final logo red (RGB)

 

Select Committee on the European Union

Security and Justice Sub-Committee

Corrected oral evidence: Post-Brexit UK-EU security co-operation

Tuesday 12 January 2021

10 am

 

Watch the meeting

Members present: Lord Ricketts (The Chair); Lord Anderson of Ipswich; Lord Anderson of Swansea; Lord Arbuthnot of Edrom; Lord Dholakia; Baroness Finn; Baroness Goudie; Baroness Hamwee; Lord Kirkhope of Harrogate; Lord Lexden; Lord Polak; Baroness Primarolo; Lord Rowlands.

Evidence Session No. 1              Virtual Proceeding in Public              Questions 1 - 10

 

Witness

I: Sir Julian King, former UK Commissioner to the EU.

 

 

USE OF THE TRANSCRIPT

  1. This is a corrected transcript of evidence taken in public and webcast on www.parliamentlive.tv.

 


14

 

Examination of witness

Sir Julian King.

Q1                  The Chair: Good morning, and welcome to the Lords EU Security and Justice Sub-Committee meeting. This is our first public session in a short inquiry we are holding into post-Brexit law enforcement co-operation, which is part of a series of inquiries which the Lords EU Committee is conducting into the outcome of the UK-EU negotiations. Our session this morning will be divided into two parts. For the first we are delighted to welcome back Sir Julian King, former British diplomat and the UK’s last EU commissioner where he held the security portfolio from 2016 to 2019. Welcome back, Sir Julian.

I will introduce our second panellists at 11 o’clock. Both sessions are public. They are being broadcast and are being transcribed. We will ensure that our witnesses have the chance to correct any errors in the transcript before publication.

Before we start the session, I want, on behalf of the whole committee, to send a message of support to James Brokenshire, the Minister of State for Security at the Home Office, who has announced he is stepping back from his ministerial duties to undergo further medical treatment. Mr Brokenshire has given evidence to this committee and we were in correspondence with him to the end of last year. We have greatly appreciated his frankness and his constructive and collegiate approach, and we want to send him and his family our very best wishes, and wish them strength for what is obviously a hugely difficult time for all of them.

Welcome, Sir Julian. It is great to have this further opportunity to discuss with you now that we have the text of the trade and co-operation agreement. In the course of this hour I am particularly interested personally to learn what our witnesses think about the practical effect that the reassuring words in the agreement will be on law enforcement co-operation between the UK and the EU. It is easy to see that there are lots of good intentions, but I am interested in how it will work out in practice and whether rapid, effective co-operation can continue.

Could you give us briefly your overall assessment of this agreement? How did it strike you? What are the particular points you will underline from it? The members of the committee have more detailed questions to put to you.

Sir Julian King: Thank you very much for the invitation. I welcome this opportunity to have the discussion this morning. We have an agreement. It is an important agreement. It is quite complicated in some respects and it very much needs scrutiny and discussion. Thank you for the opportunity to be part of that on the security dimensions.

I welcome this agreement. The alternative, which is the absence of an agreement, would have been very complicated with very serious and immediate consequences: the breaking of co-operation that had been established over more than a decade, the limiting of the possibilities of those on the front line—policemen, borderguards, immigration officers who work to keep us safe—to use tools that they used up until the end of last year every day to do their jobs. The fact that we have an agreement is very important.

If you look at the starting points of the two sides—if that is the right way of describing it—the UK Government on one side and the EU on the other, in light of the positions that they took during the negotiations, which we might talk about a little bit more, the outcome represents a good working compromise. But it will be complicated to put some of these arrangements into practice, and we might talk about that a little bit more.

There are two headline challenges. There is the largest potential operational gap, which is the absence of access to the largest EU law enforcement database, the Schengen Information System. A question that is left hanging for the moment is about data adequacy and how that will work out, which has potentially significant consequences more broadly than security but also in this area for security co-operation.

