Because of serious breaches, British participation in Europe’s SIS II should have been terminated long ago. With two years delay, the Commission now made proposals to remedy the shortcomings. This fuels the suspicion that the country should continue to participate in the database despite having left the EU.
The Schengen Information System (SIS II) is the largest European information system and currently contains around 90 million entries. In 2015, the EU Commission has granted access to Great Britain. However, the country is not a member of the Schengen Agreement, which regulates the abolition of border controls within the European Union, nor does it implement the free movement of persons. For this reason, British authorities are not allowed to enter or query data in the SIS II concerning irregular migration.
But Great Britain is misusing the SIS II on a large scale. The European Commission is aware of, but does not want to talk openly about it. This emerges from the reply to a parliamentary question and leaked documents on the UK implementation of the SIS II rules. Nevertheless, British authorities were given green light in 2018 to still participate in the database.
Connection actually provisional
The British connection to SIS II in 2015 was provisional. Final accession will only take place after the Commission has verified the implementation of the SIS provisions. An initial evaluation was therefore carried out in the United Kingdom in 2015 and revealed numerous shortcomings. A few months later, the Council of the European Union therefore published conclusions stating that a further review should take place.
Such a visit took two years to have been realised. The reason for the delay was a new EU decision on a new Schengen Monitoring and Evaluation Mechanism. Since then, every participating country must undergo such a procedure every five years. The Commission and (in a rotating manner) the Schengen member states are responsible for carrying out this procedure. This year, the Monitoring Mechanism itself will be evaluated, which is a common practice for new EU legislation.
The second Schengen review in the UK was carried out under the new mechanism. The resulting evaluation report is classified. Nikolaj Nielsen, who regularly reports on British violations of the Schengen rules on the website of the online magazine „EU Observer“, received the document and published extracts of it online last December.
The report (here as a searchable PDF file) documents numerous omissions and infringements of which „major deficiencies“ have not been remedied even after the first inspection visit. According to the report, British authorities have „significant number of full or partial copies of the database“. This is not unusual, as national authorities are allowed to keep back-ups or mirror copies of data at their contact points. This is also the argument put forward by the Commission in its answer to a parliamentary question a week ago.
However, some of the British copies are on the premises of private IT service providers contracted by the British Government to operate SIS II and other connected databases. This is contrary to Schengen rules. The companies are ATOS from France, IBM from the USA and CGI from Canada.
The SIS II data is obviously also copied into national databases. This is known, for example, for the „Warning Index“ which is e.g. connected to passenger name records and other databases. In some cases, SIS II data is said to be even stored on laptops.
The principles of SIS II include reciprocity and mutual recognition. All participating countries should treat entries from other countries as their own. The EU examiners have certified „limited reciprocity“ to the British authorities in 2015 and 2017. For example, extradition warrants issued by the associated Schengen countries will not be implemented. This concerns searches from Switzerland, Iceland or Norway.
European Arrest Warrants (EAW) from EU member states will also only be transferred to British systems after a sometimes lengthy validation process. A „high number“ of EAW is not recognised at all, according to the audit report. Particular problems arise in British ports, where the authorities often do not even implement foreign arrest requests. British officials are similarly negligent with the tracing of stolen property . According to the report, vehicles stolen on the territory of another Member State, for example, would not be seized in Britain.
Top position in secret alerts
In contrast to the few alerts issued by the Member States themselves, the United Kingdom has a clear lead in queries of the SIS II. In 2016, British authorities carried out around 500 million searches, the second highest number among the member states. In the same year, however, the UK reported less than 10,000 hits after foreign authorities searched British alerts. The audit report describes this ratio as “ not considered to be commensurate“.
This ratio is different for the almost one million people traced in the SIS II, of which some 37 000 entries are from the United Kingdom. That is admittedly a rather low figure. However, more than half of these alerts are covert checks, which the authorities use to establish a movement profile of the persons concerned. With these covert searches, Great Britain is in third place in SIS II after France and Italy.
Despite the large number of Article 36 alerts issued by the UK authorities themselves, they seem to keep the hits on other countries‘ searches to themselves for the time being. Only when their own secret services have carried out a check and released the information, the authority issuing the alert in the other country will be notified. According to the evaluation, this is even done in the case of alerts for „immediate reporting“, which were set up after the terrorist attacks in France in 2015.
Schengen rules require exclusion
A Schengen State that does not implement the rules of SIS II should actually be excluded from cooperation. After the evaluations in 2015 and 2017, there was actually a debate about decoupling Great Britain. However, the governments of the EU member states decided in the summer of 2018 to continue the evaluation procedure despite the „very serious deficiencies“. The non-public decision was put online by the British civil rights organisation Statewatch.
At that time it was already foreseeable that Great Britain would leave the European Union. With the start of the „Brexit“ negotiations, the evaluation of SIS II was therefore halted a few months after the Council decision.
According to the „Brexit“ exit agreement, Great Britain may continue to participate in European information systems during the transitional phase until 31 December 2020. This means, however, that it is imperative that the evaluation of the implementation of SIS wiII be resumed. Two weeks ago, the EU Commission therefore made recommendations on how to remedy the British shortcomings. Like the previous audit report, the document is classified.
EU seeks opportunities for further participation
If the Council adopts the recommendations on how to repair deficiencies, the UK must respond within four weeks. Otherwise, there is again a risk that the country will be disconnected from SIS II. It would then be possible for British authorities to keep the illegally created copies and use them for law enforcement and security purposes until they are outdated.
If Britain were to become a full member of SIS II once it has withdrawn, it would have to agree to further evaluation and would also be subject to EU data protection rules. Given the current anti-EU rhetoric, this seems doubtful. Alternatively, the EU could adopt a new framework decision similar to the „Swedish initiative“ for participation in SIS II as a third country. In addition to these considerations, there are also discussions on whether the SIS II exchange of information should be handled by Europol.
The new SIS II Regulation also makes it possible to enter alerts from third countries. However, this would mean that Great Britain would only be informed of any hits from another Schengen member after a delay. Presumably, however, the government in London wants to retain exclusive access to the valuable EU information system. Details will now be negotiated in a „security partnership“.
Update: At 5 March, the EU Council released an Implementing Decision with 34 demands for UK to repair its misuse of SIS II.