The British government has been accused of “behaving like a bunch of cowboys” after a confidential report revealed it had allowed illegal copying of an EU database.

The issue, discussed publicly for the first time on Thursday, threatens to sour talks on the post-Brexit relationship between the UK and the EU, despite hopes on both sides for close ties in fighting crime and terrorism.

Sophie in ’t Veld, a Dutch liberal MEP, told the European parliament’s justice and home affairs committee that a leaked EU report revealed “deliberate violations and abuse” by the UK of the Schengen Information System, a vast database used by police and border guards across the EU’s border-free Schengen zone.

While the UK is not a member of the border-free travel area, it has negotiated access to the database, where authorities across Europe share more than 76m items of information on criminal suspects, missing people or contraband goods.

“This is a country that is not a member of Schengen because it doesn’t want to be a member of Schengen,” In ’t Veld told MEPs. “It doesn’t want to be a member of the European Union. Nevertheless, in the kindness of our hearts we have given them access to the Schengen Information System and they behaved like a bunch of cowboys.”

The MEP, who has tabled a complaint to the European commission, said “one of the most astonishing” features of the leaked report was “the lack of reciprocity” from British authorities to act in the interest of EU counterparts.

“What the report says is that [British authorities] are basically only interested in people coming into the UK,” she told the Guardian. “People going out of the UK – if there is an alert, they are not warning the European authorities, so we are not safer.”

The leaked EU report states that British border guards only act on alerts “the UK considers to be important”, meaning some checks on people and documents requested by other member states are not carried out. Another charge is that the UK “does not always take action” if someone wanted for arrest is leaving the UK. British police, according to the report, are trained only to seize contraband goods relating to crimes committed on UK soil, not those in other EU member states.

The document, first reported by the EUObserver website in 2018, is based on visits by EU inspectors to 22 sites, including Metropolitan police HQ, Heathrow airport and the Folkestone checkpoint. Nine of the total were surprise visits to police units across the UK, as well as British Transport police.

Following those visits in November 2017, the EU concluded that British authorities had made “unlawful” full or partial copies of the SIS database. The report said “major deficiencies in the legal, operational and technical implementation of SIS” in the UK that had not been remedied, despite concerns first raised in 2015. The litany of problems pose “serious and immediate risks to the integrity and security of SIS data”.

An official responsible for information systems, borders and security at the European commission’s Home Directorate, Marc Sulon, told MEPs that an evaluation on how to respond to the report’s findings was put “temporarily on hold in October 2018” because of Brexit negotiations and no-deal planning.

EU member states, he said, had decided in June 2018 not to disconnect the UK from the database but give British authorities “the opportunity to propose a plan for remedial action”. The commission’s evaluation had resumed as the UK would remain part of the database until at least the end of 2020 under the Brexit transition period.

Sulon dismissed claims that the US government had access to the EU database via the UK’s illegal copies. US companies working for the UK government are suspected to have made the copies, but Sulon said the rules allowed “cooperation with contractors … subject to compliance with all provisions of the legislation”.

MEPs reacted with fury to the commission’s handling of the affair, including a missed deadline to respond to a European parliament question raising the alarm. Calling for an inquiry, an Irish independent MEP, Clare Daly, highlighted concerns from the commission that “other member states have challenges in this area”. She said: “I think the commission needs to come clean about how bad things actually are.”

The European commission president, Ursula von der Leyen, on Wednesday reiterated her call for “a new comprehensive security partnership” between the EU and the UK “to fight cross-border threats, ranging from terrorism to cybersecurity to counter-intelligence”.

But any wide-ranging agreement on data-sharing will almost certainly have to be approved by the European parliament.

Asked whether the database issue could be a problem for Brexit negotiations, In ’t Veld said: “I very much hope so,” adding that the report showed “violation upon violation”. She added: “If [in 2015, the UK] didn’t care about the rules then, how are we going to make them respect the rules if they are not in the EU any more?”

Neither was she persuaded by the commission’s reassurances that the US government did not have access to the data via a British backdoor. “Yeah and pigs fly … The UK is part of the Five Eyes [intelligence network]. The US lay their hands on anything they can lay their hands on.”

A UK government spokesperson said: “We have some of the highest levels of data protection safeguards globally and are fully committed to meeting our legal obligations. We have a very close security partnership with EU countries, providing information on thousands of alerts every year.”