Those are the two headline issues that I hope we might discuss in more detail, but as you go through the different provisions, welcome as they are, you discover that there are challenges of implementation, issues that still have to be tied down, and questions about the long-term stability of arrangements in this area. There are probably harder questions about the long-term stability of some of the arrangements on the economic and trade side, but there are issues here as well, given the various provisions for termination, suspension and review.

That is what I would say by way of general comment. I look forward to this morning’s discussion.

The Chair: That gets us off to a good start.

Q2                  Baroness Finn: Good morning, Julian. I am interested, especially in light of what you have just said, about the oversight and conditionality of what is in the agreement. It creates a specialised committee on law enforcement and judicial co-operation, so what will the committee’s exact role be? How accountable will it be? What will the role of Parliament be in overseeing its operation? Given all that you have said about the challenges of implementation and long-term stability, do you think it presents that?

Sir Julian King: It is one of the bodies that will be constituted underneath the overall umbrella of the Partnership Council. Obviously it will be one of the more important ones, because of the nature of this part of the agreement, some of the important practical arrangements and the underpinning, including the protection of fundamental rights and the data adequacy dimensions.

It is referred to in various parts of the agreement. It has a role to play in the potential dispute resolution discussions and in the governance of some of the detailed provisions about possible termination and suspension, and it has a role in the various different review processes that are envisaged in this part of the agreement. But, as I understand it, it has the governance role of the agreement. It will not have a role in developing new areas of co-operation. That would have to be the subject of separate discussions, and eventually separate arrangements and agreements.

You mentioned the Commission. The Commission, on behalf of the EU, will be part of this governance arrangement, as will obviously HMG. I do not think that the precise arrangements for how that will work have been entirely fixed yet—who will play that role. On the EU side, we have to see what the European Parliament says as it discusses its view on the agreement as a whole, but I would expect that it would want to make some provision on its side to exercise some scrutiny role on the ongoing work of the committee in this area. As I am sure we will go on to discuss, the European Parliament has in the past taken a very close interest in these issues and has very strong views on the protection of fundamental rights and data protection in particular. What happens withscrutiny on the UK side is more a matter for you and your colleagues to form a view on rather than for me.

The Chair: Lord Anderson of Swansea wanted to pick up in particular on the issue of human rights that you were just talking about.

Q3                  Lord Anderson of Swansea: As you have said, scrutiny is vital, yet for time reasons there has been relatively little parliamentary scrutiny.

I turn to the agreement that contains provisions requiring the parties to respect international human rights law and EU data protection standards. Breaches can lead to suspension of part of the agreement. Presumably the provision on international human rights law refers to the European Union Convention on Human Rights where the UK has an excellent record of compliance, better in fact than many EU countries.

Can you speculate on how the EU side will respond, as this can be fairly fuzzy? How strict will they be? How much discretion is there? I think particularly of the Hirst case on prisoner voting rights where other countries are also in breach and where we delayed for over 10 years before ultimately we reached an agreement. Would that come within the scope of this? How much discretion would there be? I will then turn to the data protection side.

Sir Julian King: As you know, we have had an occasion to talk about this at an earlier stage in the negotiation process. The EU side from the very beginning set out very firm positions on the protection of fundamental rights and data protection. In fact, initially they were asking more of the UK on those issues than they had of other third countries who have arrangements and agreements in this area. It is to be noted that they pulled back a little bit in some of the things that they were asking, so that the original request from the EU side, that the agreement itself should contain details of how the UK was going to implement provisions of the ECHR, was not followed all the way through in the negotiations. A requirement that made data adequacy a precondition for co-operation in this area also was not followed through in the final agreement. We will probably come back to that.

As you know, the agreement says that the co-operation in this area is based on the ECHR. Both sides will observe that, and while respecting the independence of the two sets of legal arrangements—the UK on one side, the EU on the other—there is effectively a break clause that says that if one side or the other feels that the other side is not following through, that is grounds for termination of this part of the agreement. Indeed, grounds for potential termination of the agreement are set out in Article 136 in this part of the agreement.

