Datonomy reported this July on the widespread unease among European privacy campaigners (particularly in Germany), at the EU’s decision to give its approval for the European Commission to negotiate an agreement with the US to allow the latter to access European banking data. The negotiations were considered controversial because they were prompted, in part, by news that SWIFT (the Society for Worldwide Interbank Financial Transactions) would be moving its database and servers from the US to Switzerland and Holland. The change in database location resulted from angry reactions in Europe to revelations that the US government had been using its laws (since the 9/11 attacks on New York) to force SWIFT to hand over banking transaction data, which included personal data on European citizens. With its database and servers located outside US jurisdiction, American anti terror agencies would need permission from the EU before they could gain access to this sensitive information.
Five months after the original decision to start negotiations, the EU announced last week that it had now reached an agreement with the US under which the Americans would continue to have access to SWIFT data on the conditions that
* only data referring to people with links to terrorist activities would be made available to US investigators,
* information about transfers within the EU would be excluded and
* the US would not be allowed to share European data with third countries.
Under the deal United States anti-terror authorities would be required to justify their demands for information and would need to focus their requests as narrowly as possible. However importantly, where a request was not precise, all relevant data would be made available by SWIFT which could include names and addresses as well as account and personal identification numbers, an outcome criticised by Germany’s commissioner for Data Protection, Peter Schaar, as enabling the collection of transaction data with only “marginal, indirect or presumed links to terrorism”. The initial agreement will last for nine months, and will come into effect on 1 February 2010, with plans to draw up a longer-term agreement when it expires.
Despite vociferous initial opposition to this arrangement it appears that the EU states that were so vehemently against sharing this data with the US have now bowed to American pressure with only a whimper of objection. According to German publication Spiegel the US, headed by Secretary of State, Hilary Clinton applied “massive” pressure on EU countries to sanction the new deal claiming that, if US security services were refused access to the financial transactions of European citizens, an essential element of the war on terror would be removed potentially leading to greater insecurity and a rise in the threat of new terrorist attacks (including in Europe).
The agreement was approved only after Germany, Austria, Greece and Hungary decided to abstain rather than vote against it, the agreement required unanimity to enable it to succeed. This is despite German politicians, in particular, having originally branded the sharing of European banking personal data with the US as “totally unacceptable” and arguing that it “must be stopped”.
Cynics have also pointed to the timing of the vote, which took place a day before the Treaty of Lisbon was due to come into force, a move that denied the EU Parliament equal decision-making powers over this agreement. The EU Parliament reportedly contains a majority who are opposed to the disclosure of private banking data and the deal would potentially have been under greater scrutiny and may have even been blocked by the European legislature. Despite this the EU Parliament is expected to have an opportunity to debate and vote on the agreement after it comes into force and with a longer term arrangement yet to be agreed, Datonomy wonders whether we may yet see this saga take another turn in a different direction.
Posted for Greg Ruback by Jeremy