I beg to move,
That this House takes note of European Union Document No. 5833/12 and Addenda 1 and 2, relating to a Draft Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data; and supports the Government’s recommendation not to exercise its right to opt out of this draft Directive under Protocol 19 of the Treaty on the Functioning of the European Union (The Schengen Protocol).
The motion stands on the Order Paper in my name and that of my right hon. and learned Friend the Lord Chancellor.
I welcome the opportunity to debate the proposed data protection directive, which the European Commission published on 25 January. The directive would repeal and replace the 2008 framework decision on data protection in the police and criminal justice sector. It is an important instrument for law enforcement in this country and across the European Union, and it is right that this House is given the opportunity to consider the effect of the proposals on both the security and the freedoms of UK citizens. The debate fulfils the commitment made by my right hon. Friend the Minister for Europe to seek Parliament’s views on an opt-in decision in justice and home affairs matters, as well as opt-out decisions under the Schengen protocol, and I am keen to hear the views of right hon. and hon. Members.
In the Ministry of Justice’s impact analysis, the summary is that the overall impact is
“likely to be substantially negative”.
Given that, can the Minister explain why he does not want to opt out?
I will deal with that, but in deciding whether to exercise the opt-out, the Government looked at the most pessimistic reading of events. The conclusion to which my right hon. Friend refers has been before the European Scrutiny Committee, but that impact assessment does not take into account some of the consequences that would flow if we exercised an opt-out. I shall talk about those consequences later in my speech, but they include negotiating all the bilateral data protection arrangements that would be required were we not party to the directive.
Having held the responsibility of Europe Minister, my right hon. Friend, of all people in this House, will understand the complexity of the legal basis—complexity that has increased considerably since he and I were serving in the Foreign Office together, I as a special adviser and he as a Minister. If he will forgive me, I will get my arguments on the record, give right hon. and hon. Members the opportunity to contribute in the light of that, then respond to their remarks at the end of the debate. I will therefore resist taking too many interventions. This area is complex enough without adding further to that complexity—
If the hon. Lady will forgive me, let me get our position on the measure on the record, then I will be able to respond to interventions and points made in a more disciplined way.
It is the Government’s view that the proposed data protection directive can be classified as a Schengen building measure; therefore, under protocol 19 of the treaty on the functioning of the European Union, which governs how the Schengen acquis are integrated into the UK framework, the UK does have the option of opting-out of the directive. The deadline for notifying the Council of the European Union of an opt-out decision is 14 May.
The Government's position is that the continued ability to share information on crime and justice matters between nations is of fundamental importance. In an increasingly globalised world, crime does not stop at national borders, but reaches across jurisdictions and involves people of many different nationalities. The Government therefore support proportionate, clear and coherent data protection rules that keep personal data safe, protect the rights of citizens and enable our police to pursue criminals to protect the lives and interests of our citizens.
Will the Minister give way to the Chair of the Scrutiny Committee?
I am grateful to the Chair of the Scrutiny Committee for that point, but I will have to take advice on what was received and when before replying to him. I am trying to explain that, in this area, there is considerable confusion between opt-ins and opt-outs, so if he will forgive me, I shall try to explain this complicated matter and its consequences in as simple terms as I can, as much for my own benefit as for anyone else’s.
To address specifically the subject of debate this evening, we support the transfer of data across borders and between organisations where it improves our ability to prevent crime, increase security and keep our citizens safe. We must therefore protect the arrangements that have allowed EU member states to share information about suspected criminal activity in a regulated and proportionate manner. The challenge of the directive is that, although parts of it are welcome and will help in the fight against crime, some of the provisions are excessively bureaucratic and unwieldy. As it is drafted, we have concerns about the costs it would impose on UK law enforcement agencies. We are particularly concerned about the fact that it has been drafted so as to apply to internal processing of data—that is, information being shared by police forces or other criminal justice authorities within the borders of one country.
The Government's approach to the directive has been to establish the best way of securing the benefits of continued data sharing with EU member states, while minimising any resultant costs. Having gone through this analysis, our judgment is that, despite concerns about the current text, we should not opt out of the directive. There are three main reasons for this. First, the directive is at a very early stage of negotiation. There is substantial room for improvement, and it is clear that the UK has significant allies within the Council of Ministers who share our concerns. We believe that we can secure a more effective deal by working with our partners than by going it alone.
No. Secondly, the legal base of the measure gives the UK an effective exemption on the issue about which we are most concerned: internal processing of data. The directive is based on article 16 of the TFEU—the new data protection competence created under the Lisbon treaty. Under article 6a of protocol 21, which gives the UK and Ireland particular provisions and protections in the areas of freedoms, security and justice, the UK has what we believe to be a firm protection that provisions on internal processing will not apply to us.
