Data Protection in the Areas of Police and Criminal Justice (EU Directive) Debate
Full Debate: Read Full DebateDominic Raab
Main Page: Dominic Raab (Conservative - Esher and Walton)Department Debates - View all Dominic Raab's debates with the Ministry of Justice
(12 years, 7 months ago)
Commons ChamberThat case is far from unique. We should be clear that the Government want to remain within the directive precisely to enable such practical, common-sense sharing of data. It is not because we do not have concerns about the precise details or think it cannot be improved. It is because we make the judgment that we stand a much better chance of securing a sensible deal within the tent than outside it, and without risking the likelihood that by having to negotiate dozens of bilateral deals, we would endanger co-operation that the public depend upon.
It will not have escaped the attention of hon. Members that press coverage has warned about new rights for criminals under this measure. Let me set the record straight. All UK citizens under current law are able to know what information the state holds about them and can ask for data to be erased. But the ability of criminals to enjoy this right is, for obvious reasons, qualified. Put simply, the rights of the law-abiding public to security come first. Nothing in this proposed directive creates any new right for criminals or for anyone else.
On that point. May I quote to the Minister directly from paragraph 50 of the impact assessment? It says that criminal justice sector agencies may also be prosecuted directly or via the Information Commissioner’s Office if they fail to protect personal data. This will represent a cost to them in terms of defending themselves in court and in paying fines and/or compensation that may result from these cases. Does that not conflict directly with what he has just told the House?
No, because these rights already exist. The suggestion in the newspapers yesterday, which I am sure my hon. Friend had nothing to do with, was about whether we were creating some new set of rights for criminals under the directive. No new set of rights is being created, any more than exist now under our own data protection laws.
It is a pleasure, as always, to follow my hon. Friend the Member for Bury North (Mr Nuttall), who powerfully and eloquently put the constitutional case against the measure.
The motion gives the House an opportunity to assess the latest proposals from Brussels on the processing of personal data by the police and other law enforcement agencies. Like others, I am surprised and disappointed that the motion endorsing the opt-in, which is an important step for the reasons already mentioned, first appeared on the Order Paper this morning. Now we learn that the Ministry of Justice impact assessment—the basis on which the House is scrutinising this measure—is fundamentally flawed, having omitted the decisive considerations Ministers have relied on. That is a poor basis for Parliament to exercise its scrutiny prerogatives on.
The Commission argues that the provisions are needed because of the speed of technological change and the increasing amount of information being transferred, but the draft directive would make data protection obligations more onerous and more expensive for UK police forces. The police would have to appoint specialist data protection officers. There would be restrictions on the information that could be held, and rules to allow suspects and criminals to know what data are being held on them and to request amendments and deletion of that information. These are clearly and palpably new rights; it is completely wrong to suggest otherwise.
The directive will apply not only to cross-border investigations but to data transferred between two UK forces, subject to what the Minister has said. The EU sees the proposals as a safeguard but, in reality, they risk creating a bureaucratic straitjacket, sowing legal confusion and adding to the costs of police forces on the front line. The Ministry of Justice impact assessment put it very clearly when it stated that
“many of the new obligations appear disproportionate and unnecessary leading to an overall negative outcome.”
So why are we opting in, against departmental advice?
I listened to the new arguments advanced by the Minister this evening, but I find it unacceptable that they are wholly missing from the impact assessment and that they have not been reviewed by the European Scrutiny Committee. We have heard the standard boilerplate arguments for meekly submitting to extra EU regulation, and there has been no analysis at all of the countervailing arguments, which, if they are as serious as has been suggested, we really ought to be scrutinising properly. At the very least, should we not wait until Ministers have quantified the administration costs of the measures to police forces?
The impact assessment estimates that there will be substantial costs to the police and other agencies, but we have no further details. When will a proper assessment be made? Has the Association of Chief Police Officers, or any individual police force, been asked for a view of the operational impact of the measures? We know that the Ministry of Justice has looked at them; have the Home Office or police forces in general done so? We ought to learn a lesson from the Abu Qatada saga, which is dragging on, and be acutely aware of the real risk of European legislation, judicial or otherwise, tying the hands of UK law enforcement.
When it comes to data protection and related privacy rights, we have been here before. The House will remember the case of Gary Ellis, a serial thief and burglar. In 2003, Essex police were forced to abandon a crime-fighting campaign that would have displayed his picture across his home town of Brentwood in an attempt to deter him and warn potential victims. The courts banned the posters because they breached his privacy rights under article 8 of the convention.
In 2008, the Serious Organised Crime Agency had similar problems with 41 criminals under financial reporting orders. It was forced to protect their privacy and therefore not publish the orders, which led to SOCA’s head, Sir Stephen Lander, publicly expressing his frustration. I appreciate that those cases involve a slightly different set of rights, but they are related and the impact is similar. Is not the reality that this opaque directive will risk arming offenders with yet another legal weapon with which to sue those whose job it is to put them behind bars and protect the public? Paragraphs 49 and 50 of the impact assessment also highlight the cost of civil litigation brought by offenders and suspects against the police and others, and even the prospect of prosecution by the Information Commissioner’s Office.
I note the Minister’s statement that there were no new rights, but paragraph 47 of the impact assessment states that it is likely that this proposal—not existing rights—could have
“a large impact on CJS agencies.”
The risk of such unintended legal consequences is aggravated by the fact that the new directive will be subject to the full jurisdiction of the European Court of Justice. That is why assurances about the limits of its application cannot be relied on.
When it comes to pan-European co-operation, as opposed to data sharing within the UK, the impact assessment is equally sceptical. It states that, far from making us more secure, there will be an increased risk from criminal acts because the directive will gum up international data sharing by adding burdens that will discourage co-operation. Overall, this is a bleak assessment. It raises the question why is Brussels micro-managing policing and law enforcement? If we need a change to our data protection rules, it should be tailored to the problem under national law and in relation to national law enforcement agencies. Why, given the Ministry’s lousy impact assessment, are we even contemplating opting in?
Bitter experience suggests that we may end up with gold-plated provisions protecting UK criminals while other EU countries would apply the provisions selectively, if at all. The obvious course, which I understand is available—I stand to be corrected by the Minister or hon. Members who are lawyers if I am wrong—is to remain at the negotiating table, albeit without a vote, and to decide whether or not we like the end product in due course. Why have Ministers opted against that specific course of action? Why cannot we go down that route? As to relying on bilateral co-operation outside the justice and home affairs regime, can we seriously say that the prospect of negotiating bilateral treaties has harmed public protection, national security or law enforcement for the Swiss or the Norwegians?
Beyond these practical problems, there is a constitutional dimension. The new directive would replace the 2008 EU rules on data protection. These are part of the 130 measures in respect of which we need to decide whether to repatriate or to accept the full jurisdiction of the European Court from 2014. Any laws amended or replaced are not subject to that block opt-out, so by opting out of this measure, we will prevent the UK from opting out of this area of EU policy making later. My hon. Friend the Member for Camborne and Redruth (George Eustice) made that point eloquently and powerfully.
As with most international law enforcement co-operation, effective data sharing is achieved through practical co-operation between national authorities, not through top-down bureaucratic schemes. We do not have a proper analysis of the cost of the directive, and we do not have a proper assessment of the operational impact. The impact assessment has not even been signed off by a Minister. In those circumstances, frankly, it would be irresponsible to commit the UK to this measure without further detail and without further scrutiny. I cannot support the motion.