Wednesday

14th Nov 2018

Investigation

UK unlawfully copying data from EU police system

  • UK not part of Schengen, but its abuse of Schengen systems put people at risk, report said (Photo: Khairil Zhafri)

The United Kingdom has been illegally copying classified personal information from a database reserved for members of the passport-free Schengen travel zone.

It has shared the information with US companies and it is demanding to keep access to the database after it leaves the EU next year.

Read and decide

Join EUobserver today

Support quality EU news

Get instant access to all articles — and 18 year's of archives. 30 days free trial.

... or join as a group

  • Travellers at risk of being targeted over bogus and illegal information (Photo: Curt Smith)

An internal EU document, seen by EUobserver, listed years of violations by British authorities following restricted access to the Schengen Information System (SIS), an EU-run database used by police to track down undocumented migrants, missing people, stolen property, or suspected criminals.

The UK never joined the Schengen area, which includes 26 other European countries most of whom are EU members, but has been given some access to SIS since 2015.

British mismanagement and manipulation of the Schengen system also meant that "persons sought for arrest for instance even for terrorism related activities by Schengen Associated Countries cannot be detected upon entry to the UK," said the "restricted" EU document.

The British authorities copied the data and handed it over to border police despite the fact that some of the information contained was not only incorrect but entirely out of date, it added.

That meant that innocent people visiting or living in the UK run the risk of being flagged for violations they never committed from data that was unlawfully copied.

The 29-page document, drafted by Schengen experts from EU states and from the European Commission, said the UK violations "constitute serious and immediate risks to the integrity and security of SIS data as well as for the data subjects."

The UK also ignored alerts issued by other EU states, it said, so that "vehicles stolen on the territory of another member state and located in the UK are not seized."

A team of Schengen experts warned the UK already in 2015 to curb its abuses, but it did not comply.

At the same time, the British government is demanding use of the database following the UK's exit from the European Union next year.

Spot checks by the same team of Schengen experts composed from various member states and the European Commission documented the full range of violations in early November last year after visiting government offices, police stations, and airports in places like Warrington, Heathrow, Hampshire, Southampton and Kent.

Around half the checks were surprise visits.

They found, among other things, "that some major deficiencies in the legal, operational, and technical implementation of SIS identified during the evaluation of 2015 were not effectively remedied and still persist."

Examples abounded.

The UK has made numerous full and partial copies of SIS, increasing the risk of data breach and of having it unlawfully shared with other authorities around the world.

SIS contains information on nearly 500,000 non-EU citizens denied entry into Europe, as well as over 100,000 missing people, and some 36,000 criminal suspects. The Brits alone are said to have run some 539 million SIS checks last year.

Some of these copies were unlawfully stored on back-up laptops at airports and ports. Other copies were held at government offices. Other still were held by private contractors like CGI, a US-Canadian company, as well as IBM and ATOS, which were hired by the UK government to run the systems.

CGI now manages a SIS copy that included photographs, fingerprints and European Arrest Warrants. IBM manages a copy used by the UK's national border targeting centre as a service for the UK Home Office, which it then stores at a data centre owned by ATOS.

"Entrusting the management of the SIS technical copies to private contractors poses increased risks in terms of physical and logical data security, especially since the private contractors in the UK are not only hosting the systems but also implement changes to the system," the EU experts' report noted.

US companies holding such sensitive data may also be required to hand it over to the US government given demands by the USA Patriot Act, warned the EU document.

Meanwhile, the UK was using partial SIS data with a variety of national systems.

These included the Warning Index, which cross-references incoming travellers against national lists of known criminals and terrorists.

The Warning Index is held and managed by Fujitsu, a private contractor, on behalf of the UK Home Office, and is running at six UK airports.

The index is also one of the biggest violators of the SIS data and "constitutes an unlawful copying of SIS data", the EU report said.

Flagged alerts for arrests were not made available at the UK borders, complicating efforts by its own border guards from spotting returning foreign terrorist fighters.

Semaphore, a system used to capture inbound and outbound passenger information supplied by airlines and shipping companies, also has access to SIS as does the UK's central national database known as IDENT1.

IDENTI1 contains information like fingerprints and palm prints from people arrested by the British police. Those prints are then matched against records held by SIS.

IT security system threatens EU rights

EU commission wants to link up all information systems on security, border, and migration, drawing a rebuke from own rights agency.