No. My intention was to respond to the intervention made by my right hon. Friend the Member for Haltemprice and Howden (Mr Davis), but he is no longer in his place, so I shall come back to it later.
Thirdly, and most important, exercising the opt-out would endanger our continued ability to share information across borders without necessarily freeing us from the bureaucratic and unwelcome obligations potentially created by the new directive. That is because in the absence of the directive, the UK would have to negotiate new data-sharing arrangements bilaterally with each of the other member states in the European economic area. Notwithstanding the significant time and cost of those separate negotiations, the fact is that each of the member states with which we would be negotiating would be bound by the terms of the new directive, and of course would press the UK to adopt similar requirements to their own. The effect would be that we would end up taking on similar obligations to those of a directive that we had not participated in negotiating, and whose content we had not had the opportunity to influence.
The Schengen instruments contain their own specific and extensive data protection provisions, which will not be affected by the directive and will continue to operate, so in effect we would be opting out of very little, with little potential benefit for the United Kingdom, but potentially to our detriment. Furthermore, there are broader consequences to an opt-out.
If we were outside the directive, our ability to negotiate essential data-sharing agreements, such as we are in the process of doing on the passenger name records directive and the European Union third-country passenger name records agreements, could be significantly undermined. Equally fundamental, exercising our opt-out on this measure could throw our participation in other, broader Schengen measures into question and the Council could take the decision not allow us to continue to participate in valuable data-sharing arrangements under the police co-operation provisions of Schengen. This would be a serious problem for our law enforcement agencies, which benefit from the sharing of criminal data under Schengen.
It is therefore our careful collective judgment, based on the most pessimistic view of costs and benefits, shared with the European Scrutiny Committee, that our national interests are best served by participating in this directive so that we are party to the framework governing data-sharing for policing and criminal justice across the European Union.
I am afraid I do not agree with the hon. Lady. The directive is important for the security of our citizens. I will go on to give an example of the kind of co-operation that we wish to protect under these arrangements. If we are not party to these arrangements, we will have to start negotiating at least 27 bilateral arrangements, which would take us to precisely the same place as the directive, without the benefit of negotiating under the directive.
Let us be clear about what is at stake here. Rules enabling the sharing of data have made a tangible difference to the United Kingdom, and we take steps that imperil them at our risk and at risk to our citizens. Let me give an example, which concerned a 32-year-old Romanian national who was arrested in the United Kingdom on suspicion of raping two women within the Metropolitan area. A request for conviction data identified that the suspect had a previous conviction for rape in Romania. Just prior to the trial, the individual disputed the Romanian conviction, but through close liaison with the central authority and the police liaison officer at the Romanian embassy in London, a set of fingerprints relating to the Romanian rape conviction was obtained and proved the conviction beyond doubt when they matched the suspect.
An application to use the previous conviction as bad character evidence was made by the prosecuting counsel and was granted by the judge, allowing the Romanian rape conviction to be put before the jury. The defendant was convicted of four counts of rape and other offences at the Inner London Crown court in July 2010. The defendant was given an indeterminate prison sentence, with a recommendation that he serve at least 11 years in jail as he presents a “high risk” of further sexual offences. The investigating officer on the case said:
“The use of foreign conviction data can be of great importance to police investigations. In my case, by working with the UK Central Authority I was able to draw on their professionalism and expertise to secure details of”—
the individual’s—
“previous conviction for rape in Romania which was put before the court and used as bad character evidence. This information undoubtedly assisted in providing a successful outcome, convicting a dangerous offender who will now spend a considerable number of years behind bars.”
Perhaps I hope that under European Union and Council of Europe prisoner transfer agreements, a good proportion of those years will be spent behind Romanian bars, but if I follow that up, I may be diverging from the immediate subject of the debate.
That case is far from unique. We should be clear that the Government want to remain within the directive precisely to enable such practical, common-sense sharing of data. It is not because we do not have concerns about the precise details or think it cannot be improved. It is because we make the judgment that we stand a much better chance of securing a sensible deal within the tent than outside it, and without risking the likelihood that by having to negotiate dozens of bilateral deals, we would endanger co-operation that the public depend upon.
It will not have escaped the attention of hon. Members that press coverage has warned about new rights for criminals under this measure. Let me set the record straight. All UK citizens under current law are able to know what information the state holds about them and can ask for data to be erased. But the ability of criminals to enjoy this right is, for obvious reasons, qualified. Put simply, the rights of the law-abiding public to security come first. Nothing in this proposed directive creates any new right for criminals or for anyone else.
