Europe Votes to Send Secret Bank Data to US Authorities

After months of debate, the European Parliament finally gave its consent to the controversial Swift agreement on Thursday.

The so-called Swift accord will allow the bulk transfer of European citizens' financial data to U.S. authorities as part of the Terrorist Finance Tracking Program (TFTP). The Parliament originally rejected the agreement in February over concerns about civil liberties. But after both the European Commission and the European Council – made up of all EU heads of state – approved the plan, Parliament came under increased pressure to allow the agreement to go ahead.

The Commission revised the original proposal with concessions to Parliament and its members voted to approve the revised proposal by 484 to 109. There were only 12 abstentions.

In exchange for Parliament's support the new agreement acknowleges the ambition for the European Union to establish a system equivalent to the TFTP, which could allow for data extraction to take place on EU soil. The U.S. has committed to providing assistance in setting up such a system.

One of the chief concerns about the five-year Swift agreement was who would be responsible on the E.U. side. This issue has been addressed with the setting up of a dedicated unit within Europol, the European Police Office, under the supervision of the Data Protection Officer. Data can only be transferred with the approval of Europol, on a case-by-case basis and in the smallest possible quantities. Europol refused to give specific details on the level of security training of those involved.

However according to EDRI (European Digital Rights), the European Data Protection Supervisor (EDPS ) and several other data protection authorities the agreement interferes with the private life of potentially all Europeans. Commissioner Malmström refuted this, saying that European citizens have been given a twofold guarantee to "complete transparency as far as access and use of data are concerned; and, second, access to appropriate tools and redress procedures to ensure that privacy is protected."

However, many consumer and civil liberties organizations remain concerned with the security aspect. EDPS (European Data Protection Supervisor) pointed out that Europol is not a judicial authority. Furthermore, nine MEPs (members of the European Parliament) in the civil liberties committee who opposed the agreement warned that the accord might break European data protection rules and could face a legal challenge at the European Court of Justice. Opponents say that the agreement is illegal because it violates the right to privacy, which is enshrined in the European Convention on Human Rights.

EDPS also called for the storage period for non-extracted data (i.e. data that US law enforcement authorities have not accessed for terrorism-related investigations) to be considerably reduced -- currently the US can hold this information for five years. The data held by Swift includes the names of bank account holders and their account numbers.

European citizens also have well-founded concerns about 'mission-creep' – the expansion of the program to examine the data for reasons other than terrorist tracking - US authorities were secretly accessing the information for five years. The US Treasury Department first demanded access to Swift's confidential data following the Sept. 11 attacks and issued compulsory subpoenas. However, Swift failed to inform the responsible EU authorities and the situation only came to light following a report in the Wall Street Journal in 2006.

The reworked agreement includes demands from MEPs to allow an EU official to be present in the U.S. when American counter-terrorism officials extract and review data transmitted to them from the EU via Swift and Europeans can seek redress from the U.S. authorities if data is misused.

The accord has already been signed by the EU and the U.S. and will come into force Aug. 1.

Subscribe to the Business Brief Newsletter

Comments