Wednesday

22nd Sep 2021

Exclusive

Breton's firm hosted unlawful copy of EU police data

  • The UK carried out 514m SIS search queries in 2016, the second-highest most among all EU states (Photo: nolifebeforecoffee)

Atos, the company recently led by France's choice candidate for European Commissioner, hosted unlawful partial copies of EU police data on behalf of the United Kingdom.

The firm's now former chief executive, Thierry Breton, is slated to head Europe's industrial policy following his nomination to the commissioner post, a move recently approved by European Commission president-elect Ursula von der Leyen.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

A confidential document obtained by EUobserver lists years of abuse by UK authorities in the way they handle the Schengen Information System (SIS), an EU-run database used by police to track down undocumented migrants, missing people, stolen property, or suspected criminals.

Although not a member of the passport-free Schengen area, the UK has been granted restricted access since 2015 on the premise it would respect the rules.

Despite this restricted access, the UK carried out over 514 million SIS queries in 2016, the second-highest among all EU states.

A spot check exercise in November 2017 by a team of Schengen experts from EU states and from the European Commission found that the UK had also made a significant number of full or partial copies of the SIS.

"Three of the SIS copies are administered by different private companies in their own premises or in rented premises," notes the report.

Among them is Breton's ATOS, which had allowed IBM to store a partial technical copy of SIS known as Semaphore on its premises.

The copy contained alerts for arrests, checked against inbound and outbound passenger information, supplied by airlines and shipping companies.

"This technical copy is managed by a private contractor IBM in the premises of another private contractor - ATOS," notes the report.

The report says such copies should never be entrusted to third parties like private contractors because it increases the risk it will be leaked, stolen or misused.

Another worry is that the UK-based private contractors not only host the systems but have administrator access rights, which also violates SIS management rules.

ATOS, IBM and the US-Canadian firm CGI all had access to SIS in some shape or form.

The United Kingdom is also a member of the elite intelligence sharing network known as 'Five Eyes', which includes the United States.

The Patriot Act, a counterterrorism law passed in the wake of the September 11 attacks on the World Trade Centre, gave US intelligence and law enforcement agencies wide powers in gaining access to data.

The issue was raised with the UK authorities, who claim neither IBM nor CGI would be obliged to comply with a US request to access the SIS data.

They argued that although IBM operates the service for the UK Home Office, it is the Home Office that owns the hardware and intellectual property rights.

It also says IBM operates services from a data centre, rented by the Home Office, but owned by ATOS.

But companies, under certain US Patriot Act provisions, are also banned from notifying the data subject or the data protection authority in Europe should US authorities request access to the personal details of an EU national.

Asked if the UK had given the European Commission any guarantees that it was not sharing the data with the Americans, EU commissioner for security Julian King remained elusive.

Instead, he said a rolling programme of engagement with member states on how they secure data according to the rules do sometimes raise some issues and some concerns.

"We pursue those concerns with the countries involved. I have to say that those conversations, which remain private, are very effective," he told EUobserver last week (30 October).

ATOS was also asked to comment but forwarded the query to the UK Home Office, which told EUobserver they do not respond to leaked documents.

"The UK has some of the highest levels of data protection safeguards globally and we are fully committed to meeting our legal obligations," said the Home Office spokesperson.

ATOS, in a post publication email, added that they "supply only a secure room within our site on behalf of the client and have no technical access to the (SIS) data whatsoever."

This article was updated on Tuesday (5 November) at 10:40 to add a post-publication statement from Atos.

Investigation

UK unlawfully copying data from EU police system

The British government is abusing EU travel security systems, making and using illegal copies of outdated information, and putting innocent people at risk of being red-flagged.

Agenda

Iran, Brexit test 'geopolitical' commission This WEEK

The EU foreign affairs chief attempts to salvage whatever is left of the Iran nuclear deal by inviting the Iranian foreign minister to Brussels - while the EU commission president heads to London for Brexit talks.

Commission defends Breton's Atos over police data

The European Commission defended Atos for hosting EU police data, despite its own public guidelines that state operational and technical copies should not be entrusted to third parties. Atos former CEO Thierry Breton is set to become a European commissioner.

Romanian president and PM at war over commission pick

The president has publicly scolded the prime minister over picking a new name for Romania's EU commissioner candidate - a week ahead of the formation of a new government in Bucharest. Premier Viorica Dancila has hit back on Facebook.

MEPs slam UK for violating EU police database

EUobserver's revelations of how the UK violates and abuses an EU police database sparked heated debate in the European Parliament's civil liberties committee - as the European Commission refused to respond to questions given the confidentiality of the leaked document.

EU threatens legal action against UK over commissioner

The European Commission has started an infringement proceeding against the United Kingdom for failing to nominate a commissioner-candidate. The new commission, which wants to launch on 1 December, first requires a commissioner from each of the 28 EU states.

Feature

Covid-hit homeless find Xmas relief at Brussels food centre

The Kamiano food distribution centre in Brussels is expecting 20 people every half hour on Christmas Day. For many, Kamiano is also more than that - a support system for those made homeless or impoverished.

Top court finds Hungary and Poland broke EU rules

EU tribunal said Hungary's legislation made it "virtually impossible" to make an asylum application. Restricting access to international protection procedure is a violation of EU rules.

Stakeholders' Highlights

  1. Nordic Council of MinistersNATO Secretary General guest at the Session of the Nordic Council
  2. Nordic Council of MinistersCan you love whoever you want in care homes?
  3. Nordic Council of MinistersNineteen demands by Nordic young people to save biodiversity
  4. Nordic Council of MinistersSustainable public procurement is an effective way to achieve global goals
  5. Nordic Council of MinistersNordic Council enters into formal relations with European Parliament
  6. Nordic Council of MinistersWomen more active in violent extremist circles than first assumed

Latest News

  1. French MEPs lead bogus EU monitoring of Russia vote
  2. Europeans think new 'Cold War' is here - but not for them
  3. Spain wants energy price discussion at next EU summit
  4. Trust in Dutch government drops, but not for Rutte
  5. Long ago, there was another Angela Merkel
  6. The first anniversary of the Abraham Accords
  7. First refugee deaths confirmed on Belarus-EU border
  8. EU kept in dark on ex-commissioner's new lobby job

Join EUobserver

Support quality EU news

Join us