SWIFT agreement adopted by the European Parliament

By EDRi · July 14, 2010

This article is also available in:
Deutsch: [Europäisches Parlament stimmt SWIFT-Abkommen zu | http://www.unwatched.org/node/2059]

The European Parliament has adopted the so-called SWIFT agreement on 8 July
2010 allowing sharing EU citizens’ bank data with the US authorities, but
failing to stick to its initial position on privacy safeguards from February
2010.

The text was adopted with 484 votes in favour and 109 against. The
supporters of the current version claim that the new text was significantly
improved by gaining a number of important concessions from the US. These
include the limitation of bulk data being transfer to the US or the role of
Europol in overseeing the transfer process.

However, even the data protection European bodies – EDPS and the Article 29
Working Party – have underlined that the current agreement does not meet the
European privacy standards.

As EDRi has explained in a FAQ made public shortly before the vote, there
is no prior judicial ruling required for transfer of data, the definition of
“terrorism” is very broad and there is still no legal redress available for
EU citizens in the US against data transfers or the possibly serious
consequences thereof.

Also, in practice, SWIFT can’t currently limit data searches to specific
individuals or single transactions. Actually, it will have to (and has in
the past) transfer data about all transactions from a certain country or a
certain bank on a certain date. There have been reports that the US Treasury
has received up to 25% of all SWIFT transactions, which number in the
billions each year.

As regards the Europol’s position, the EU body is far from a judicial
authority and it is now authorized to request information from the US
searches in the transferred data, which drastically reduces any incentive to
limit the transferred amount of data in the first place.

This agreement will enter into force on 1 August 2010. The current text will
be valid for 5 years and then automatically extends for one year at a time.
In order to terminate the agreement, one of the parties has to take an
initiative. Even if it is terminated, all transferred data will remain at
the disposal of US authorities. The data provided to the American
authorities will be subject to a retention period of 5 years.

Agreement between the EU and the USA on the processing and transfer of
financial messaging data from the EU to the USA for purposes of the
Terrorist Finance Tracking Program (8.07.2010)
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+TA+P7-TA-2010-0279+0+DOC+XML+V0//EN&language=EN

The Parliament shows the green light for the SWIFT II agreement (only in
French, 8.07.2010)
http://www.europarl.europa.eu/news/public/focus_page/008-76988-176-06-26-901-20100625FCS76850-25-06-2010-2010/default_p001c018_fr.htm

US to access Europeans’ bank data in new deal (8.07.2010)
http://news.bbc.co.uk/2/hi/world/europe/10552630.stm

Frequently Asked Questions on the Terrorist Finance Tracking Program /
“SWIFT” Agreement (7.07.2010)
http://www.edri.org/faq-2-swift-agreement-edri

EDRi-gram: Same privacy concerns for the new SWIFT treaty (30.06.2010)
http://www.edri.org/edrigram/number8.13/new-swift-treaty-privacy-concerns