The US has had access to Europeans' bank transfers using the SWIFT (Society for Worldwide Interbank Financial Telecommunication) network since the terrorist attacks in the US of September 2001. The activity only came to light in 2006 and European legislators have sought to control the access to the banking records since then.
The Parliament rejected a deal negotiated between the European Commission and US authorities earlier this year. A new deal designed to meet the Parliament's demands for better data protection was passed by the Parliament last week.
The new deal ensures that a 'mirror' site of all SWIFT's processing of transactions will no longer exist in the US, where authorities there could have access to data. Data will only be processed in the EU which will give EU authorities more control over the information.
"Council and Commission have made the legally binding commitment to set up the legal and technical framework allowing for the extraction of data on EU soil," said a report on the deal produced for the Parliament by German MEP Alexander Alvaro. "This commitment will in the mid-term ensure the termination of bulk data transfers to the US authorities."
"The establishment of a European extraction system represents a very important improvement, as the continued transfer of data in bulk is a departure from the principles underpinning EU legislation and practice," he wrote.
The information is used by US authorities in its attempts to identify the source and use of funds by terrorist groups. Data protection officials and the EU Parliament had expressed concern at the broad access to private financial information that previous agreements gave to US officials.
"Council has not been tough enough on data protection" said MEP Jeanine Hennis-Plasschaert, the Parliament's then-rapporteur on the issue, when that deal was rejected. She said that "the rules on data transfer and storage provided for in the interim agreement were not proportionate to the security supposedly provided," according to a Parliament statement.
Parliament has now been satisfied that more protections are in place, including the right of an appointed EU official to monitor use of data in the US.
"Access to and extraction of data on US soil by US agencies will be monitored and when required blocked by a European official," said Alvaro's report recommending acceptance of the deal. "This procedure will prevent the possibility of data mining and economic espionage."
"The procedure regarding judicial redress for European citizens is regulated in greater detail … the right to rectification, erasure, or blocking is more comprehensive … [and] the procedure regarding onward data transfers to third countries is regulated more precisely."
"Europol shall verify whether the US request for financial data meets the requirements of the Agreement as well as whether it is tailored as narrowly as possible, before the Data Provider is authorized to transfer the data," Alvaro wrote. "If financial data which was not requested is transmitted (e.g. for technical reasons), the U.S. Treasury Department is obliged to delete such data."
"In February Parliament sent a very clear message. We made it known that the Lisbon Treaty has given us more opportunities and more responsibility", said Alvaro the Parliamentary debate on the issue, according to a Parliament statement. "During the negotiations, Parliament was able to make sure that improvements were incorporated into the agreement".