The UK’s hopes of continuing the vital flow of data with the EU after Brexit look to be in jeopardy following backroom intervention by the Netherlands over Britain’s record in protecting personal information.
As the UK leaves the European Union at 11pm tonight, its closest ally in the bloc has been casting doubt concerning Britain’s ability to perform adequate checks and controls after a series of data privacy scandals, including abuse of an EU system for monitoring the movement of people at borders.
According to the minutes of a board meeting of the UK’s Acro criminal records office – deleted from publicly available archives after the Guardian posed questions to the Home Office – the Netherlands made its issues with the UK known last year.
The UK had been seeking to share criminal convictions data outside EU structures in the event of a no-deal exit but both the Netherlands and France declined to be involved.
“France are currently not engaging for political reasons, and Holland will not engage due to concerns around the UK’s data adequacy status,” the minute records.
The doubts held by the Dutch over the UK’s record offers compelling evidence that the current flow of data with the rest of the EU could be in peril.
The European commission is expected to make a so-called adequacy decision this year to potentially allow Britain’s security services and industry to continue to benefit from the transfer of vast volumes of personal data across Europe after Brexit.
The political declaration – a document agreed by the EU and the UK as a guide to this year’s negotiations on the future relationship – states that “adequate protection of personal data” is an “essential prerequisite” for “enabling the cooperation envisaged by the parties”.
The member states will agree on the adequacy of the UK’s protections of European citizens data by qualified majority, meaning that more than half of the member states must give their approval.
This month the European parliament’s justice and home affairs committee was provided with evidence of “deliberate violations and abuse” by the UK of the Schengen Information System (SIS), an EU database used by police and border guards across the border-free Schengen zone.
The British authorities had made “unlawful” full or partial copies of the database that were said by an EU report to pose “serious and immediate risks to the integrity and security of SIS data”.
The Guardian has also revealed in recent weeks that the UK failed to pass on the details of 75,000 convictions of foreign criminals to their home EU countries and concealed the scandal for fear of damaging Britain’s reputation.
A police national computer error went undetected for five years, during which one in three alerts on offenders – potentially including murderers and rapists – were not sent to EU member states. The Home Office opted not to inform its partners due to “reputational damage”.
A Dutch government spokesman said: “Given the broad and comprehensive ambitious relationship that the Netherlands strives for with the UK in the field of internal security, there must be absolute trust in each other’s practices and systems. He added:
The SIS case only serves to underline this. Given its ambitions the Netherlands actively supports the commission’s approach to achieve an adequacy decision with the UK on data protection in the field of security cooperation.
The Labour peer Lord Kennedy of Southwark, who has pressed for a government inquiry into the latest data failings by the UK government, said:
This latest revelation is deeply concerning and highlights the complete loss of confidence other partners have in the UK in respect of data handling and our data adequacy in general. … The only people this sorry situation benefits is criminals. What is needed is an urgent inquiry to establish what are the failings, how they were allowed to happen and to set out a programme to regain the trust and confidence of partners.
A Home Office spokesperson said:
These were discussions about a no-deal Brexit and are no longer relevant for 31 January. We have some of the highest levels of data protection in the world and are fully committed to meeting our legal obligations. We have a very close security partnership with EU countries, and are engaging with the commission on our future data-sharing arrangements.
Source: The Guardian