01 November 2002
Updated 20 & 9 December 2002
Documentation updated: 5.12.02
This proposal was agreed at the Justice and Home Affairs Council on 19 December 2002.
Two questions led to this item being withdrawn from the agenda of the Justice and Home Affairs Council on 29 November: i) differences between a number of government over the question of liability (which has now been resolved) and ii) parliamentary scrutiny reservations (which have not been resolved).
On 4 December the chair of the UK parliament's Select Committee on the European Union (House of Lords) wrote to the Home Office Minister raising concerns on four issues: a) the scope of the proposed exchange of data which is not restricted to the remit of the Europol Convention; b) the apparently unlimited range of authorities in the USA who would have access to personal data provided by Europol; c) there should be an express reference to the fact that "Europol data should never be passed on by the United States"; d) asks for details on the "data protection bodies in the US which the US government has identified". The letter concludes: "In the meantime the sub-committee agreed to hold the document under scrutiny".
It is apparently planned to adopt the measure as an "A" Point (ie: without debate) at the General Affairs Council on Tuesday 10 December and for there to be a formal "signing" ceremony with the US on Wednesday 11 December.
Tony Bunyan, Statewatch, editor comments:
"The way this measure is being rushed through has provided no realistic opportunity for national and European parliaments or civil society to subject the proposal to proper scrutiny. The issues at stake are too important to be left to secret decision-making removed from democratic accountability."
Story filed 27.11.02
On Friday 29 November the EU Justice and Home Affairs Council meeting in Brussels will be discussing an agreement between Europol and United States authorities for the exchange of personal data which lacks fundamental data protection principles including the individual's right to know and challenge information held on them.
Way back on 18 October 2001 the EU negotiators presented the US authorities with details of "the data protection principles applicable to the processing of law enforcement" in the EU, the US side said they would respond by providing a similar brief - but this never arrived and the negotiators simply set about drawing up a new sets of rules. The reason the brief from the US never arrived is simply because the US does not have data protection laws - US citizens, but only US citizens, have some rights under its 1974 Privacy Act.
In every other agreement reached by Europol to exchange personal data with non-EU states the Joint Supervisory Body of Europol (responsible for data protections aspects) has presented a report on the data protection laws of the country in question before negotiations can be started. Europol treaties with 11 states and international organisations have so far been concluded, negotiations with a further five countries are underway and another 13 agreements are in the pipeline.
In this case the Joint Supervisory body admits that its Opinion (dated 3 October 2002) which gives the go-ahead is based on "general knowledge" and "presentations" by US officials.
What is even more extraordinary is that this Opinion of the Joint Supervisory Body makes no reference to Article 10 of the proposed agreement which covers "Access by private persons and entities". Under the Europol Convention the equivalent provision is Article 19 on the "Right of access" which although subject to initial veto of access, then provides for an appeal to the Joint Supervisory Body. Article 10 of the agreement is summarised in a UK Home Office Memorandum as meaning that: "The data should not be released if the transmitting party does not agree". So, for example, an individual would have no right of access to information or intelligence sent across by US authorities to Europol on them - the US would have the right of veto. Moreover, Europol and US authorities are allowed to exchange information which can include data on "race, political opinions, or religious or other beliefs, or concerning health and sexual life" if the request is considered "relevant" (Article 6). Such personal details concerning political or terrorist suspects and their friends would be virtually unchecked.
The Europol Convention provision on the "Correction and deletion of data" (Article 20) is simply ignored in the Europol-USA agreement (and by the Joint Supervisory Body) - under Article 20.4 of the Europol Convention: "Any person shall have the right to ask Europol or correct or delete incorrect data concerning him".
The USA also set pre-conditions for the agreement:
"the US side made it clear that it was impossible for them to indicate with any degree of accuracy which authorities could be involved in using such information"
Statewatch has prepared a stinging analysis which calls for the agreement to be rejected:
Tony Bunyan, Statewatch editor, comments:
"We have a poorly drafted, ambiguous and contradictory agreement which exceeds Europol's mandate and is incompatible with the data protection principles of the EU. There is no mention of data protection whatsoever and no rules on access to data.
For this to be agreed without proper consultation of national and European parliaments and civil society is quite unacceptable. The EU governments appear to be prepared to forget about their obligations to provide data protection for people in Europe in order to reach an an agreement with the USA.
This is yet another instance where in the post 11 September 2001 climate agreements with the USA are to be made which are not limited to combating terrorism but extend to crime in general with little or no accountability"
For further information please contact: 00 44 208 802 1882
However, according to EU documents, in the absence of an agreement (and any rules on data protection whatsoever), "the exceptional transmission of personal data without an agreement is still taking place".
The agreement also fails to guarantee the right of access to data by data subjects as set out in EU, international and national rules, and expressed in Article 8(2) of the EU Charter of Rights ('Everyone has the right of access to data which has been collected concerning him or her...'). Nor does it respect the international obligations applying to EU Member States and the EC rules on data protection which require there to be an independent authority, not merely one with the 'appropriate' degree of independence as in the proposed Treaty. This is expressly stated in Article 8(3) of the EU Charter of Rights. Similarly, the agreement flouts the international rules severely restricting processing of data in certain 'sensitive' categories, as set out in Article 6 of the agreement and there is thus a huge risk that Europol will either transmit its information or receive American information which violates the rules on processing of sensitive data.
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: c/o MDR, 88 Fleet Street, London EC4Y 1DH, UK. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.