodac irrelevant. Conversely, when reconsidering the allocation rules Member States might indeed wish to consider whether a simpler and fairer allocation system might have the benefit of sparing their taxpayers the expense of establishing Eurodac. Secondly, if the Member States agree parallel Conventions to the Dublin Convention with third states (for example, such a Convention is foreseen in the final act to the new EC-Swiss treaties), or if the Community signs treaties with third states on allocation of responsibility for asylum applications (the Community will acquire external competence on this matter once it agrees an internal measure on allocation), there may be consideration of extending Eurodac in parallel to that third state. Eurodac can only be extended to third states by means of a treaty between the Community and those third states, because of the rules governing the external competence of the Community. The substantive importance of this issue is that if the Member States or the Community want to agree an allocation treaty with a third country, they must consider not just that country's substantive and procedural asylum law and practice, but also its data protection law and practice. Such treaties will also be subject to the very strict external relations provisions of the EC data protection directive, now that this directive arguably governs asylum and immigration matters.