Very briefly, data protection—we may want to come on to it in more detail—is an area of possible suspension. The arrangements on data protection are referred to in Article 137, which is a separate article on suspension. The way this has come out in the agreement, subject to others’ views—there will be fine legal minds, as indeed there are on today’s call, looking through the detail—the provisions for triggering termination if various aspects of the ECHR are not observed look more automatic and more immediate than the provisions on suspension on the basis of data protection concerns.

Lord Anderson of Swansea: As a former member of the Commission, as a former insider, how strictly do you think the human rights provisions will be enforced and policed?

Sir Julian King: As you know very well, the Commission has always taken a very firm view on this, and the European Parliament follows these issues extremely closely. If there are concerns, I expect they will be voiced on the EU side, and there are specific provisions; again I refer you to Article 136 of this part of the agreement, which provides for rapid termination..

Lord Anderson of Swansea: But there will be a substantial discretion.

Sir Julian King: We will have to see in practice how that works. You are absolutely right that this is an area that traditionally the EU has attached a great deal of importance to, and I do not see any reason why that should change.

Q4                  Lord Kirkhope of Harrogate: Good morning. I go back to the whole question of the access that we will have now to the important data on criminality, terrorism and so on in these various different categories. I know that David McAllister in Brussels is very concerned about this as well. I am talking now about fingerprints, vehicle information and passenger name records in particular, but also the work through Europol and Eurojust on the overall criminal records.

We have always known that in a number of cases, and I know particularly about passenger name records, real-time exchange of information is critical. It is not just a question of having access to the information but having access to the information immediately and contemporaneously with other European law enforcement agencies. It does seem, looking at the agreement, that there is nothing very clear about this. Indeed, all the surrounding discussions seem to suggest that while we will somehow have access, we will have to have that access based upon our position as a third country and not in the privileged and necessary position of real-time information. Could you just talk us through what you think about that effect? I am not sure it is useful at all having these things without that particular provision.

Sir Julian King: Putting to one side for a moment the question of the Schengen Information System, which we have already highlighted as probably the most important potential gap and operational challenge in the short to medium term, the arrangements that have been reached on working together with the agencies and on access to some of the other frameworks for sharing law enforcement information and data, I have to be honest, look pretty good, considering that this is an agreement with a third country. The UK is not a member state; it has left. Therefore, the precedents that you have to measure it against are the arrangements that are available to other third countries.

Against that, these look like effective arrangements. They will not be the same as the arrangements that existed when the UK was a member state. UK front-line law enforcement—policemen, border guards, immigration officers—had immediate real-time access to the different databases, as you say. But there is a provision for developing a close working relationship with the most important agencies—Europol, which you know well, and Eurojust, which is the agency for co-ordination among prosecutors.

It is important to note there that quite a lot of the follow-up work on how exactly the UK and UK representatives will be engaged with those agencies is left to be developed by the management boards of those agencies. That is welcome, because the management boards are made up of front-line practitioners who attach a great deal of importance to effective co-operation, as you know very well. They will be looking to try to build the best possible working relationship, respecting the fact that the UK and UK representatives will be coming from a non-member state.

On some of the important databases, the agreements that have been reached are important and are worth underlining. The so-called Prüm database, which exchanges information on vehicle registrations, fingerprints, DNA, and will continue to develop to exchange more information on crime scene forensics, effectively allows the UK to continue to plug in to that network for sharing information. The arrangements for exchanging of information on criminal records are not quite as strong, but there are some arrangements that will allow the UK to establish a central agency for recording criminal records that will be able to work with such agencies in other member states. That is welcome as well.

