You are currently browsing EDRi's old website. Our new website is available at https://edri.org

EDRI-gram

If you wish to help EDRI promote digital rights, please consider making a private donation.


Flattr this

logo

EDRi booklets

Implementation of the SWIFT agreement under review

20 April, 2011
» 

This article is also available in:
Deutsch: Umsetzung des SWIFT-Abkommens auf dem Prüfstand

A review prepared by the EU delegation of the joint review team on the implementation of the SWIFT (TFTP) agreement concluded that "all of the relevant elements of the Agreement have been implemented in accordance with its provisions, including the data protection provisions". The report has been accepted by EU Justice and Home Affairs Council.

The agreement, which was signed on 28 June 2010, foresees the transfers to the USA of financial payment messages held by Society for Worldwide Interbank Financial Telecommunication (SWIFT), to be used in the Terrorist Finance Tracking Program (TFTP).

Europol is the body which has the specific task to check whether requests from the US Treasury Department for SWIFT data comply with the terms of the TFTP Agreement, while the Europol Joint Supervisory Body (JSB) is to review Europol's activities. An inspection mandated by the JSB to check Europol's implementation of the TFTP Agreement has revealed a lack of audit of the data transfers in a report published in March 2011.

The four requests made during the inspection were made in abstract terms, for broad types of data, which makes impossible compliance with Article 4(2) of the TFTP Agreement (which says that requests must be tailored as narrowly as possible). The JSB recommended that the requests had to contain more detailed information, specific to each request, and that the US authorities might need to provide certain additional information.

Moreover, it has come out that there is a lot of information provided orally by the US Treasury Department to Europol staff with no written requests to allow the proper verification of compliance with the data protection standards.

MEPs have shown their concerns related to the findings of the German report and expressed their disagreement to Europol's activity. "As Members of Parliament we feel betrayed reading this report (...) We voted in favour (of this agreement last year) in the trust that both parties would apply the adopted agreement" which "concerns the transfer of sensitive data belonging to our citizens", said Alexander Alvaro (ALDE, DE), Parliament's rapporteur on the TFTP agreement.

Although the joint review prepared by the EU delegation had a different conclusion, it included recommendations contradicting its findings. Thus, the EU review team recommended "more publicly accessible information on the way the program functions, in as far as this is possible (...) in particular, the overall volume of data provided to the U.S. authorities and the number of financial payment messages accessed." It also suggested "further enhancing the Europol verification procedure referred to in Article 4," and "more verifiable statistical information on the added value of TFTP derived information to efforts to combat terrorism and its financing in order to further substantiate the added value of the program." It also recommended "improving some aspects of the provision of information to the general public on the rights accorded to them under the Agreement."

As MEPs had asked the director of Europol to answer to their concerns, Europol issued an information note to the European Parliament on 8 April 2011. According to the information note, Europol had taken into consideration the JSB's recommendations and "comprehensively reviewed the process. A revised version was adopted and introduced in March 2011."

"The procedural steps involved in the process include specific actions to assess the validity of the US request in terms of its compliance with the criteria established in Article 4, including a record of the verification officer's operational judgement and a record of the advice given by the Legal Affairs Unit and Data Protection Office (DPO). The DPO has seen every request since the Agreement entered into force, but following observations made by the JSB, Europol decided to make certain practical enhancements to the process to ensure a more efficient involvement of the DPO.

As part of the process, a standard template is used as a formal record of the advice from each party and of the authorising officer's final decision," says the information note.

Europol fails to audit the transfer of SWIFT financial data to the USA (9.03.2011)
https://p10.secure.hostingprod.com/@spyblog.org.uk/ssl/spyblog/2011/03...

Report on the inspection of Europol's implementation of the TFTP agreement, conducted in November 2010 by the Europol Joint Supervisory Body (1.03.2011)
http://www.bfdi.bund.de/SharedDocs/Publikationen/Allgemein/ReportGKIzu...

EU Council: Report on the joint review of the implementation of the Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging data from the European Union to the United States for the purposes of the Terrorist Finance Tracking Program (17-18.02.2011)
http://register.consilium.europa.eu/pdf/en/11/st08/st08142.en11.pdf

Europol Activities in Relation to the TFTP Agreement Information Note to the European Parliament (8.04.2011)
http://www.statewatch.org/news/2011/apr/eu-europol-report-on-implement...

Committee on Civil Liberties, Justice and Home Affairs Press release- SWIFT implementation report: MEPs raise serious data protection concerns (14.03.2011)
http://www.statewatch.org/news/2011/mar/ep-libe-swift-prel-mar-11.pdf

‹ European Commission's Net Neutrality reportupFrench Parliament issues a positive report on Net Neutrality ›
Printer-friendly version
 
Site by Floatleft.

Syndicate:

Syndicate contentCreative Commons License

With financial support from the EU's Fundamental Rights and Citizenship Programme.
eu logo