The European Parliament agreed a non-binding resolution on Wednesday that calls for the EU's Terrorist Finance Tracking Program (TFTP) agreement with the US to be suspended amidst concerns that a US intelligence agency is accessing the data outside of the agreed framework.
The TFTP allows, in accordance with certain protocols, US law enforcement bodies access to European data held by the Society for Worldwide Interbank Financial Telecommunications (SWIFT), which co-ordinates payments between financial institutions based across the world.
Press reports earlier this year suggested, though, that the US National Security Agency (NSA) has been "tapping into EU citizens' personal financial data handled by ... SWIFT", a statement by the Parliament said.
As a consequence of that activity, MEPs have now voted to back calls for the suspension of the TFTP deal and for there to be a "full on-site technical investigation" into the allegations that US authorities gained unauthorised access to the data held on SWIFT's servers.
"The US authorities' access to these financial data is strictly limited by the TFTP deal," the Parliament said. "If proven, such activities would constitute a clear breach of the EU-US agreement."
The European Parliament cannot itself suspend the TFTP agreement, but it called on the European Commission to do so and warned that it may not give its backing to "future international agreements" if the Commission fails to act.
Since terrorist attacks in the US in 2001 US authorities have had access to the records of inter-bank transfer body SWIFT. The activity only emerged in 2006, though, when the New York Times reported that SWIFT had been complying with US orders to share data with it. SWIFT said that it had to share the data because all of its information was mirrored in a server in the US.
Following concerns from national and international data protection and privacy watchdogs, SWIFT agreed to reorganise its data structure so that European information was only hosted in Europe. This restructuring meant SWIFT could no longer be required by US courts to disclose European data to US authorities and it led the US and EU to agree a deal - the TFTP - that allows the authorities access to that data in accordance with certain procedures.
"Any data-sharing agreement with the US must be based on a consistent legal data protection framework, offering legally-binding standards on purpose limitation, data minimisation, information, access, correction, erasure and redress," the Parliament said in its statement on Wednesday.