But you are right that inevitably, as a third country, these arrangements will be a bit more complicated and less fluid than what was in place until the end of last year under membership and then the transition arrangements. That comes most into focus when we get to the things that are not there. As we have already pointed out, the link with the Schengen Information System, which was the go-to data exchange arrangement for policemen and others on the front line, has stopped. That is an operational challenge which HMG will need to try to plug.

Lord Kirkhope of Harrogate: I recently attended an inter-parliamentary conference for Europol and Eurojust. There were some American representatives present. Clearly they have the right to be observers; they are present at headquarters of Europol, for instance. They are very much part of a process, albeit—I know they think this is useful—that they are not entitled to be on the board or to have any direct say in the way in which these things develop. That is my concern.

You mentioned Schengen, but the whole base of the PNR, in which I have a particular interest, was the real-time exchange. What is worrying me is that while we are working towards getting an understanding here—I know you are being positive about this, quite rightly I am sure—PNR, and all these things, depends on real time. As you will know from your experience, we are talking about seconds and minutes rather than a piece of paper filled in, an application made, a possibility, a day or two. When you are dealing with terrorists and major criminals, that is not good enough. Do you think that we will be able to fill that somehow?

Sir Julian King: Specifically on PNR, which you know at least as well as me, it is an area where it is important that an arrangement was reached. In many of these areas it was not necessarily a given. At various stages in the negotiation process and the discussions, as I understand them, there were some real difficulties about making progress. But there is an agreement on PNR information, so it will be possible for UK authorities to continue to exchange that information with EU member states, and for it to work it has to have an element of timely—I do not know whether you would call it real-time—exchange of information. You need the information before the plane lands. That arrangement will be put in place and there will be some way of exchanging that information for PNR.

There are some detailed provisions, which I am sure you have looked at in the agreement, which mean that the UK has to review how it handles the information that it receives from EU member states. It has up to three years with various review points to adjust some of the handling arrangements that have existed in the UK for that information. But that information will flow, so that is one of the positive elements.

Q5                  Lord Polak: I want to follow up a little bit on what Lord Kirkhope was saying, and I am also very interested in the practical ramifications. How much has the police officer on the street today, needing to access that information, lost?

Perhaps I can also refer to your splendid article in Prospect magazine where you talked about the loss of the Schengen Information System and the front-line officer being able to consult directly the Euro-wide database in real time, but you went on to say that making greater use of Interpol’s serious crime databases is one option. You suggested that Interpol’s 194 members have a different approach to sharing data. But all 27 members of the EU are among those 194 members. We know that they share the same thing. I do not understand, if that is the case, why we cannot use the Interpol with those 27 countries, using the same approach today, if I am following the argument you made in the magazine.

Sir Julian King: It may be worth spending a few moments on the operational challenge of the loss of the Schengen Information System, because, as you say, that was the go-to system for those on the front line. In many cases, they were able to plug in directly in real time—as Lord Kirkhope indicated—to get access to information that was fed in from all the member states; tens of thousands of alerts on wanted people and, indeed, objects of interest. That, as you know, was being used extensively, hundreds of millions of times a year, by UK police and law enforcementbillions of times a year if you look across the whole of the EU. It had become a real everyday working tool. That stops.

As you say, the Government have said that they will try to deal with that operational requirement through alternative arrangements. One of the arrangements is to use the various Interpol serious crime databases more, and another is to try to build up co-operation on these kinds of alerts and information about wanted people in particularserious criminals, terroristsamong trusted countries.

I have a lot of respect for Interpol. It is an excellent organisation. It runs a number of databases in this area, and they are fed variously by the Interpol members. Alerts on wanted people are called red notices in Interpol speak. A number of you will remember from various press reports on this that in the past there has been some debate about how different Interpol members have used red notices. There has been some debate about the basis on which they are issued and the handling that they receive. But, as you rightly point out, we should be able to assume that the 27 EU member states use the Interpol databases with the same kind of rigour and the same kind of protections, the same serious approach, as they do the Schengen Information System.

