Friday, 13 August 2010

EU and US Conclude Swift Agreement

The United States and European Union signed an agreement giving the American government agencies access to all bank transactions within Europe, in the name of anti-terrorism intelligence.

The Swift agreement, named after the Belgian-based Society for Worldwide Interbank Financial Telecommunication that runs the eponymous intra-bank network, was accepted by the EU on Monday 28th June 2010. It allows American collection of data within Europe and the transfer of information about suspicious transactions to the US. An EU official based in the US will maintain oversight for privacy and against misuse.

The agreement follows an earlier interim agreement to give the US data on all transactions, which was signed last November ahead of changes to the Swift architecture. Originally, Swift had two datacentres — one in the US and one in the EU — which mirrored all bank transactions. From 1 January, 2010, a third datacentre was used in Switzerland to maintain redundancy without having EU data in the US, which would have been against European privacy law.

The interim agreement was subsequently opposed by groups within the EU parliament, including the Progressive Alliance of Socialists and Democrats (S&D), who forced a parliamentary rejection of the agreement in February. The S&D amendments were then incorporated.

The European Parliament has adopted the Swift agreement on Thursday, 8th July 2010 allowing sharing EU citizens' bank data with the US authorities. The text was adopted with 484 votes in favour and 109 against. The supporters of the current version claim that the new text was significantly improved by gaining a number of important concessions from the US. These include the limitation of bulk data being transfer to the US or the role of Europol in overseeing the transfer process.

However, there are concerns that the current agreement does not meet the European privacy standards. There is no prior judicial ruling required for transfer of data, the definition of "terrorism" is very broad and there is still no legal redress available for EU citizens in the US against data transfers or the possibly serious consequences thereof. Also, in practice, Swift can't currently limit data searches to specific individuals or single transactions. Actually, it will have to (and has in the past) transfer data about all transactions from a certain country or a certain bank on a certain date. There have been reports that the US Treasury has received up to 25% of all Swift transactions, which number in the billions each year.

As regards the Europol's position, the EU body is far from a judicial authority and it is now authorized to request information from the US searches in the transferred data, which drastically reduces any incentive to limit the transferred amount of data in the first place.

This agreement entered into force on Sunday, 1st August 2010. The current text will be valid for five years and then automatically extends for one year at a time. In order to terminate the agreement, one of the parties has to take an initiative. Even if it is terminated, all transferred data will remain at the disposal of US authorities. The data provided to the American authorities will be subject to a retention period of five years.

The Agreement between the EU and the USA on the processing and transfer of financial messaging data from the EU to the USA for purposes of the Terrorist Finance Tracking Program can be read here.