EU bank data transfer on the table of the EU institutions

By EDRi · April 21, 2010

This article is also available in:
Deutsch: [Transfer von EU-Bankdaten auf Agenda der EU-Institutionen |]

The airline problems in Europe that have affected also many MEPs, have
postponed a series of voting sessions scheduled for this week in
Strasbourg, including the votes on PNR and SWIFT resolutions.

The US Administration declared that it hoped to continue “realistic”
negotiations with the EU for a new bank data transfer deal with the EU,
allowing American investigators to track terrorism funding. In February
2010, the European Parliament voted to block US access to
banking data on European citizens from SWIFT, especially due to privacy

There were fears that the US might give up any negotiations with EU in the
matter, trying to settle individual agreements with Belgium and the
Netherlands, where the databases are located. However, the US administration
decided to continue to negotiate with EU.

At the meeting that might take place in Luxembourg during 22-23 April 2010,
EU justice ministers could give green light to the European Commission to
start talks with the American side. However, concerns will probably be
raised by some countries such as Germany, Greece, Austria and Hungary which
have already expressed reservation to some issues, as they were also unhappy
when the provisional deal concluded in 2009. But the delay of the EP vote on
this may lead to postponing the Council vote.

MEPs are to express their opinion on the guiding principles for the
negotiations, emphasizing the need to limit the quantity of data transferred
but, for the time being, SWIFT has no technical possibility to extract
certain data on a bank client. It seems that the US would not oppose a
restriction of the categories of data received by them.

A hearing has been recently organised by The Greens/EFA group in the
European Parliament on the issue of data sharing with the US.

A detailed overview of the legal situation in the matter was provided by
Paul de Hert from the Free University of Brussels. Despina Vassiliadou from
the European Commission explained the necessity of an over-arching binding
framework for data sharing due to differing agreements on PNR or SWIFT. For
this purpose a “high-level contact group” had already been set up in order
to establish the most effective way forward.

Peter Hustinx made an analysis of what would be needed from any such
agreement, including the necessity of adequate safeguards for all data
processing and the creation of strong oversight mechanisms and judicial
remedies for its infringement.

Edward Hasbrouck from the Identity Project emphasized the fact that
passenger records are globally shared through US-based air customer
databases and, as a result, the question of formal PNR transfers only covers
a small part of the ways in which passenger data are shared around the
world. He argued that Article 12 of the International Covenant on Civil and
Political Rights should be part of any final agreement with the USA.

Patrick Breyer from AK-Vorrat explained that the ECHR jurisprudence limits
the rights of countries to cooperate with states which do not provide an
adequate level of protection and considered that the cooperation should be
on a case by case basis, with the respect of human rights, and that the
agreement should not be a justification on its own for data transfer.

In a discussion in the Civil Liberties Committee of the European Parliament,
MEP Sophie In’t Veld said she had found out that filtering of the financial
messaging data was possible and she believed the filtering should happen in
the EU and should apply to any kind of data transfer.

In the same meeting a representative of the European Commission announced
that the EC would shortly be releasing a report on the second closed-door
EC-DHS joint review of DHS compliance with the current PNR agreement. As the
US organisation Papers, Please! explaines, the two reports (December 2008
and February 2010) issued so far by DHS on its own self-assessment and
claims of compliance “are seriously misleading and contain significant legal
and factual misstatements.”

“Their inaccuracy makes clear that DHS claims cannot be relied on without
independent verification. The willingness of the DHS to publish such false
claims calls into question the good faith of DHS participation in the joint
review, and reinforces the need for a truly independent review including an
audit of DHS actions by technical experts with access to legal process to
compel full access to DHS records.” concludes the detailed analysis made by
Papers, Please!

US wants ‘realistic’ talks on EU bank data transfers (15.04.2010)

Testimony to Members of the European Parliament (8.04.2010)

Public Hearing: Protection of Personal Data in Transatlantic Security
Cooperation (1.04.2010)

Member states urged to postpone decision on Swift (20.04.2010)

DHS “update” still misstates compliance with EU agreement on PNR data

DHS “update” still misstates compliance with EU agreement on PNR data

DHS: Update on the PNR review report (5.02.2010)

EDRi-gram: European Parliament needs to reject the SWIFT deal (10.02.2010)