In recent years, most of the member states have put a lot of effort into feeding information, sharing information, across the Schengen Information System, probably more than they were putting into the equivalent Interpol systems. What now needs to happen, and it is happening, is that the Government need to engage with the EU member states and encourage them to share as much information across the Interpol networks as they are sharing themselves across the Schengen Information System. I hope that the member states will do that. Certainly, as far as I can, I shall be encouraging them to do that. One or two of them domestically have at times had reservations about how open they are across the Interpol databases, given the very wide Interpol membership and the different approaches to tackling terrorism and serious crime in some of the Interpol members.

You are right that that is a possibility, and it is one that we need to encourage everyone to pursue. At the momentyou will need to double-check this with operational police officersit has not always been as easy for front-line policemen to get access to the Interpol databases as it was to get access to the Schengen Information System. But, again, that needs to be addressed, and I think will be addressed in the government proposals for modernising UK police data handling.

Lord Polak: It seems clear, then, that using Interpol will be the way forward, because surely the Government will do exactly what you have said. I am just trying to get my head around how the 27 EU countries put different information about criminals on to two different databases. They have information that they put on, whether it be the Schengen Information System or Interpol, so the information should come across. I fail to understand why it should be difficult.

Sir Julian King: They are not connected. The member states have to decide that they will put the information into two separate databases.

Lord Polak: Let us hope they do.

Sir Julian King: We are encouraging them to do that. There are some concerns about how quickly and easily and sustainable that might be. The Government, as I understand it, have also been pursuing the idea of building up a new approach to sharing such alerts among what they called trusted partners, which would include Five Eyes but could go further than that. That is an attempt to modernise and speed up access to such alerts—going back to Lord Kirkhope’s comments earlier about real-time access—by using new technology, putting such alerts up into the cloud and allowing access, subject to certain arrangements with trusted partners, into that collection of alerts. That is an interesting idea as well, and we should be pursuing it, but both these alternatives will take some time and some investment to get up and running. This is an important area to scrutinise and check and to encourage rapid progress on.

The Chair: Baroness Goudie will also pursue questions in this area, which have now been rather broached.

Q6                  Baroness Goudie: Good morning, Sir Julian. It is lovely to have you back. I enjoyed your article very much. One of the issues that is emerging here is that speed is of the essence when we need to deal with criminals, terrorists and others. How much time do you think the Government have to put this in place? Secondly, the Government have to consider how much finance they are willing to put into this. The key issue is who we get to do this. Any data input or the way you look for it has to come from the real experts. Do we have those experts in the United Kingdom or do we have to bring them in from somewhere else? If we have, how do you see that we should use them? I have changed my question around to follow on from what you were saying.

Sir Julian King: I do not think there is any lack of expertise in the UK law enforcement community. One of the reasons why we have the arrangements that we have in this area is, I suspect, because everybody, including on the EU side, recognises the expertise and experience that exists on the UK side and recognises that we have a shared mutual interest in finding ways to co-operate and to tackle some of these shared challenges, whether they are from serious crime or terrorism, using instruments that will have to evolve and change to reflect the fact that the UK has left the EU.

I do not think there is a lack either of law enforcement or of technical expertise, but these are new things. They will have to be built up. Your questions about the priority attached to this, the amount of investment that is available, and timelines for delivering effect in these areas are very good and are exactly the sort of questions that I hope you will be pursuing, including when you talk to representatives of HMG. I am not a representative of HMG and I cannot answer for them on all the detail of this.

As has come out in the last exchange, part of this is also about getting other partners to play. Whether that is encouraging the EU member states to do something a bit more quickly or thoroughly than they have previously been doing in using the Interpol databases, or whether it is encouraging new partners to share police alerts across a new technical database, it is not just about what HMG can do; it is also about what partners can do.

Baroness Goudie: Otherwise you will get lots of duplication.

