The European Commission has indirectly confirmed the UK made illegal copies of classified personal information from a database reserved for members of the passport-free Schengen travel zone.

Asked to comment on the classified report, obtained and revealed by this website early last year, Julian King, the European commissioner for security, on Wednesday (24 July) said "those are meant to be confidential discussions that we have with the individual member states."

Student or retired? Then this plan is for you.

Without citing the UK by name, he then said the country had since taken a series of what he described as "practical steps" to address the issues identified in the report.

"It is not just one member state that has some challenges in this area, there are a number of member states that have challenges in this area," he said.

The 29-page report had listed years of violations by British authorities, following restricted access to the Schengen Information System (SIS).

SIS is an EU-run database used by police to track down undocumented migrants, missing people, stolen property, or suspected criminals.

Although the UK is not in the Schengen area, which includes 26 other European countries, it has been given limited access to SIS since 2015.

The document, drafted by Schengen experts from EU states and by the European commission, had said the UK violations "constitute serious and immediate risks to the integrity and security of SIS data as well as for the data subjects."

Among other things, the UK had made numerous full and partial copies of SIS, increasing the risk of further data breaches.

Its sloppy disregard of the rules include making unlawful copies of data, which it then stored on laptops at airports and government offices.

Private contractors like IBM hired by the UK government were also given access.

Entrusting private contractors to handle such sensitive information, which included photographs and fingerprints, only increased risks in terms of physical and logical data security, noted the report.

US firms are also obliged to hand over the data to the US government if so requested under the Patriot Act.

Furthermore, given the SIS database is constantly updated, it means partial or full copies placed on laptops remains static - posing serious issues for anyone whose name or identity is supposed to have been removed.

"SIS data is not deleted when the issuing member states deletes it but kept in this database," warned the report.

It had also noted that the UK had failed to implement numerous recommendations to address "very serious deficiencies" already made in 2015.

King said the probe carried out in the lead up to the report is part of a rolling process to make sure that all EU states respect SIS and other EU-wide information systems.

"It is crucial if we are going to have faith in those systems," he said.

The issue comes amid heightened anxiety over the UK's end of October deadline to leave the European Union. The UK wants to keep security access to EU databases like SIS.

King, himself British, said that in the event of a no-deal Brexit, security cooperation would have to be based on other international and non-EU frameworks.

"I have to say, since I have spent the past three and half years of my life devoted to this, EU frameworks are better than many areas than the other existing international frameworks," he said.