Data Protection in the Areas of Police and Criminal Justice (EU Directive) Debate
Full Debate: Read Full DebateDepartment: Ministry of Justice
Andy Slaughter
Main Page: Andy Slaughter (Labour - Hammersmith)Department Debates - View all Andy Slaughter's debates with the Ministry of Justice
Data Protection in the Areas of Police and Criminal Justice (EU Directive)
Andy Slaughter Excerpts(12 years ago)
Commons ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Mr Andy Slaughter (Hammersmith) (Lab)
I will begin by saying that it is not the Opposition’s wish to divide the House on this resolution—
Mr Slaughter
I think I will take interventions a little later in my speech.
It is not my wish to speak for long. These debates, a number of which it has been my privilege to speak in over the past few months, are always animated, if only on the Government side of the House—indeed, sometimes I think mine is the last friendly voice the Minister hears.
Mr Slaughter
He is in a pretty desperate situation if that is true.
The animation in these debates often comes from what I might call the meta-issue of why we are discussing European law expansion at all, rather than the precise statutory powers being considered, or at least that is my observation. I intend neither to engage in that debate, nor—other than briefly—to discuss the matter of principle that the draft directive raises. In dealing with the matter of processing personal data for the purposes of preventing, detecting and prosecuting crime, there will always be a balancing act. On the one hand, the prevalence of cross-border crime, including serious and organised crime, crimes of violence, sexual crime and terrorism, is growing, and criminals and criminal gangs are becoming more organised and sophisticated and making better use of technology and information systems, so the police and prosecuting authorities must have the means to match them. On the other hand, the issue of data protection and privacy from the prying eyes of the state in particular is important, contentious and topical, from data storage to the Leveson inquiry.
In opposition, both Government parties set themselves up as opponents of data collection where it could be seen as intrusive, yet I read the following in today’s edition of The Guardian:
“Ministers are planning a shakeup of the law on the use of confidential personal data to make it far easier for government and public-sector organisations to share confidential information supplied by the public. Proposals to be published next month by the Cabinet Office Minister, Francis Maude, are expected to include fast-track procedures for ministers to license the sharing of data in areas where it is currently prohibited.”
The Cabinet Office Minister said:
“In May we will publish the proposals that will make data sharing easier”.
The home affairs editor of The Guardian notes that
“databases continue to proliferate across Whitehall, even before the extension of data-sharing powers. Now the Cabinet Office minister…says government must be ‘smarter and more effective’ at sharing such sensitive data.”
It is not only the EU that has to undertake this tricky balancing of civil liberties with security and the pursuit of crime.
The issue before us is not one of principle, but whether the proposals achieve that balance. That question may be answered only in the further examination of the directive. As I have indicated, we do not oppose the Government’s decision today not to opt out, and I hope that that is clear.
Mr Slaughter
I do, and I was going to deal with that matter after raising a number of specific points of concern.
I am grateful to the European Scrutiny Committee for its report, which states that
“there is now the possibility of establishing a comprehensive data protection framework ensuring both a high level of protection of individuals’ data in the area of police and judicial cooperation in criminal matters and a smoother exchange of personal data between Member States’ police and judicial authorities, fully respecting the principle of subsidiarity.”
The report then adds:
“The Commission concludes that the practical difficulties encountered by a number of Member States in distinguishing between rules for domestic and cross-border data processing could be solved through a single set of rules covering data processing both at national level and in a cross-border context”.
The aim might be laudable, but the solution appears to say that, in order to avoid confusion, principles of subsidiarity should in fact give way to an overarching system controlled centrally. One consequence of that that the Minister has already alluded to is an extension of the scope of data processing to include domestic processing for the purpose of policing and judicial co-operation. In other words, the directive will regulate the passing of data between purely domestic organisations, such as neighbouring county police forces, and I share the Minister’s concern in raising that.
