Wednesday 16 June 2010

SWIFT II Sent to Council and Parliament

The new SWIFT agreement (or the "Terrorist Finance Tracking Programme") has been reached between the Commission and the US, and the agreement has been sent to the Council and Parliament for assent. Green MEP Jan Albrecht has written about the new agreement and uploaded a PDF of it here. Statewatch also released a PDF of the agreement here.

So does the new agreement address the concerns of the Parliament? Privacy is the central issue, and the long preamble to the deal takes care to highlight the tradition of privacy rights and protection in each jurisdiction (though MEPs tend not to see US privacy laws in the most flattering of lights), but a few new changes have been introduced to try and reassure Parliament.

Elements of the deal include: some oversight by Europol; that the data, if relevant to tackling terrorism by European authorities, will be forwarded to them; data providers can seek redress; citizens can request the erasure, correction or blocking of their information; the deal can be paused or cancelled upon notification after the first 6 months (though the cancellation would take place 6 months after notification); after the deal expires, it is automatically renewed each year for a year unless cancelled; there are provisions for passing on the data to third parties in some cases.

The safeguards are unlikely to fill the EP will a lot of confidence. Europol is an agency to aid work against organised crime, etc. in the EU - and therefore more likely to have a "police" outlook rather than a more impartial judge's outlook on how legal the transfer of data is. Having Eurojust look at the transfer of data to ensure that it complies would be better, as it would have more legal expertise, but a specialised legal review board would be better, in my opinion. In any case, despite the constant references in the deal that applications for data will be on specific data, the net will be quite wide in reality, since Swift only deals with bulk packages of data, and cannot separate them out.

If the data being transferred is bulk data, then it devalues the oversight - some private data will be transferred anyway, so there will already be a high tolerance for its transfer. There would presumably have to be quite a big breach of the agreement for Europol to stop a transfer (though my understanding is that they check that the application is correct, rather than going through the data itself - I doubt they have the resources to do that). The US have undertaken to delete data irrelevant to the deal's purpose, but effective safeguards are what the EP's after.

It's hard to see how effective the citizen's right to erasure, etc. would be. It would be rare that people would discover that data concerning them has been transferred, so how often can these rights be expected to be exercised? Effective safeguards before transfer are vital under these circumstances. Ideally there would be an application to a judicial panel for specific information, which would then be passed on if it complied with the deal.

Jan also brings up the question of how long the data would be retained for in his post. 5 years is too much, though if it was an exceptional period for an exceptional investigation and subject to rigorous safeguards and scrutiny, then such retention may be justifiable. Clearly such conditions aren't satisfied here.

Will it pass in Parliament? I hope not, and there are plenty of reasons here for the EP to reject it. However, there may be pressure to accept it to prevent the US from making bilateral deals and circumventing the EP altogether (though the US would have to consider how that could sour relations with the EP on matters that it cannot circumvent them).

On L'Europe en Blogs, there's an interview with the Commissioner for Home Affairs (whose department this falls under) here.


  1. Conor,

    I notice you give no reasons as to why the EP should approve the agreement other than it might harm transatlantic relations.

    We have had our share of major terrorist attacks in Europe, wether it's the islamic brand behind March 11 in Madrid, 7/7 London (not to mention all the foiled attacks), Basques, Corsicans or the types that you and I know from living in Ireland. They're all the same. They kill people and use some sort of ideology to justify it.

    Now it seems to me that surely both we and the Americans would want the same outcome from this: to stop the financing of terrorist activities, right?? So why is the European Parliament painting itself into a corner?

    Not only do they risk the US bypassing the EU in future (as you rightly mention) and negotiating deals on a bilateral basis, but it sends the message that we in Europe don't see the threat from terrorism. Having lived through the threat of terrorism in Ireland and al-Qaeda cells in Brussels, I really don't get this attitude!

    It's also sad that we find ourselves in a position where we are transferring data to the US because we can't / don't want to do it ourselves.. . Why does the EU not have its own TFTP? We should be asking that to our MEPs! We complain about the U.S wanting to police the world and at the same time we behave like we have nothing to fear!

    The EU is rightly concerned about the privacy of its citizens, but at what expense? Most Europeans fail to see why the EU and its institutions are relevant... The lisbon treaty has not made things any clearer yet, so if we push the americans away at this stage we will undermine the role of the Parliament, the lisbon treaty and ultimately the relevance of the EU on the world stage and as a viable partner of the U.S. Remember the run up to the Iraq war? We couldn't get our act together so the Americans just rolled their eyes and went to the security council.

    Since I'm not a terrorist I'm not likely to be under investigation by anyone. I really DON'T care if there's a record of me having paid my electricity bill in a packet of banking data sent to the Americans who are investigating terrorist activities! Having travelled many times to the US, they already have my fingerprints and lots more information about me (I don't see the EP making a fuss about that)

    Believe or not, when I get on the metro in the morning I'm more worried about a bomb in my train because someone didn't like the headscarf ban in Belgium than about bureaucrat in Washington possibly accessing information on when I paid the rent, which would be illegal anyway unless I was under investigation, which I'm not because I'm not a terrorist.

    I see a lot more potential benefits than problems with this agreement! At the same time I am not an expert, so I welcome any enlightenment you or anyone else can provide me with, because I just don't see what the big deal is!

  2. First of all, I agree that there should be some European TFTP, as long as it has judicial oversight and specific data is dealt with, rather than bundles of data. And if there are similar safeguards on such data before it's transferred to the US, then I'm happy for that to go ahead to.

    Interim arrangements bridging the gap before this happens should be considered as well, but this agreement doesn't have effectiove safeguards, and it is automatically self-renewable, rather than having a sunset clause, after which a new agreement would need to be passed. So it looks like the cancellation of the deal would either be in the Commission's hands, or, if it fell under co-decision, would require a QMV in Council as well as a majority in the EP. Therefore once passed, the Parliament looses its position of power on ensuring the oversight of the data and protecting the privacy of citizens. It's important to get this right now, rather than waiting 'til later.

    Information can be used for several purposes, and it does not follow necessarily that if you're a terrorist suspect you have nothing to fear. Executive power can be misused and abused - I'm not pointing the finger at this US Administration or the US in particular, but governments change and as a general rule the executive should not have a free reign on this. Terrorism should be treated as a criminal matter, and investigations should be subject to checks and oversight. Europol has neither the expertise nor the technical ability to fulfil this function, and the individual rights to challenge the programme are in practice ineffectual.

    As for feeling safe on the streets and trains, having a TFTP would help in combating terrorism in general, but I'm not sure how big an impact it would have on the situations you describe. After all, the reports on terrorist attacks, successful and foiled, are low tech home-made bombs, etc., that are the product of local groups, and involve everyday materials bought in shops, rather than involving large money transfers. Will the TFTP catch these groups? I doubt it would have a big impact; I suspect that the TFTP's greatest strength would be in combating the funding of terrorist networks in Afghanistan, etc, from supporters in the West. Which is an important task, but it's more of a strategic rather than tactical level operation.

    We have the capabilities and police experience to deal with the situations you describe, and despite the tradgies, I think that in general we have a good enough record on preventing terrorism. The benefits of the TFTP are not clear enough, in my opinion, to justify a rush to adopt a deal with poor-to-non-existent safeguards.

    The US may cool relations with the EP should they reject it a second time, but the Congress and EP are working together on building up relations. These relations will continue in the economic sphere, at least, even if the security agenda is taken off the table. Rejecting the deal is an acceptable risk, in my opinion.