EUobserver's revelations of how the UK violates and abuses an EU police database sparked heated debate in the European Parliament's civil liberties committee - as the European Commission refused to respond to questions given the confidentiality of the leaked document.
A group of MEPs in the European Parliament's civil liberties committee are demanding the UK severe all ties to an EU police database, in the wake of EUobserver's revelations of widespread abuse - posing further possible complications on Brexit talks.
The UK is not part of the passport-free Schengen zone but was granted partial access to the so-called Schengen Information System (SIS) database.
The EU-run SIS database is used by police to track down undocumented migrants, missing people, stolen property, or suspected criminals.
"They are abusing the system. They are behaving like cowboys," said Dutch MEP Sophie in't Veld of the liberal Renew Europe group on Thursday (9 January), accusing the European Commission of failing in its duty to protect European citizens from the misdemeanour.
"For me it is very clear. No more access to Schengen Information System, full stop. And if this is the reliability of our negotiating partner [on Brexit] then you know we should be very very clear this is not a partner that we can work with under these conditions," she added.
The EU parliament then demanded the commission attend Thursday's committee hearing to respond in person.
The commission sent a senior official from its internal affairs branch, who simply told the MEPs he could not discuss the leaked confidential report.
"The fact that the report has been published on Twitter by a journalist does not have an influence on the status of the report as a classified document," he said, riling the MEPs even further.
But he did reveal that the EU Council, representing member states, had in fact mulled an option to cut the UK from the database in June 2018, around two weeks after EUobserver first published the investigation.
That never happened.
The UK was instead allowed to come up with a plan to rectify all the violations. The commission in turn suspended its probe into the abuse "in view of the on-going Brexit negotiation", said the official.
Over a year later Julian King, who at the time was European Commissioner for security, told EUobserver without citing the UK by name that "practical steps" were being taken by national authorities on the issue.
The leaked report disclosed other worries.
The UK is part of the so-called 'Five Eyes' intelligence sharing alliance composed of the Australia, Canada, New Zealand and the United States.
The US Patriot Act also compels US companies contracted by the UK to hand over data, should it be requested.
The companies ATOS, IBM and the US-Canadian firm CGI all have access in some form to the SIS database in the UK.
IBM, for instance, operates the service for the UK Home Office, which oversees migration and security matters.
The UK argues IBM cannot share the data with the US, because the Home Office owns the hardware and intellectual property rights.
But that argument fell flat with Clare Daly, an Irish MEP from the far-left GUE group.
"The UK Home Office asserting intellectual property rights over a stolen protected database containing private information about private individuals in a country that is about to become a third country. The commission really needs to get to grips on this," she said.
Despite the revelations and fallout, the commission says the UK will keep access to the database during the transitional phase of Brexit talks up until end of this year.
The commission also pointed out that the internal report had been shared with the EU parliament in May 2018, posing questions on why the select group of MEPs following the issue on the Schengen scrutiny committee, had never raised an alert.