Trust between the EU and the UK is in short supply. This poses risks to British-European security relations, writes Gijs de Vries (LSE). As Brexit unfolds, three issues, in particular, may give rise to tensions: data protection, human rights, and external security cooperation.
While the ink on the 2020 EU-UK Trade and Cooperation agreement might have dried, Brexit’s consequences will be felt for many years across a wide range of policy areas. Whereas economic ramifications have been widely discussed the consequences for security have drawn less attention. How will Brexit affect the safety and security of Britons and other Europeans? Are British-European security relations likely to benefit, or do political tensions loom on the horizon?
On both sides of the Channel criminals may well have breathed a sigh of relief: preventing and combating cross-border crime in Europe has just become more difficult. Brexit, as agreed in December 2020, is likely to dent the capacity of British and European law enforcement agencies to work together. As a result of the agreement, police forces will exchange fewer data and do so more slowly, while judicial cooperation will become more cumbersome and time-consuming. Privacy and human rights loom as future stumbling blocks. As the risk of lost opportunities, misunderstandings and mutual irritation grows, so does the potential for recrimination and distrust.
Brexit is also likely to affect European security in other ways. We live in an age where internal security and external security have become inextricably intertwined. Cybercrime, money laundering, terrorism, drugs smuggling, VAT fraud, counterfeiting, child pornography and other forms of crime do not respect national borders. As geopolitical tensions result in greater and more complex threats to Europe and the UK, governments will have to cooperate more, not less. The Brexit ‘deal’, however, risks having the opposite effect: it heralds not a reinforcement but a loosening of European security ties. Nothing at all has been agreed upon regarding cooperation in foreign policy, development policy, and defence. Whereas under Theresa May the UK had proposed a wide-ranging agreement to address common external security threats, under Boris Johnson, it changed tack and declined to negotiate provisions in these areas.
Law enforcement & the agreement
Four main areas of law enforcement cooperation are covered in the agreement: data sharing (via the Schengen Information System (SIS II), the Passenger Name Record System (PNR), the Prüm agreement, and the European Criminal Records Information System, ECRIS); cooperation on the basis of the European Arrest Warrant; British membership of key EU agencies (Europol, Eurojust; ENISA); and cooperation in other areas such as money laundering, terrorist financing, health security and mutual legal assistance in criminal matters.
First, data sharing. SIS II is the single-most-important law enforcement database in Europe. Its 80 million alerts were consulted over 5 billion times by authorities in 2017. Police officers on the street use it daily, accessing data within seconds from their hand-held devices. Every time a passport is checked at a border the system automatically checks for anyone sought for arrest and extradition anywhere in Europe.
The United Kingdom has been among the most active users of SIS, consulting it more than 500 million times per year. Brexit has now deprived the UK of access – not only because use is restricted to members of the Schengen area but also because the European Parliament, irked by the UK’s unlawful copying of SIS data prior to Brexit, threatened to veto Britain’s continued access. On 31 December 2020, some 40,000 alerts related to investigations in other European countries disappeared from the UK’s police national computer.
No matter, some have suggested: the UK could simply fall back on INTERPOL’s red alert database, supplemented by bilateral exchanges. However, bilateral data exchanges typically require days, not seconds. The INTERPOL database will only be an alternative to the extent that EU member states now decide to upload their sensitive SIS data to INTERPOL, overcoming longstanding concerns about the risks of leaks by some of INTERPOL’s 194 member countries. Furthermore, UK police forces and border authorities lack automatic, real-time access to the INTERPOL system. They will need to upload any data manually – a task for which the UK has now recruited over 60 extra police officers.
The UK will retain access to the European exchanges of DNA, fingerprints and vehicle registration data under the Prüm Agreement, albeit on a par with Liechtenstein and other non-EU countries. This means the UK has lost direct, real-time access. In case of a match (hit/no-hit) the UK will be able to obtain further personal only in compliance with the laws of the country holding the data, and provided its data protection standards remain essentially equivalent to those of the EU (see infra). As to Passenger Name Record (PNR) data, these too will be accessible only on the condition of complying with the EU equivalence standards. The UK also lost access to the European Criminal Records Information System (ECRIS) and will have to fall back on the European Convention on Mutual Assistance in Criminal Matters (1959). British police warned this is likely to slow down data exchanges. Prior to Brexit the UK was the most active user of ECRIS.
European Arrest Warrants are registered in SIS II. They play a growing role in the fight against international crime. The number of EAWs issued rose from 6,900 in 2005 to 17,491 in 2017, including 241 for terrorism-related charges. Extradition, which used to take up to a year, now takes place within weeks. Due to Brexit, the UK will no longer be involved. Alternative procedures have been agreed but it is unclear if they will work as swiftly and effectively. British extradition requests may be refused if a person’s fundamental rights are at risk, extradition would be disproportionate, or they are likely to face long periods of pre-trial detention. EU member states may refuse to execute a warrant for political offences. They may also refuse to extradite their own nationals to the UK, as Austria, Germany and Slovenia have already said they will.
The UK will be able to post liaison officers to Europol and a liaison prosecutor to Eurojust, in line with the arrangements for other non-EU countries. It may take part in Europol operational meetings and European investigation teams if invited. But the UK will no longer have access to the Europol Information System nor full access to Eurojust’s case management system, nor have any role in the governance of the two agencies. As to cybersecurity, the UK will be allowed to take part in some activities of ENISA at the invitation of the management board and in exchange for an ‘appropriate’ financial contribution.
Separate arrangements have been agreed upon in the areas of money laundering/terrorist financing and health security. Mutual legal assistance in criminal matters will supplement the relevant Council of Europe Convention. Disputes concerning law enforcement can be resolved by a Specialised Committee on Law Enforcement and Judicial Cooperation or by the Partnership Council.
