International police data-sharing: what are the UK and EU cooking up?


For the last few years, British and European officials have been seeking ways to regain the ability to instantly share police data across borders – an ability that was lost after the UK left the EU at the end of 2020. The plan currently under development is to build a new data-sharing architecture encompassing the UK, the EU and other “international partners,” but substantive details of it are being kept under lock and key. The implications go beyond privacy and data protection, and raise questions about the potential uses of a new system to crack down on the right to protest, as well as the right to seek asylum.

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

Image: European Space Agency

Predictions of doom

In the months leading up the UK’s departure from the EU, the media was filled with warnings about the potential impact of police and border forces losing access to databases such as the Schengen Information System and those maintained by Europol.

The BBC reported:

“The National Police Chiefs Council (NPCC) predicted there will be a major impact on operations if the UK cannot negotiate a date to retain access to databases that play a pivotal role in uncovering criminals on the move.”

In the event, the EU-UK Trade and Cooperation Agreement allowed the UK to maintain access to Europol’s systems. The head of the National Crime Agency remarked in March 2021 (pdf) that:

“…very little will change in our relationship with Europol. We will still have the UK liaison bureau. We have not withdrawn people from there. We continue to have the right people in place… we have seen no deterioration in the volume, speed, quantity or quality of the intelligence we share through Europol. We continue to be able to do that.”

The UK also remains part of the Prüm network of police databases, and is still taking part in dozens of joint police operations coordinated through the EU’s European Multidisciplinary Platform Against Criminal Threats (EMPACT).

Nevertheless, for law enforcement officials, one sore spot in the Trade and Cooperation Agreement (TCA) was lack of access to the Schengen Information System (SIS II). This provides access to millions of alerts on wanted individuals, vehicles and objects, and is searched billions of times a year - increasingly via automated means. After the TCA was signed, The Independent warned that the failure to include SIS II access in the deal could have “significant and negative impacts to the UK’s security.”

Since the UK left the EU, the country has not been engulfed by crime. Nevertheless, plans are being developed to ease the sharing of data between police and border authorities in the UK and EU member states. The intention is to allow something like the type of data-sharing that was in place prior to Brexit – although this time, the system being built will be open to a wider club of states.

Many will see this as a welcome initiative to crack down on criminality, but there are serious implications for peoples’ rights, and they go beyond privacy and the protection of any data that is shared across borders. For example, Europol’s latest terrorism and extremism report indicates an increasing interest amongst Europe’s police forces in environmental and other protest movements.

Given the crackdown on protest in the UK spearheaded by the current Conservative administration, a new data-sharing system could offer another avenue for repressing freedoms of association, assembly and speech. Connecting border authorities to the system could also provide a means of transnational repression by states seeking to persecute dissidents abroad, as has happened with Interpol’s systems. The transnational expansion of law enforcement data systems also comes at a time when the authorities responsible in the EU for ensuring they are used lawfully are systematically under-funded and under-staffed, making meaningful supervision of their use unlikely at best.

Leaps and bounds

It is public knowledge that the UK is seeking to develop a system called the International Law Enforcement Alerts Platform (I-LEAP). This is designed to be “an alternative alert sharing platform that may be capable of replicating some of the functionality of SISII, subject to agreements with EU and international partners.”

The official vision for the system is “to provide a single mechanism for UK Law Enforcement users to access and share alerts related to people, documents and objects with International partners on a reciprocal basis at the point of need, thereby enabling UK and International Law Enforcement to better protect citizens.”

The first phase of the project will provide on-the-spot access for police officers to Interpol databases containing “nominal data,” described by the OSCE as “personal data and the criminal history of people subject to request for international police cooperation.” The system will also provide access to facial images held by Interpol.

According to a report by Matthew Rycroft, Permanent Secretary at the Home Office:

“As of December 2022, the I-LEAP capability has been fully adopted across police service Northern Ireland, Surrey, Sussex and counter terrorism policing, alongside new users from Avon and Somerset and Wiltshire police. This represents over 12,000 users across these forces with over half a million searches carried out.”

This year, the system will be upgraded to provide access to Interpol data on stolen vehicles and stolen, lost and fraudulent travel documents. By April next year the intention is to provide “real-time access to INTERPOL data to all UK territorial police forces and to the UK Border.” So far, beyond a discussion in the House of Lords last year about a report on post-Brexit police cooperation, there has been no parliamentary debate about the development of this system.

After more UK police forces are given direct access to Interpol’s databases, phase two of the plan is to re-introduce direct connections with EU police forces. According to Rycroft’s report, bilateral deals with individual EU member states will no longer be negotiated. Instead, the UK will:

“…focus on a potential multilateral agreement with the EU (and in the longer term, bilateral agreements with non-EU international partners). This follows the announcement by the EU Commission at the end of 2021 to bring forward a proposal for “a framework for reciprocal access to security-related information for front-line officers between the EU and third countries”. We now understand the EU Commission proposal may be published in late 2023.”

What reads as a happy coincidence is, presumably, nothing of the sort. The Home Office recently told Statewatch that “I-LEAP engagement is ongoing with countries and international organisations, specifically the European Union.”

Private gateway

This statement came in response to a freedom of information request filed by Statewatch for the Home Office’s “Gateway 0 Review” of the I-LEAP programme. The Home Office refused to release it, citing exemptions in the Freedom of Information Act relating to international relations, national security, and “information provided in confidence”.