Romania data chief defends forcing press to reveal sources

Romania's data protection authority is headed by Ancuta Gianina Opre, who in 2017 was charged with abuse of office in her previous job. Last week, she threatened a €20m fine against journalists in their effort to uncover corruption.

EU warns Romania not to abuse GDPR against press

Romania's data protection authority has threatened a €20m fine against reporters investigating high-level corruption. The European Commission has since issued a warning, telling Romanian authorities to give press exemptions when it comes to privacy rights.

Romania 'using EU data protection law to silence journalists'

An award-winning journalism outlet in Romania is being threatened with fines by the country's data protection authorities - for having disclosed connections, on Facebook, of powerful politicians and a firm embroiled in scandal.

News in Brief

  1. EU's Tusk is Poland's most trusted politician
  2. Finland prepares to step in for Romania on EU presidency
  3. Trump threatens tariffs on EU wine
  4. US defence chief backs Nato amid 'EU army' calls
  5. Italy defies EU deadline on changing budget
  6. Report: FBI looking into Brexiteers Farage and Banks
  7. Italian journalist unions protest 5MS 'whores' jibe
  8. Czech PM's son alleges kidnap plot against his father

Opinion

Interpol, China and the EU

China joins a long list of countries - including Russia - accused of abusing Interpol's 'Red Notice' system to harras activists and dissidents.

Stakeholders' Highlights

  1. NORDIC COUNCIL OF MINISTERSTheresa May: “We will not be turning our backs on the Nordic region”
  2. International Partnership for Human RightsOpen letter to Emmanuel Macron ahead of Uzbek president's visit
  3. International Partnership for Human RightsRaising key human rights concerns during visit of Turkmenistan's foreign minister
  4. NORDIC COUNCIL OF MINISTERSState of the Nordic Region presented in Brussels
  5. NORDIC COUNCIL OF MINISTERSThe vital bioeconomy. New issue of “Sustainable Growth the Nordic Way” out now
  6. NORDIC COUNCIL OF MINISTERSThe Nordic gender effect goes international
  7. NORDIC COUNCIL OF MINISTERSPaula Lehtomaki from Finland elected as the Council's first female Secretary General
  8. NORDIC COUNCIL OF MINISTERSNordic design sets the stage at COP24, running a competition for sustainable chairs.
  9. Counter BalanceIn Kenya, a motorway funded by the European Investment Bank runs over roadside dwellers
  10. ACCACompany Law Package: Making the Best of Digital and Cross Border Mobility,
  11. International Partnership for Human RightsCivil Society Worried About Shortcomings in EU-Kyrgyzstan Human Rights Dialogue
  12. UNESDAThe European Soft Drinks Industry Supports over 1.7 Million Jobs

Latest News

  1. Knives out on all sides for draft Brexit deal
  2. Romania data chief defends forcing press to reveal sources
  3. EU to review animal welfare strategy
  4. Macron's 'European army': why is everyone talking about it?
  5. Merkel calls for 'real, true' EU army
  6. Italy defiant on budget on eve of EU deadline
  7. EU action on Hungary and Poland drowns in procedure
  8. EU unable to fully trace €1bn spent on refugees in Turkey

Stakeholders' Highlights

  1. Mission of China to the EUJointly Building Belt and Road Initiative Leads to a Better Future for All
  2. International Partnership for Human RightsCivil society asks PACE to appoint Rapporteur to probe issue of political prisoners in Azerbaijan
  3. ACCASocial Mobility – How Can We Increase Opportunities Through Training and Education?
  4. Nordic Council of MinistersEnergy Solutions for a Greener Tomorrow
  5. UNICEFWhat Kind of Europe Do Children Want? Unicef & Eurochild Launch Survey on the Europe Kids Want
  6. Nordic Council of MinistersNordic Countries Take a Stand for Climate-Smart Energy Solutions
  7. Mission of China to the EUChina: Work Together for a Better Globalisation
  8. Nordic Council of MinistersNordics Could Be First Carbon-Negative Region in World
  9. European Federation of Allergy and AirwaysLife Is Possible for Patients with Severe Asthma
  10. PKEE - Polish Energy AssociationCommon-Sense Approach Needed for EU Energy Reform
  11. Nordic Council of MinistersNordic Region to Lead in Developing and Rolling Out 5G Network
  12. Mission of China to the EUChina-EU Economic and Trade Relations Enjoy a Bright Future

Join EUobserver

Support quality EU news

Join us