Q7                  The Chair: Going back to the Interpol issue and Lord Polak’s question, as an old securocrat I would say that countries might have a different approach to what they are prepared to put on a database that goes to 194 countries than they have to a database that is shared between 27 friends and trusted partners. So there may be an issue there.

We have not talked so much about ECRIS, the criminal records database, which is another of this network of databases where real-time access was so crucial. When I looked in the detail of the agreement on that I found reassuring words that we will have an exchange as soon as possible”, but then it said, “as soon as possible and within 20 days”. An exchange of criminal records within 20 days is not much use to the police who are trying to decide whether they make an arrest immediately. Does that expose a likelihood of much longer delays in getting criminal records?

Sir Julian King: The general mutual legal assistance arrangements, and specifically the arrangements on exchanging criminal records, are building on Council of Europe arrangements—as you will know, because we have discussed it before—that go back some decades. What I would emphasise being positive, what I would point to, is that these arrangements go beyond those basic Council of Europe agreements, even as they have been updated, and they are designed to deliver results more speedily and to supplement those international arrangements under the Council of Europe.

They are not as quick and efficient as the arrangements that exist among EU member states. That is the reality. But I welcome the fact that for the exchange of criminal records there is a proposal to build what in effect will be a new platform or network among designated authorities in the UK on the one side and the member states of the EU on the other to hold that information and to be able to exchange it. That would not have been the case if it had not been put down in this agreement.

Q8                  Lord Lexden: I have a quick question on Gibraltar and Schengen. Do you think that Gibraltar’s membership of Schengen could give us back-door access in any way to the information databases?

Sir Julian King: I have the same access as you to information about the agreement concerning Gibraltar. I do not have any special insight into it, but, as I understand it from the reports that I have seen, it is not about Gibraltar as an entity joining Schengen. It is an agreement that Schengen procedures on border checks would be extended de facto to Gibraltar under Spanish auspices, potentially with the assistance of the EU border agency FRONTEX, which might help in some of the implementation. But, as I understand it on the information I have seen, Spain would be responsible, as a Schengen member, for any question of clearing information that was gathered through those controls. It is Spanish access to the databases that we are talking about, not new access.

The Chair: We now come to data adequacy. It is the last major chapter of our discussion with you this morning, which I know members are particularly interested in.

Q9                  Lord Arbuthnot of Edrom: You have described the issue of data adequacy as something that is left hanging, because the European data authorities have not yet made a decision that the UK protections are adequate, which leaves us operating on the basis of interim arrangements set out in the trade and co-operation agreement. How does that work with EU rules and the CJEU’s case law on data protection? Might it be vulnerable to legal challenge in the CJEU?

Sir Julian King: Conceivably, but I find it quite difficult to see that that particular risk is all that high, because ifas we all, I hope, expectthe European Parliament confirms its agreement to what has been set out in the TCA, it includes this cover for four to six months temporary arrangements pending an adequacy decision. That would be the legal basis, and that would be endorsed by the EU side, so I am not sure how easy that would be to challenge. But even if someone sought to challenge it, I cannot imagine that the court would get around to reaching a view on that challenge in four to six months, given the track record of the court.

There are some real challenges in this area, which I would be very happy to discuss further with you and other members, but I am not sure that that particular risk is that high.

Q10             Lord Anderson of Ipswich: If we do not get the data adequacy decision that we want in the spring or summer, or if a decision is made but then suspended or annulled by the European Court, I am interested in possible workarounds. I have two things in mind. First, Martin Hewitt of the National Police Chiefs’ Council said in a letter of 11 November to the Home Affairs Select Committee that without a data adequacy agreement we should be able to continue to exchange data under the law enforcement directive as third-party countries do now”, although he added that he was uncertain how the member states would view the position.

Secondly, there are a number of specific provisions in the TCA itself governing the processing of data, onward transfer of data to third countries, and so on. Are there alternative safeguards, and how much do you think law enforcement has to fear from the absence of a data adequacy decision?

