thoughts and observations of a privacy, security and internet researcher, activist, and policy advisor

Tuesday, February 02, 2010

Bank data deal under heavy fire from EU Parliamentarians

The debate on the bank data ("SWIFT") agreement in the European Parliament's Committee on Civil Liberties, Justice and Home Affairs last week showed a clear conflict between parliamentarians on the one side and the EU Council as well as the European Commission on the other side.

The EU Justice and Home Affairs Ministers had signed an agreement with the US government on the transfer of bank data from the EU to the US for the Department of Treasury's "Terrorist Finance Tracking Program" (TFTP) on 30 November last year. It would legalize the use of bank data, including inner-European transactions, by US security agencies, which had been going on since 9/11 2001 and only became public in 2006. The new agreement had only been only possible because Germany abstained after a heavy fight between conservative and liberal parties in the Berlin coalition. Members of the European Parliament furiously criticized this move, because one day later, on 1st December, the Lisbon Treaty entered into force and gave the Parliament full veto powers in the area of justice and home affairs. Only later it turned out that because some national parliaments had announced reservations to the signature, the deal was not concluded and now has to be dealt with under codecision procedures.

The President of the European Parliament since December repeatedly had asked the Council and Commission to refer the agreement to the EP as soon as possible, without getting any reply. Only two weeks ago, the Spanish presidency told MEPs that the delay was caused by translation problems and that the EP would get it on 25 January. When MEPs found out that the text of the agreement had already been published in the Official Journal on 13 January, they immediately suspected a foul play by Council and Commission. The agreement has entered into force provisionally on 1st February, but the EP can only vote on it in the next plenary session (8 to 11 February). The Council has turned down a formal request by the EP to postpone the provisional application by two weeks. SWIFT itself has in the meantime announced that they will not turn over data unless there is a legal basis for it, including a parliamentary vote.

In the 27 January 2010 committee session, Commission representative Johnathan Faull revealed that there will also be a new, confidential, report by French anti-terror judge Jean-Louis Bruguière, when the committee will already have its vote on the agreement. MEPs from both Liberal and Green groups demanded that all such background documents be made public immediately, including an opinion of the Council's legal service and the secret annex that lists the financial service providers affected by the agreement. MEPs from all groups also criticized the substance of the agreement, citing numerous articles that are not in line with EU or Council of Europe data protection regulation or the EU charter of fundamental rights.

The EP's rapporteur on this dossier, Dutch liberal Jeanine Hennis-Plasschaert, also rejected the Council's and Commission's repeated claim that without the provisional application of the agreement, we would have a "security gap". Austrian Conservative MEP Ernst Strasser stated that "if there was a security gap, we would have it now - from 1st January to 31st January," referring to the fact that the global bank transaction provider SWIFT has already changed its architecture on 1st January. SWIFT is now routing inner-European transactions only within Europe, thereby cutting off direct access by US agencies.

The discussion became fully absurd when commission representative Faull suggested that we would even get a "privacy gap" if the agreement is vetoed by the EP. Vice European Data Protection Supervisor Giovanni Buttarelli quickly debunked such assertions, citing a new legal analysis done by his staff which also revealed several privacy and legal protection flaws in the agreement.The group of EU data protection commissioners had produced a similar analysis.

The next week before the EP plenary vote will now be decisive not only for privacy protection for EU citizens in the fight against terror, but also for transatlantic relations in this field and for the role of the European Parliament with its new powers under the Lisbon Treaty. Left, Liberal, and Green MEPs are willing to kill the agreement and protect privacy rights, while conservatives seem to be split. The decisive group will therefore be the Social Democrats. The committee vote is set for Thursday, 4 February, 15:00 CET.

(This is an updated and slightly edited version of an article I wrote for EDRi-Gram on 27 January 2010.)


Anonymous french derek said...

Thank you for this update. I was pleased to note the SWIFT response. But I am concerned over spokesman Faull's response. We have seen only too recently how UK "secret reports" were manipulated to allow the Iraq invasion. EMPs have a duty to beware any claims of breaching secrecy.

Also, I hope eurosceptics are aware of the important work done on their behalf by EP staff (see their reports, which you quote).

3/2/10 19:10


Post a Comment

<< Home