SWIFT agreement implementation not respecting data protection safeguards

This article is also available in:
Deutsch: [Umsetzung des SWIFT-Abkommens missachtet den Datenschutz | http://www.unwatched.org/EDRigram_9.5_Implentierung_des_SWIFT-Abkommens]

The “top secret” status of the implementation of the SWIFT/TFTP Agreement
has irked MEPs such as Dutch member Sophie In’t Veld, who has warned the
Commission and Member States that they may block other transatlantic data
deals in the future.

The Terrorist Finance Tracking Programme (TFTP), also known as the SWIFT
agreement, is ostensibly an anti-terrorism measure which allows US
authorities to request and, upon the approval of Europol (who can thereafter
also gain access), large volumes of transaction information from the Society
for Worldwide Interbank Financial Telecommunication (SWIFT) – an
inter-service banking company used in roughly 80 percent of international
transactions. The agreement came into force in the summer of 2010.

This controversial agreement, which EDRi has advocated consistently against,
due to concerns about proportionality, transparency and fundamental rights,
was endorsed with reluctance by MEPS, who initially vetoed it in
February 2010. They won a number of concessions, including a specially
appointed EU representative to oversee the transfer of the data and the
inclusion of an oversight body (although this function is carried out by
Europol, which is considered by many not to have an adequate level of
independence) who would approve requests for data.

However, MEPs now worry that the Agreement is being circumvented and
requests for information have been denied, which In’t Veld has described as
“a symptom of a widespread culture of secrecy and reluctance to be held
accountable”.

The Permanent Representation of Germany to the EU expressed similar concerns
in a letter to the Council on 8 February, which states that Berlin is
“deeply concerned” about the Commission and Europol “repeatedly sidestepping
questions or not answering them at all.”

Alexander Alvaro, MEP in charge of the dossier in the European Parliament,
cited the conclusions of a Report on the implementation of the TFTP carried
out by Europol’s Joint Supervisory Body (JSB) that oversees data protection
issues. These, he said, raise serious concerns about compliance with EU data
protection rules, as Europol seems to be just “rubberstamping” requests for
the transfer of raw data without any scrutiny or oversight. Authorisation of
these bulk transfers seems to be on the basis of oral, unrecorded requests,
and all documents have so far been classified as top secret.

The report, published on 2 March 2011, was the first inspection of the
implementation of the TFTP agreement conducted in November 2010. The JSB
found that many data protection requirements were not being met and, that
despite the fact that US requests for data were often too general and
abstract, Europol approved each request received. Due to the amount of oral
requests received, the JSB reported that adequate internal and external
audit of the necessity and proportionality of data transferred to the US was
“impossible”.

In light of the report, German Greens member Jan Philipp Albrecht declared
that what Parliament achieved during negotiations has dissolved into thin
air and has called on the Commission and Member States in the Council to
terminate the agreement with the US.

In’t Veld explained in a press release that “our support for this and
other, forthcoming agreements (such as on PNR) clearly rely on the
trustworthiness of our partners… We will need stronger assurances that
protection of personal data of European citizens is not a mere box ticking
exercise, but a genuine mission of all EU bodies”.

The Commission is set to publish its evaluation of the TFTP on 17 March
2011. Alvaro has urged the Commission to take account of the disregard for
Article 4 of the Agreement and EU data protection rules and demanded that
all relevant documents be declassified. He also invited the European Data
Protection Supervisor to submit a report evaluating the functioning of the
TFTP.

Terrorist Finance Tracking Programme is not respecting data protection
safeguards (5.03.2011)
http://www.alde.eu/press/press-and-release-news/press-release/article/terrorist-finance-tracking-programme-is-not-respecting-data-protection-safeguards-37202/

PM to Europol report: SWIFT banking data agreement must be terminated! (only
in German, 8.03.2011)
http://janalbrecht.eu/2011/03/08/pm-zu-europol-bericht-swift-bankdatenabkommen-muss-gekundigt-werden/

Europol throws private data of EU citizens to grab (only in Dutch, 7.03.2011)
http://www.demorgen.be/dm/nl/5403/Internet/article/detail/1232610/2011/03/07/Europol-gooit-privedata-EU-burgers-te-grabbel.dhtml

MEP: SWIFT ‘secrecy’ may hamper new data deals with US (28.02.2011)
http://euobserver.com/18/31880

European Commission and Europol refuse to supply data on the implementation
of the EU-US TFTP (SWIFT) agreement as it is “Top Secret” (02.2011)
http://www.statewatch.org/news/2011/feb/01eu-usa-swift-data-secret.htm

Letter from German Delegation to Council of the European Union (8.02.2011)
http://www.statewatch.org/news/2011/feb/eu-council-germany-europol-usa-tftp-6266-11.pdf

Report on the inspection of Europol’s implementation of the TFTP agreement,
conducted in November 2010 by the Europol Joint Supervisory Authority
(4.03.2011)
http://europoljsb.consilium.europa.eu/media/111009/terrorist%20finance%20tracking%20program%20%28tftp%29%20inspection%20report%20-%20public%20version.pdf

US and EU agreement on exchanging personal data for the purposes of the
Terrorist Finance Tracking Program (2.03.2011)
http://europoljsb.consilium.europa.eu/media/112160/jsb%20tftp%20inspection%20-%20website%20notice,%20march%202011.pdf

(contribution by Raegan MacDonald – EDRi)