On that point. May I quote to the Minister directly from paragraph 50 of the impact assessment? It says that criminal justice sector agencies may also be prosecuted directly or via the Information Commissioner’s Office if they fail to protect personal data. This will represent a cost to them in terms of defending themselves in court and in paying fines and/or compensation that may result from these cases. Does that not conflict directly with what he has just told the House?
No, because these rights already exist. The suggestion in the newspapers yesterday, which I am sure my hon. Friend had nothing to do with, was about whether we were creating some new set of rights for criminals under the directive. No new set of rights is being created, any more than exist now under our own data protection laws.
No. Let me turn to the substantial content of the proposed directive and the policy issues that are raised. We want to see a system that allows police and judicial authorities to continue to protect and serve the public effectively and which also allows individuals to be confident that their privacy, safety and freedom will be safeguarded. The Government believe that these two objectives are not contradictory, but may be achieved in tandem, by creating a data protection framework that is founded on the principles of necessity and proportionality.
In the light of this position, there are legitimate concerns regarding the content of the directive. The United Kingdom believes in a principles-based approach that allows the necessary amount of flexibility in processing data. In some areas, the proposed directive seems far too prescriptive to meet this requirement.
Our priority in negotiations will be to resist the application of the directive to all domestic processing—that is, data sent between two United Kingdom agencies. Although article 6a of protocol 21 means that this will not apply to us, we feel that it is important to remove this expansion as such data processing should not be the subject of European Union rules. We will seek to remove that for all European Union countries.
As further examples, the proposal lays down new obligations for data controllers regarding the documentation and records that they must keep and the consultations that they must hold with the Information Commissioner’s Office in order for the processing to be considered compliant with the rules. We also have reservations about the compulsory appointment of data protection officers, a role that will need to be filled ostensibly to ensure that data controllers fulfil the various obligations presented to them, including those that I just outlined.
We already expect robust data protection governance as a matter of course in public authorities. However, we question the necessity of having the European Union telling us how to create, organise and run these arrangements. The more prescriptive and burdensome aspects of the directive are opposed by the Government and we will seek to remove or mitigate them during negotiations in the Council of the European Union. This is the beginning of a lengthy process of negotiating new data protection legislation, not the end. The UK will seek to influence negotiations in order to bring about outcomes that are more in line with our policy objectives, which is to end up with an effective but proportionate framework.
I think that my hon. Friend the Member for Dover (Charlie Elphicke) could put the question on costs better than I could.
You are right to correct me, Madam Deputy Speaker, and I think that I am also right in saying that every word in “Erskine May” may create a new precedent. My question, which I think my hon. Friend the Member for Dover would have put better, is this: will my hon. Friend the Minister start talking about costs at some stage during his very good speech?
I will not. I am unable to, because work is still ongoing on the impact assessment to try better to identify the precise costs of each measure. If my hon. Friend has had a chance to read the impact assessment, he will have noted that much of the assessment in this area is based on fairly tentative criteria. What are not included in the impact assessment are the benefits of a successful negotiation or the costs that would be inflicted on us if we chose to opt out and had to live with the consequences.
As I was saying, this is the beginning of a lengthy process of negotiating new data protection legislation, not the end. We will seek to influence negotiations in order to bring about outcomes that are more in line with our policy objective, which is to end up with an effective but proportionate framework. I note that every other member of the European Union faces that same challenge of finding the right balance between the two principal objectives: the privacy of our citizens and the protection of their data; and the protection of their interests through the operation of our police and criminal justice agencies. However, it is worth noting that the proposed directive is one part of a two-part package of revised data protection instruments that the Commission proposed in January; it also proposed a regulation that would cover general and commercial data processing by public and private bodies. The regulation is neither the trigger, nor the subject of this debate.
To return to the directive, which is the subject of today’s debate, let me summarise our position. We believe that an opt-out decision is a possibility for the Government but that it would be the wrong choice for the United Kingdom. We would need to replace the directive with bilateral agreements with each member state, which would be a time-consuming and tortuous process, and it is likely that in those negotiations we would find ourselves bound by aspects of the directive that we feel confident we can remove in negotiations.
The Government’s position, therefore, is clear: we want to be part of a European data protection framework that enables practical, common-sense sharing of data between member states’ law enforcement agencies engaged in the fight against international crime. We believe that the limiting effect of article 6a on the aspects of the directive that relate to data exchanges within the United Kingdom means that we should be content to be part of it, which will of course substantially reduce the costs identified in the impact assessment. Although there are areas of the proposal that the Government will seek to alter, I can unhesitatingly commend the motion to the House.
