The UK has been slammed for illegally copying and sharing a database of EU citizens, but is taking “practical steps” to address the issue, according to a new report.
European commissioner for security, Julian King, refused to cite the UK by name when challenged on the findings of a classified report revealed by EU Observer.
He told the site, “those are meant to be confidential discussions that we have with the individual member states."
However, King did say that measures were being taken to address the failings outlined in the report.
It apparently details how the UK broke data protection laws by making multiple copies of the EU’s Schengen Information System (SIS) database, which contains the details of suspects, undocumented migrants and others wanted by the police.
Although the UK is not in the travel-free Schengen zone, it was granted access to the SIS since 2015 for security purposes.
It’s claimed that the multiple copies exposed the data to an increased risk of loss or theft, as did the UK government’s sharing the information with contractor IBM, which may have been obliged to hand it over to the US authorities under the terms of the Patriot Act.
The report also claims that as the database is continually updated, the UK’s versions, stored on laptops and PCs at airports and in government offices, are always out-of-date, meaning some individuals could be wrongly identified.
Together, these issues “constitute serious and immediate risks to the integrity and security of SIS data as well as for the data subjects,” the report is said to have stated.
However, King claimed it wasn’t just the UK which had fallen short on data protection best practice.
"It is not just one member state that has some challenges in this area, there are a number of member states that have challenges in this area,” he said.
The revelations come at a crucial juncture as the UK seeks to leave the EU following a change of Prime Minister and accession of a right-wing government. One of the key areas of discussion between negotiators on both sides is security, with the UK looking to maintain access to such databases and other information-sharing agreements.