By EDRi

This article is also available in:
Deutsch: [SWIFT: Ist der Bericht der Kommission inkorrekt? | https://www.unwatched.org/EDRigram_11.1_SWIFT_Ist_der_Bericht_der_Kommission_inkorrekt?pk_campaign=edri&pk_kwd=20130125]

The very controversial TFTF (Terrorist financing tracking programme or
Swift Agreement) through which the European and US law enforcement
authorities are exchanging financial personal information of suspected
terrorists, is covered by two review boards (one American and another
one from EU) to ensure that the information is secured and properly handled.

The Commission’s report on the second joint review of the implementation
of the Swift Agreement issued on 18 December 2012, was largely
favourable to the implementation of the agreement: “As illustrated by
the report (and the detailed information contained in its annexes), this
review confirmed the clear value added of this instrument in fighting
against and preventing terrorism. This – very sensitive – programme
continues to be well protected and is scrupulously managed in accordance
with a set of effective safeguards. (…) Overall the implementation of
the agreement more than two years after the entry into force of the
Agreement has reached a very satisfactory level of effective
implementation with also the EU increasingly profiting from it under the
specific reciprocity arrangements”

The report has also pointed out some recommendations among which that
the US Treasury specifies more in detail to the Commission how the
on-going evaluation process is carried out in practice, and that the
practice of deletion of data is continuously monitored. It also
recommends that US Treasury respects any technical modalities and
security arrangements agreed for the transfer of information, “including
seeking prior consent from the data owner before disseminating such
information”. The report asks for future consultation and coordination
between JSB, Europol and the Commission on the planning, timing and
focus of possible inspections “in order to avoid overlapping activities
and misleading public statements.”

But Reinhard Priebe, Director for Internal Security at the Commission’s
directorate for home affairs, who chairs the EU review team, stated that
there might be a conflict of interests in the European review board, as
the board includes two data protection experts who are on a
joint-supervisory body (JSB) linked to Europol.

The JSB report, which details how the terrorist-fighting authorities
share the personal data, is now kept secret, as JSB conclusions were
apparently incorrect in the Commission’s view considered Dutch MEP
Sophie in’t Veld. She also stated that she had no idea whether the
agreements regarding the safeguards for the proper application of
agreements were used or not.

The reality is that there is a huge unnecessary amount of data sent, on
a daily basis, within the agreement. “The essential problem of the
Agreement remains unresolved: The report gives no indication of the
extent and scope of the data” as underlines The German Federal Data
Protection Commissioner Peter Schaar.

By 1 August 2013, the Commission and the US Treasury are to prepare a
joint report regarding the value of TFTP data. The next Joint Review,
according to Article 13 of the Agreement, will be carried out in 2014.

Terrorist data oversight tainted by potential conflict of interest
(20.12.2012)
http://euobserver.com/justice/118593

Commission Staff Working Document – Report on the second joint review of
the implementation of the Agreement between the European Union and the
United States of America on the processing and transfer of Financial
Messaging data from the European Union to the United States for the
purposes of the Terrorist Finance Tracking Program (14.12.2012)
http://www.statewatch.org/news/2012/dec/eu-com-tftp-review-swd-454-12.pdf

Monitoring report of the EU Commission: the case of financial data
delivery in the U.S. is that neither requests nor deletion are traceable
(only in German, 19.12.2012)
https://netzpolitik.org/2012/kontrollbericht-der-eu-kommission-bei-finanzdaten-ubermittlung-in-die-usa-sind-weder-zugriffe-noch-loschung-nachvollziehbar/