I think I will take interventions a little later in my speech.
It is not my wish to speak for long. These debates, a number of which it has been my privilege to speak in over the past few months, are always animated, if only on the Government side of the House—indeed, sometimes I think mine is the last friendly voice the Minister hears.
He is in a pretty desperate situation if that is true.
The animation in these debates often comes from what I might call the meta-issue of why we are discussing European law expansion at all, rather than the precise statutory powers being considered, or at least that is my observation. I intend neither to engage in that debate, nor—other than briefly—to discuss the matter of principle that the draft directive raises. In dealing with the matter of processing personal data for the purposes of preventing, detecting and prosecuting crime, there will always be a balancing act. On the one hand, the prevalence of cross-border crime, including serious and organised crime, crimes of violence, sexual crime and terrorism, is growing, and criminals and criminal gangs are becoming more organised and sophisticated and making better use of technology and information systems, so the police and prosecuting authorities must have the means to match them. On the other hand, the issue of data protection and privacy from the prying eyes of the state in particular is important, contentious and topical, from data storage to the Leveson inquiry.
In opposition, both Government parties set themselves up as opponents of data collection where it could be seen as intrusive, yet I read the following in today’s edition of The Guardian:
“Ministers are planning a shakeup of the law on the use of confidential personal data to make it far easier for government and public-sector organisations to share confidential information supplied by the public. Proposals to be published next month by the Cabinet Office Minister, Francis Maude, are expected to include fast-track procedures for ministers to license the sharing of data in areas where it is currently prohibited.”
The Cabinet Office Minister said:
“In May we will publish the proposals that will make data sharing easier”.
The home affairs editor of The Guardian notes that
“databases continue to proliferate across Whitehall, even before the extension of data-sharing powers. Now the Cabinet Office minister…says government must be ‘smarter and more effective’ at sharing such sensitive data.”
It is not only the EU that has to undertake this tricky balancing of civil liberties with security and the pursuit of crime.
The issue before us is not one of principle, but whether the proposals achieve that balance. That question may be answered only in the further examination of the directive. As I have indicated, we do not oppose the Government’s decision today not to opt out, and I hope that that is clear.
After that contribution, it is clear that I owe my hon. Friend the Member for Dover (Charlie Elphicke) an apology for not having taken his intervention, not least because he welcomed the Government’s general objectives and the balances we are seeking to strike. However, he did then say that this was another villain’s charter from the EU—an argument that some in the press have also made.
The rights of United Kingdom citizens under our existing laws under the Data Protection Act—their rights to access information and for information to be erased—are pretty much the same as what is being proposed in this directive. The same rights of the authorities not to have to erase data that are important for criminal investigations will also continue to exist in the future.
Let me turn to the important question of process, and address the concerns of my hon. Friend the Member for Stone (Mr Cash), the Chairman of the European Scrutiny Committee. I am perfectly happy to concede that these matters could have been handled better. One of the constraints we have placed on ourselves in the so-called Lidington debates is to bring the measures relating to opt-ins or opt-outs under the Schengen protocol to the House and give Members the opportunity to debate them. My hon. Friend pointed out that there is the small matter of prorogation. The decision on the opt-out must be taken on 14 May. [Interruption.] Well, that is what is in the treaties of the EU. The Government have to decide whether to opt-out by 14 May, and we are also committed to coming to the House and giving Members the opportunity to debate.
The information given to my hon. Friend—which was given within 10 days of the directive being published—made no reference to Schengen. I will examine why that was the case, but I am advised that whether or not the matter fell within Schengen was still under examination at the time. There is also an element of legal opinion as to whether or not the Schengen acquis can be correctly claimed by the Commission when it comes forward with these measures. There is an element of process to be applied, therefore, rather than our just taking at face value Commission statements on regulations and directives and whether measures are compliant with Schengen.
When the Minister reads the transcript, he will see that the matter is specifically referred to in the framework decision recitals. I do not think there is any debate about this point, therefore. What I would like to know is whether the Minister for Europe consulted the Minister on this matter; after all, the Lidington debates are based on an assumption in the context of decisions taken by this House in the light of what the Minister himself specified.
No, I did not speak directly to my right hon. Friend the Minister for Europe. Yes, it is in the recitals, but the regulation published by the European Commission in parallel with this also asserts some involvement with Schengen, which we dispute. These issues are not always very straightforward. On the timetable we have placed on ourselves to have this debate in time for the Government’s decision on the opt-out, which has to be taken, and on parliamentary arrangements, I accept that things could always have been done better—