Sir Julian King: I speak under control of some real experts on this subject. My interpretation of what has taken place here is, again, that a position that was taken earlier in the negotiations has evolved. While the situation that we now have in the agreement poses some challenges, it is nevertheless more stable than automatic suspension linked to data adequacy.

At an earlier stage in the negotiations, as I understood it, the EU side was saying that co-operation in this area should be contingent on data adequacy as a necessary condition and that, absent data adequacy, you would not be able to have co-operation in this area. That, if you look at the agreement, as you rightly set out, is not where we appear to have ended up. We appear to have ended up with a situation where data protection is very important, there are detailed provisions on data protection in various parts of the agreement, and there is the possibility of suspension of all or parts of the agreement linked to concerns about data, but it is a possibility and it does not happen automatically. There also appears to be, although here I think the legal minds will need to examine the text closely, a separate test for suspension with regard to serious and systemic data protection concerns. That is not, I suppose, necessarily the same as somebody taking a challenge to an eventual data adequacy agreement and that being struck down or somehow modified in the courts.

I agree with your point that there appears to be some provisions in this agreement that will make it possible to continue co-operation even if there is some continuing debate on the status of data adequacy—subject, as I say, to a close legal reading. If that is right, that is welcome, because data adequacy, as you know very well, has been challenged in the past. Even if there is an agreement, as I hope there will be in the next four to six months, that the UK is deemed to be handling data in a way that deserves adequacy both under an adequacy arrangement and under the law enforcement directive, that determination could still be challenged subsequently. So it is important that we go through the agreement in the detail that you have set out, Lord Anderson.

Lord Anderson of Ipswich: That is extremely helpful. A quick supplementary, if I may. If we do not get the data adequacy decision and we are relying on these workarounds, is there any specific system or any specific category of data that you think member states will be particularly nervous about sharing with us, or is it difficult to say?

Sir Julian King: The debate about data adequacy will almost inevitably involve asking questions about how the UK national security authorities handle the data of EU citizens. That is a subject of great concern, and it is on that basis that previous data adequacy arrangements with the United States have been challenged and struck down.

The other area that I think will come under quite a lot of scrutiny is the so-called onward transfer of data—the data-sharing arrangements, particularly on the law enforcement side, between, for example, UK authorities and authorities in other countries, specifically the United States, because, as you know very well, the UK has reached an agreement, although I am not sure it has come into force yet, on sharing information with US authorities about electronic evidence in criminal and other law enforcement inquiries.

I think those subjects will get very closely scrutinised. If there is a data adequacy agreement or decision, as I hope there will be, that will mean that the Commission has said that it is satisfied on those points, but it is open to others to raise concerns and challenge them. Those are the subjects that I expect would be at the centre of any debate and challenge.

Is there information on EU citizens available in the UK that the UK’s national security authorities have access to that give rise to concern, or is there information on EU citizens available in the UK that might therefore be transferred onwards to the US? Those are the sorts of questions that I think would be at the centre of any concern.

The Chair: As I understand it, while the UK was able to benefit from the exclusion of national security issues in the treaty while a member state, that exclusion will no longer be available to the UK outside as a third party. That changes the legal landscape a bit as well.

Sir Julian King: Exactly, which is why two data adequacy arrangements with the United States have been challenged and struck down in the European Court.

Baroness Primarolo: Julian, your last answer was very helpful, because I am trying to work out what the relevance of the data adequacy decision by the Commission would be and how it would impinge specifically here on security. You mentioned the four to six month period to come to this decision. The Irish Council for Civil Liberties has called on the European Parliament and the Commission to refuse data adequacy agreement on the basis of the data breach in real-time bidding, which is a complicated area but is using personal data of European Union members and then selling itonward transmissionanywhere.

Could you unpick a bit more the relationship between what will happen if we do not get the data adequacy decision and are therefore relying entirely on the arrangements you described to Lord Anderson within the TCA designated exchange of data? Could you also explain how any challenge would be triggered? Would it be triggered in the European Parliament, the Commission, a member state? What would the process be through the specialised committee to deal with it? I am not quite clear how this will work as a process.

