Out-Law News 2 min. read
12 Feb 2010, 2:00 pm
Since terrorist attacks in the US in 2001, US authorities have had access to financial information passing through the Society for Worldwide Interbank Financial Telecommunication (SWIFT), which processes transactions on behalf of thousands of banks.
The activity only emerged in 2006, though, when the New York Times reported that SWIFT had been complying with US orders to share data with it. SWIFT said that it had to share the data because all of its information was mirrored in a server hosted in the US.
National and international data protection and privacy watchdogs condemned the move but SWIFT maintained that it had not broken the law. When the body agreed last year to reorganise its data structure so that European information was only hosted in Europe that meant that a new agreement had to be reached between the EU and US, a European Parliament statement said.
"This new architecture required the negotiation of a fresh agreement between the Commission and Council on the one hand and the United States on the other," said the statement. That deal needed the approval of Parliament to become legally binding.
The Parliament voted yesterday by an overwhelming majority to reject the deal, with 378 MEPs voting against the deal and only 196 voting in favour.
During its debate, MEPs expressed anger that the Parliament was only presented with the deal after the fact and was not consulted during the making of it.
"Parliament's right to consent should not be used as a retrospective tool", said UK MEP Timothy Kirkhope. "We are finally getting assurances from Council and Commission [on data protection issues] but we now need some time before proceeding further in our considerations."
The MEPs urged the EU and US to come to a deal that offered better privacy protection and constituted a better deal for the EU.
"The resolution rejecting the agreement was approved by 378 votes to 196, with 31 abstentions," said the Parliament statement. "It also asks the Commission and the Council to initiate work on a long-term agreement with the USA on this issue. MEPs reiterate that any new agreement must comply with Lisbon Treaty requirements, and in particular the Charter of Fundamental Rights."
"Council has not been tough enough on data protection" said Jeanine Hennis-Plasschaert, who was the Parliament's rapporteur on the issue. She said that "the rules on data transfer and storage provided for in the interim agreement were not proportionate to the security supposedly provided," according to the statement.
The European Commission, which brokered the rejected deal with the US, has told the Parliament that it will adopt a new set of draft guidelines in the coming weeks. Those guidelines "will address the European Parliament and Council's concerns [and ensure] the utmost respect for privacy and data protection," said the Parliament statement.
German MEP Martin Schulz said in the Parliamentary debate that the deal was "a mistake".
"EU governments … thought they could get away with such a poor agreement, which is not in line with fundamental rights", he said. "How will data be retained, how will it be stored, can I have access to it, when it is going to be deleted? … This is a bad agreement that we simply cannot sign up to."