In the area of data protection, the draft directive is stronger and, I think, should be broadly welcomed. It includes: new rights of access and information for data subjects, such as the identity of the data controller, the purpose of the data processing and the period for which the data will be stored; a right for data subjects directly to demand the erasure of their personal data by the data controller; an obligation on data controllers to inform supervisory authorities and data subjects of data breaches, informing the former within 24 hours of discovery and the latter without undue delay; and an obligation for data controllers or processors to appoint data protection officers. The incorporation of human rights legislation—the Human Rights Act 1998—into UK law by the previous Labour Government has improved the right to privacy and to protection from intrusion into family life, but we still have some way to go.
Keith Vaz (Leicester East) (Lab)
I agree with everything that my hon. Friend has said so far, but will he look in particular at the issue of Europol and how this exchange of information affects our obligation to it?
Mr Slaughter
I am happy to do that, and I am even happier to note the support from my Back Benchers—the almost unanimous support—[Interruption.] No, 50% might be a better figure.
The key to the balance that I have talked about is the drafting of the directive within very prescribed bounds to restrain the opportunities for data sharing, thus the controls for in-country transfer, to which the Minister has referred, are restricted—if one accepts what the draft directive says. As currently drafted, it covers data transferred between two UK regional police forces with no cross-border elements, but that will apply to the UK only when such processing is pursuant to an EU measure on police or judicial co-operation, and that is indeed what the draft directive states.
I just worry that sometimes the intention is not carried out in practice, and I cite—on a perhaps analogous subject—from the same Guardian article today this note of caution:
“Last week the European parliament ratified plans to allow airline passenger records, including credit card details, for all transatlantic flights between Europe and the US, including in and out of the UK, to be handed over to the US department of homeland security to be stored for 15 years.”
If these proposals are to go ahead, they need to do so in such a way that there are the tightest possible controls on the exchange of data.
Sir Peter Bottomley
First, does the hon. Gentleman, who is doing well, if I can say so without being patronising, think that when those data rules are breached the victim of the breach should be notified? Secondly, and separately, does he agree with my hon. Friend the Minister that the problems of cost and of value for money are a matter for another day?
Mr Slaughter
I accept what the Minister has said—that the matter is at an early stage and we should not press him on those points. I am very happy to be patronised by the hon. Member for Worthing West (Sir Peter Bottomley), and whether he is asking by himself or by proxy—
Charlie Elphicke
I am proud to be the proxy for my hon. Friend the Member for Worthing West (Sir Peter Bottomley), and I thank the hon. Gentleman for the generosity with which he has taken interventions and for the great courtesy that he brings to the House.
My concern is that we will end up with a free-of-cost subject access request. Does the hon. Gentleman agree with Tony Blair, who wrote in his book, “A Journey”, that freedom of information requests and such costless information requests are one of the biggest mistakes and that one should be very careful about them?
Mr Slaughter
I must get around to reading that book, because it is quoted to me so often in these debates and exactly the same point is made. I am sure it is a very good read.
I conclude by quoting one paragraph from the proposed directive which sums up its laudable intention:
“When personal data moves across borders it may put at increased risk the ability of individuals to exercise data protection rights to protect themselves from the unlawful use or disclosure of that data. At the same time, supervisory authorities may find that they are unable to pursue complaints or conduct investigations relating to the activities outside their borders. Their efforts to work together in the cross-border context may also be hampered by insufficient preventative or remedial powers, inconsistent legal regimes. Therefore, there is a need to promote closer co-operation among data protection supervisory authorities to help them exchange information with their foreign counterparts.”
That neatly encapsulates the two principal aims of the proposals, as set out in the impact assessment: dealing with the fragmentation of data, when it prevents cross-border law enforcement, and allowing individual citizens to control their personal data. Those are proper aspirations, and we are prepared to give the directive the benefit of doubt at this stage, but I do await with interest, as I always do, the rest of the debate and, indeed, the Minister’s response.