Thursday, 26 August 2010

European Commission “tweets” its overview of information management in the area of freedom, security & justice

“Allo Allo ... this is your Commission calling. We know you politicos aren’t going to read all 53 pages of our report, so we thought we would tweet you the best bits.

Euroland has got loads of databases in which the cops keep stuff about the bad guys & the usual suspects. The Schenegen Information System holds well over 31.5 million records alone.

They tell us that some records are kept for 15 years, while others are only supposed to exist for a day.

Some cops want to pool all the records into a single Euro database & trawl it when investigating serious crimes. But there’s no common definition of what a “serious crime” actually is in the EU.

Yippie! If all the records are in one place, then it’s going to be much easier to pass them to the Americans, the Canadians and the Aussies, when they ask us nicely.

Hang on though, what would the privacy yonks do if they thought we could set up an Uber Database of Euro Bad Guys? May be we’re better off with things as they are.

Pass us the wet towel ... we’ll polish the broad principles we’ve developed, and create some kind of action plan. We’ll kick decisions into the long grass and write a feasibility study – say in 2012.”

If you really want to know more about the information sharing databases that have been created within the EU for various law enforcement programmes, then you’re in luck, as last month the European Commission published an overview for the European Parliament and the Council. It covers the main purposes of each large programme, their structure, the types of personal information held, the list of authorities that have access to such data and the provisions governing data protection and retention.

The overview was published as Member States had asked the Commission to develop a more ‘coherent’ approach to the exchange of personal information for law enforcement purposes.

Naturally, a single, overarching EU information system with multiple purposes would deliver the highest degree of information sharing. But, the Commission has accepted that creating such a system constitutes a gross and illegitimate restriction of individuals’ right to privacy and data protection, and poses huge challenges in terms of development and operation.

So, the Commission considers that a series of compartmentalised (or federated) databases is more likely to safeguard citizens’ right to privacy than any centralised alternative.

The Commission isn’t too sure what to do next. It’s created a bunch of high level principles that will need an awful lot more detailed developmental work before their ideas are ready to be discussed by the rest of us. These high level principles (surprise surprise) relate to
• Safeguarding fundamental rights, particularly privacy & data protection
• Necessity
• Subsidiarity
• Accurate risk management
• Cost-effectiveness
• Bottom-up policy design
• Clear allocation of responsibilities
• Review & sunset clauses

It sounds as though the Bureaucrats and the Eurocops have got many, many more months of passionate debate before the next stage of this proposal sees the light of day.

[The actual communication from the Commission, COM(2010)385 final, published on 20 July 2010, can be found at]