Sir Julian King: I am not predicting that the UK will fail to get data adequacy.

Baroness Primarolo: No, I appreciate that.

Sir Julian King: I hope that the UK does get data adequacy. I cannot see why it should not, given that the GDPR is operated as effectively in the UK as it is  in the EU, in my experience . I want to put on the record that, in my experience, the governance arrangements for the activities of national security authorities in the UK are at least as good as equivalent arrangements in other European countries. So I hope that that will lead to the granting of a data adequacy decision.

However, it can be challenged, as it has been in respect of the US. It can be challenged by any party that brings a challenge to the court. Some of those challenges have come from the European Parliament in the past and some have come from individuals. In particular, challenge has come from an individual known to some of you, Max Schrems, who has said that he is not expecting to take a challenge to an eventual UK data adequacy agreement, because he thinks it would be too simple to challenge that. We shall see.

If there were not to be a data adequacy agreement, which I am not predicting, or if it were to be successfully challenged, there are some very detailed provisions in this part of the TCA, set out in Article 137 and other articles, that, as far as I can see, may allow continued sharing of data but in a more constrained way.

Baroness Primarolo: I think I will leave it there. That has been very helpful, but I need to think about it more and about what the process would be. You certainly have given us something to think about and spend a lot of time scrutinising.

The Chair: Thank you very much. It will inevitably be an important part of our inquiry over the next few weeks. Thank you for that.

Baroness Hamwee: Julian, you talked about states with which we are less likely to want to share information. Is there a correlation there with states from which we particularly want information? Linked to that, given that, as I hear it, all member states will have to make an investment in new systems—that cannot make us terribly popularwill they be less willing to make that investment?

Sir Julian King: I hope not. There is, as I think I have said already, a shared mutual self-interest in trying to maintain effective co-operation against these shared threats. We will be asking EU member states to share information across systems that they have not been using as extensively in the past. As came out in an earlier discussion with Lord Polak, there is no reason why they should not be able to do that, I do not think, although, as the Chair said, some reservationshave been expressed in the past about putting stuff on a platform that is available to 194 rather than a platform that is available to 27, or 28 in the past.

I do not know how much financial investment that will entail, but it will involve an investment of time and political commitment. One of the things we need to do is encourage that and work with the Government to follow how it evolves.

Lord Rowlands: Julian, can you give us a brief assessment on the arrangements that have been made for extradition and surrender within the agreement?

Sir Julian King: I hope you have some experts on next.

The Chair: We will come on to that in our next panel.

Sir Julian King: It is quite a complicated part of the agreement, and you certainly need more than another two minutes. It is good that there are arrangements on this, I think. One of the concerns, as we have covered before and as you have covered with many witnesses, was that perhaps it would not be possible to reach an agreement on something to replace the European Arrest Warrant. Front-line practitioners have used the European Arrest Warrant extensively, and you have had lots of witnesses talk about its importance.

I am glad that agreement was reached basically building on a precedent that had been worked out with Norway and Iceland. It has been possible to bring into this agreement effective arrangements for surrender of suspects and wanted people in more serious cases. I think that merits quite close scrutiny, because there are some complicated provisions on this and it is subject to separate review arrangements; if you get into this part of the agreement, there are separate review arrangements with regard to the surrender clauses. I think it is an area where, first, we need to see how it comes into force, secondly, we need to see how it works in practice and, thirdly, we will have to monitor carefully as we get closer to the review arrangements to make sure that it remains effective.

The Chair: Thank you very much indeed on behalf of the whole committee, Julian, for a really fascinating session that has got us off to a very strong start for this inquiry. We are very grateful for your time. I am now going to propose a very short suspension of the session so that we can bring in our second panel. Thank you, Julian. We will be back in a couple of minutes.