The European Parliament is seeking legal advice before mounting a challenge to a deal signed today between the EU and US which will allow vast amounts of personal data describing people's interbank financial transactions to be passed to US terrorism investigators.
The Council of Ministers and US signed a data transfer agreement for the Terrorist Finance Tracking Program (TFTP) on Monday morning after an unprecedented struggle over its terms with the European Parliament.
MEPs have fought for control over the transfers since 2006, when the New York Times revealed that US investigators had then already been reading European financial transactions processed by Swift, the de facto international financial messaging hub head-quartered in Belgium, for four years.
The agreement gives US agents the power to request personal data held by a private European company without judicial oversight usually required by European Law. This extraordinary power is the source of continued opposition to the agreement, which must be approved by MEPs on 7 July before it is officially validated.
The Civil Liberties Committee, which will advise the council which way to vote on the agreement after a meeting next Monday, is writing to the European Parliament's Legal Service to ask whether the agreement is invalidated by its failure to impose judicial oversight on US TFTP requests.
The agreement signed today gives Europol, the trans-European police agency, the authority to decide which requests are approved. MEPs had opposed Europol's appointment because the police agency works with US Treasury agents investigating terrorism and makes use of personal data obtained under the TFTP. The agreement allows Europol to ask US agents to make a request for European financial data and then to approve its own request before telling Swift to disclose the data.
Rui Tavares, a Portuguese MEP for the European United Left, who drafted the letter for the LIBE committee said: "The data protection supervisor [should] oversee requests made by the police, not the police itself. It's a clear case of putting the drunkards in charge of the liquor store."
The agreement allowed Europol to "rubber stamp the requests made by the US Treasury", said Tavares. This was a worst-case scenario, he said. "The jurisdiction of the US Treasury has been extended to European territory".
The European Data Protection Supervisor had opposed the agreement because it was "not necessary" in European legal terms. Terrorism investigators were already allowed to request financial data from private companies, but only on the authority of a judicial warrant.
The EDPS also complained last week that the agreement breached European rules of proportionality, since it permitted the bulk
transfer of private financial data. A requirement that the transfers comply with European Data Protection and Human Rights law was removed from the final agreement.
German MEP Alexander Alvaro, the European Parliament's rapporteur for the agreement, agreed a compromise over the data transfers with the Spanish presidency of the European Union last Thursday, after a ten-month political struggle. The three main political groups gave a chorus of approval for the latest revision since the US had conceded to allow a Commission appointee to oversee US use of European financial data in Washington. The LIBE committee is also, however, seeking legal advice on the proposed appointment.
MEPs claimed further esteem for their compromise deal, citing it as the first time they had used powers granted them by the Lisbon Treaty to reject decisions made by the European Commission and Council of Ministers. But the Parliament was under pressure to approve the agreement its last summer sitting next week, and the latest version had been stripped of any direct accountability to EU data protection and Human Rights Law.
The final agreement was made answerable only to itself. "The US Treasury Department shall ensure that Provided Data are processed in accordance with the provisions of this Agreement", it said.
Its language had also been loosened to grant US investigators greater leeway over EU data. It allowed the US to retain the data "for no longer than is necessary for specific investigations or prosecutions for which they are used", allowing data to be collected now in case some reason is found for keeping it in the future.
The previous draft of the agreement allowed the US to keep EU data "for no longer than necessary for the specific investigation or prosecution for which they are accessed", in keeping with EU data protection law. This important distinction in European law prevents police from building unregulated databases of suspects with insufficient justification for their suspicion, a protection based on fear stemming from the experiences of history.
The agreement allowed the US to access data about the "racial and ethnic origin, political opinions, or religious or other beliefs,
trade union membership, or health and sexual life" of European citizens who the US wants to investigate.
Germany and France both raised questions in the Council of Ministers about the appointment of Europol as arbiter of data requests by their US compatriots.
The agreement also sought to placate critics by conceding authority to an as yet unformed transatlantic data protection treaty, which is expected in the next year to permit more general sharing of data between US and EU law enforcement agencies. But the deal set a precedent by allowing TFTP investigators operational freedom from judicial authority, outside of EU law.