In sum, while the 2020 agreement partly preserves previous forms of law enforcement collaboration, data sharing and operational cooperation between UK services and their EU counterparts will become more difficult. In this area, as in others, Brexit has trumped common sense. The problem is not confined to operational matters; the risks to the bilateral relationship are deeply political. Three potential problem areas stand out: data protection, human rights, and external security cooperation.
The bilateral EU-UK relationship
Any exchange of data between the EU and the UK is conditional on data protection. The EU now needs to attest whether UK data protection standards are essentially equivalent to the EU’s standards as set out in the General Data Protection Regulation (GDPR), the Law Enforcement Directive and the jurisprudence of the European Court of Justice. The principal stumbling block might well be the UK’s longstanding practice of exchanging sensitive personal data with its ‘Five Eyes’ intelligence partners (Australia, Canada, New Zealand, USA). The European Commission has proposed to grant the UK an adequacy decision. The file now passes for an opinion to the European Data Protection Board; EU ministers will take the final decision. However, this is unlikely to be the end of the matter. Should EU ministers decide to approve the Commission proposal, one or more appeals to the European Court of Justice are all but certain. Although the ECJ has been careful in allowing the EU and national governments significant latitude to legislate, it has also insisted that data protection must be taken seriously. The ECJ invalidated the EU Data Retention Directive (2014), the Safe Harbour Agreement between the EU and the USA (2015), the Passenger Name Record Agreement with Canada (2017), and the Privacy Shield Agreement with the USA (2020) as incompatible with the right of European citizens to data protection and privacy. In 2018 it ruled that GCHQ, the British intelligence and security organisation, has breached human rights in its mass surveillance programme.
Legal matters aside, the principal political question between the UK and the EU in the coming years will be one of trust. London has stopped behaving like a reliable partner. It tore up the Political Declaration it had signed in October 2019, including the commitment to a broad, comprehensive and balanced security partnership. It signalled its readiness to break international law by unilaterally overriding the Northern Ireland Protocol of the Withdrawal Agreement. It flagged its intention to compete by undercutting the EU’s regulatory standards, including EU standards on data protection. And that is not even mentioning the pettiness of denying the EU ambassador full diplomatic status – despite London having signed up to proposals that grant EU diplomats the privileges and immunities of the Vienna Convention on Diplomatic Relations. These twists and turns have affected trust in the UK to a far greater degree than many appear to realize. As one EU source put it: “What does it say about the UK, about how much the British signature is worth?”
European Conventions on Human Rights
One area where this question of trust could well give rise to political tensions is human rights. Sixty years ago the European Convention of Human Rights was drafted mainly by British lawyers. Today, the UK’s commitment to the ECHR and other human rights instruments appears to be faltering.
For 12 years the UK refused to implement a European Court of Human Rights ruling on prisoner rights (Hirst, 2005). Irritation at the ruling led Downing Street to delete the obligation to adhere to international law from the ministerial code. Theresa May argued that the UK should leave the ECHR altogether. In 2020 Council of Europe ministers sharply rebuked the UK for its failure to abide by seven Court rulings on abuses by British security forces in Northern Ireland. The Conservative Party, which had previously said the UK should “break the formal link between British Courts and the European Court of Human Rights”, has recently proposed a bill to derogate from the ECHR and its prohibition against torture in certain overseas military operations. Simultaneously the UK launched a review to consider whether the British Human Rights Act “strikes the correct balance between the roles of the Courts, the Government and Parliament”. Earlier this year a Conservative-leaning think tank proposed that ministers should have the final say on judicial appointments, prompting concerns about a politicised judiciary. The trend is worrisome.
At the instigation of the EU, the December 2020 T&C Agreement commits both sides to continue to protect and give effect to fundamental rights, including those set out in the European Convention on Human Rights. Either side may terminate the agreement on law enforcement for any reason but one reason that is mentioned explicitly is the United Kingdom or an EU member state having denounced the European Convention on Human Rights or Protocols 1, 6 or 13 (death penalty) thereto. Either party may also suspend cooperation in case of serious and systematic deficiencies in the way the other side protects human rights, the rule of law, or personal data. Respect for the European Convention of Human Rights is an essential element of UK-EU relations post Brexit. Erosion of these obligations by either side will not go unnoticed.
Conclusion: European defence cooperation
In addition to data protection and human rights, external security is a third sensitive area that will require deft political management. European defence cooperation is an imperative for geopolitical as well as industrial reasons. British and European companies need each other but Brexit has now thrown a spanner in the works.
British defence firms can only join EU Permanent Structured Cooperation (PESCO) projects or benefit from the EU’s €7.9bn European Defence Fund under certain conditions. Third countries must not contravene the security and defence interests of the Union and its member states, including “respect for the principle of good neighbourly relations” with the member states, and they must have a political dialogue with the Union which covers security and defence. However, the UK under Boris Johnson has turned down the EU’s offer of a structured dialogue on security.
The UK’s strategy is clear: it is to seek bilateral cooperation with selected European countries instead of working with the EU. Such ‘divide and rule’ tactics can work, but they tend to come at a price. If EU member states play along they risk doing serious damage to PESCO, not to mention European political cohesion. If they do not, industrial competitiveness may suffer. The UK, for its part, may find that its long-term interests depend on being regarded as a partner, not an adversary.
At the moment trust between the UK and the EU is in short supply. Brexit does not improve European security. Both sides should take care to avoid further damage.
This post represents the views of the author(s) and not those of the Brexit blog, nor of the LSE.