The Home Office has however published information about the “Gateway 0 Review” elsewhere – namely, in Rycroft’s report, which notes that the review team found the second phase of the project, which would directly connect UK agencies with their EU counterparts, “heavily dependent on the forthcoming EU Commission proposal.” It is perhaps for this reason that the review gave the project “a DCA (delivery confidence assessment) rating of AMBER.”

The report then cryptically states:

“The Review team noted opportunities to engage and influence EU partners at both a policy and operational level, with the aim of ensuring the forthcoming EU Commission proposal is aligned with UK requirements. The Review team made 6 recommendations that the programme accepted and are progressing.”

It is tempting to wonder, of course, whether the EU initiative is in fact solely an EU initiative – but whatever the case, British diplomats in Brussels have presumably been busy in recent months, and will be for some time to come.

Security-related information sharing

The Commission’s plans to step up international police and border data-sharing have not gone by unnoticed. A joint submission to a public consultation from Statewatch, nine other organisations and two academics said “we (the undersigned organisations) believe that this initiative should not proceed and that there is no legal basis under which the sharing of sensitive personal information between EU and non-EU authorities should be pursued.”

The submission highlighted the fact that there are already multiple similar initiatives in place or in development which should be evaluated prior to the launch of any new project. It noted that any such information-sharing agreement with countries such as Libya or Egypt could have disastrous results for migrants and refugees seeking safety in the EU, as could such cooperation with Western Balkans states.

The Commission’s proposal is due to be published later this year which, whatever the shortcomings of the EU’s decision-making procedures, will at least provide the opportunity for public and parliamentary debate. Over the Channel, with the slogan “take back control” still echoing through Whitehall, it is unclear what degree of democratic scrutiny will be afforded to the plans of the UK government to sign up to this data-sharing system.

As Statewatch has highlighted elsewhere, the government has actively avoided parliamentary scrutiny when it comes to police data-sharing deals with the EU in the past. Under pressure from the EU to open up DNA data held by the police on people suspected, as well as convicted, of criminal activity, the government went behind parliament’s back:

“With a stroke of the pen, the government made DNA profiles taken from some 5.7 million people available for searching by law enforcement authorities in EU member states, reversing parliament’s decision only to share data on those convicted of a crime. A House of Commons committee concluded that it was

‘…deeply concerned at the Government’s lack of engagement with Parliament during the review process or involvement of Parliament in evaluating and endorsing the outcome of the review and the change in the Government’s policy...’”

With regard to the legal basis for any new law enforcement data-sharing agreement with the EU and other “international partners”, Rycroft’s report notes:

“As per the Constitutional Reform and Governance Act 2010, where necessary the agreements will be scrutinised by Parliament before their ratification and commencement. All required enabling UK legislation will need to be in place prior to any agreement’s entry into force, including the enactment of any new powers required to implement these agreements. This will ensure that there is a clear legal basis domestically for the implementation of I-LEAP multilateral and bilateral agreements.” [emphasis added]

For some time, one of the favoured slogans of pro-Brexit campaigners and politicians was the utterly meaningless “Brexit means Brexit”. In the years since the UK’s departure from the EU, it has become evident that Brexit in fact means many things – in this case, a reshaping of the European states’ security architecture to ensure mutual access to police and border databases for authorities in the EU, UK and beyond, with implications for the rights to protest, to seek asylum, and to privacy.

One part of the context, of course, is the current UK government’s plan to weaken data protection law, to the point where experts have called for the EU to annul its adequacy decision. That would certainly throw a large spanner in the works of the information sharing plan which, one way or another,“should not proceed” – though that will require a significant fight on both sides of the English Channel, and perhaps beyond.

Chris Jones

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.

Further reading

29 March 2023

Submission to European Commission consultation on "security-related information sharing"

The Commission’s initiative for a ‘Security-related information sharing system between frontline officers in the EU and key partner countries’ is a further development along the path of problematic border externalisation, and a trend of increasing use of large-scale processing of the personal data of non-EU citizens for combined criminal law and immigration control purposes, that civil society has been speaking out against for years.

24 January 2023

UK: Stop the Public Order Bill

Having failed to get through a number of anti-protest measures in last year's Police, Crime, Sentencing and Courts (PCSC) Act, the government is now seeking to put them on the books through the Public Order Bill, which is being discussed in the House of Lords. A new briefing drafted by Liberty and signed by 74 civil society organisations, including Statewatch, calls on peers "to defend protest rights and support amendments to mitigate the Public Order Bill’s worst effects." These include "Serious Disruption Prevention Orders" that would make it possible "to ban named individuals from protesting, associating with certain people at certain times, and even using the internet in certain ways."

20 January 2022

Brexit: Goodbye and hello: The new EU-UK security architecture, civil liberties and democratic control

<p>The UK government's domestic programme seeks to crack down on dissent and to abolish or severely limit ways for the public to hold the state to account. This report shows that those ambitions also play a role in the post-Brexit agreement with the EU. The treaty makes it possible for the UK to opt in to intrusive EU surveillance schemes with no explicit need for parliamentary scrutiny or debate, and establishes a number of new joint institutions without sufficient transparency and accountability measures.</p>


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error