The LIBE Committee discussed on 7 April 2010 the re-launch of negotiations on a SWIFT long term agreement.
It has to be recalled that following the European Parliament refusal to provide its consent on the US-EU SWIFT Interim Agreement last February a new draft-negotiating mandate has been indeed submitted by the College of Commissioners on 24 March 2010 to the Council, which in turn is expected to approve it on 22/23 April. According to the Commission the new agreement might be concluded at the beginning of June of this year.
Will the new agreement be founded on Judicial cooperation in penal matters or ….?
According to the Commission statement and the legal basis chosen for the new mandate (art. 82 of the TFUE) the future agreement will comply with the EP request expressed already in September 2009 to build the EU US cooperation in this domain in a framework which could be consistent with the new EU Treaty the art. 8 of the European Charter of Fundamental rights and the request of some Constitutional Courts such as the German Court. To do so the draft mandate has foreseen the creation of an European “Authority of judicial nature” which could check the necessity and proportionality of the US request of SWIFT data .
Therefore during the debate Rapporteur Ms Jeanine Hennis Plasschaert (ALDE) enquired the European Commission on whether it would be possible to explore alternative legal frameworks from judicial cooperation in penal matters .
Mr Faull underlined that the Commission could not see any feasible short term alternative system to the mutual legal assistance framework, however this will not prevent the Commission to explore also other possibilities, following the requests from the Spanish Presidency and by taking in account the question posed by the Rapporteur. On the same logic to find alternative solution to judicial cooperation Ms Carmen Romero López (S&D) suggested to work within the framework of an anti-money laundering directive revised to include banking messaging companies.
Therefore according to Jan Philipp Albrecht (Greens/EFA) these “alternative” approaches would go against the European Charter on Fundamental Rights, the European Convention on Human Rights as well as the German Court (see recent judgment on data retention) with the risk, as pointed out “that Germany will feel impelled to reject this mandate on constitutional grounds”. To avoid possible “clashes” with European or national constitutional courts Mr Albrecht has then suggested then to request for the opinion of the EU Court of Justice on the compatibility of the draft agreement with the EU legislation, as foreseen by Article 218 §11 of the Treaty on the Functioning of the European Union.
The new draft negotiating mandate
The new draft negotiating mandate as agreed upon by the College of Commissioners on 24 March 2010 and upon approval of the Council foresees -among others- the following elements:
- Safeguards to ensure the respect of the fundamental right to the protection of personal data;
- Transfer to third countries of only information derived from terrorism investigations (“lead information”);
- A judicial public authority in the EU with the responsibility to receive requests from the United States Department of the Treasury, verify if the substantiated request meets the requirements of the Agreement and if appropriate require the provider to transfer the data on the basis of a “push” system;
- Retention of personal data extracted from the TFTP database for no longer than necessary for the specific investigation or prosecution and non-extracted data retained for five years;
- Onward transfer of information obtained through the TFTP under the Agreement shall be limited to law enforcement, public security, or counter terrorism authorities of US government agencies or of EU Member States and third countries or Europol or Eurojust as well as Interpol.
- The Agreement shall provide for:
1) the right of individuals to information relating to the processing of personal data;
2) the right to access his/her personal data;
3) to the rectification, and
4) as appropriate erasure thereof.
Hence, it appears that the College of Commissioners has tried to address some of the past concerns addressed by the MEPs.
However, while demonstrating the willingness to explore grounds for a new agreement on the SWIFT data-sharing, some of the Members of the LIBE Committee, expressed a variety of concerns, most of which were already raised in the previous report of the European Parliament and that can be summarised as follows:
Members of Parliament still have concerns that the transfer of bulk data will not be addressed properly. According to Ms Sophie In’t Veld (ALDE) filtering should be done in the EU for financial data, PNR and telecommunications. Also Ms Birgit Sippel (S&D) stressed that SWIFT should be able to individualise data ahead of a transfer.
In this regard it remains to be seen whether SWIFT has the technical ability but not the willingness to bare the costs derived from selecting and transferring individual data instead of ‘data in bulk’.
According to Mr Faull it will not be possible to reduce the quantity of data transferred however he will work to reduce their size by removing the presumably non-useful data.
Data storage period
MEPs expressed concerned over the five years data storage as foreseen by the new text despite the attempts of Mr Faull to reassure the Committee stating that five years was not “unreasonable” given data’s useful lifespan in counter-terrorism.
Access, rectification, compensation and redress outside the EU
Mr Stavros Lambrinidis (S&D) enquired whether there was no other way for the bulk transfer of data and if it was not possible to impose some prior European check when the US wants to transfer the data to third countries.
Furthermore MEPs expressed the need to ensure the right to appeal to European citizens in front of American authorities in case of personal data abuse/misuse.
In this respect Mr Busutill asked to ensure equal rights between US and EU citizens and Mr Faull replied that the Privacy Act is indeed discriminatory and therefore does not guarantee the same rights to EU and US citizens. However the Privacy Act does not apply to the TFTP , hence asking to apply the same right of US citizens to the European ones means not having any rights at all.
No evidence on the effectiveness
There still is no evidence that cases of terrorism have been prevented or prosecuted based exclusively on the financial data.
The fact that the EU is planning to conclude an executive agreement on exchanges of data before negotiating the general agreements on rules governing the data protection raise additional concerns. Indeed, the acceleration of the envisaged SWIFT II agreement will limit the margin of maneuver for negotiators on the overarching transatlantic agreement on data sharing and data protection. In other words, it will force the latter to simply accept praxis established before the development of the general principles governing data protection.
Also the Commission -using the words of the Director General of DG JLS Mr Jonathan Faull- is of the opinion that “in an ideal world” general norms should be established before specific ones. However, no sufficient reasons have been provided to explain why the European Union is accelerating the negotiations on the SWIFT agreement instead of giving precedence to the establishment of overarching general framework on EU-US data protection and exchange.
In conclusion, the European Union is engaging in a delicate exercise trying to define at the same time internal, external, specific and general data protection norms. This would have been possible -in theory- if the European Union had clear objectives and points of reference. However, following the LIBE Committee debate on 7 April this seems far from being the case.