The EU does not rule out suspending the Terrorist Finance Tracking Program (TFTP) agreement with the United States. This was the conclusion that could be drawn from a discussion last Tuesday in the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs, following allegations in the press that the U.S. National Security Agency had been tapping personal financial data obtained by the Society for Worldwide Interbank Financial Telecommunication (SWIFT), a Belgium-based company that is used by financial institutions worldwide to operate transfers between banks across national borders.
The snooping revelations were first made by TV Globo, a Brazilian media network, who said that Google, the Brazilian energy company Petrobras, the French ministry of foreign affairs and SWIFT were NSA targets. The Brazilian journalists based their reports on leaked secret documents from the intelligence-analyst-turned-whistleblower Edward Snowden, who made these and thousands of other documents public last June and who has now found asylum in Russia.
The revelations have prompted some members of the European Parliament (MEP) to call for an immediate suspension of the agreement with the U.S., pending clarifications of the snooping allegations. “If it is to be consistent, the EU must act on this and press the European Commission to terminate the agreement. Failure to do so would be an act of hypocrisy,” German MEP Jan Philip Albrecht said.
“We cannot continue loyal cooperation in data exchange with US authorities with this NSA dark cloud hanging over our heads,” Belgian MEP Guy Verhofstadt added.
No satisfactory answers from the U.S.
Home Affairs Commissioner Cecilia Malmström, who attended the discussion in the European Parliament, told MEPs she wrote to U.S. Treasury Under-Secretary David Cohen on Sept. 12 to ask for clarifications but has not yet received satisfactory replies concerning the allegations. “I am not satisfied with the answers I got so far. We need more information and clarity,” she explained, adding that the Commission had requested formal consultations with the U.S. under article 19 of the TFTP agreement. The consultations would start soon.
The Terrorist Finance Tracking Program agreement between the European Union and the United States was signed in June 2010 in the wake of the 9/11 terrorist attacks in the U.S. and subsequent attacks in Europe. It allows for the transfer of data on financial transactions held by SWIFT to United States authorities, for the official purpose of tracking alleged terrorists via their financial transfers.
It is not the first time that the Belgium-based company has been involved in a spying scandal. In 2006, the U.S. press revealed that American authorities were secretly accessing and pulling data from SWIFT. The company’s processing operations were later relocated from the U.S. to Switzerland where more stringent data protection rules reportedly would prevent the Americans from illegally accessing the financial transaction trails of European citizens.
But last year, after a report by Europol, the European Police Agency in charge of supervising the agreement, admitted that they did not “know the amount of data actually transferred to the Americans,” suspicions were raised again that the U.S. still had access to the entire database of SWIFT and consequently, that there were no limits to the information retrieved by the Americans.
In 2010, the European Parliament only reluctantly gave its consent to the TFTP agreement because of huge concerns about privacy. Some MEPs even called for turning the deal down amid concerns that European citizens’ data would not be given sufficient protection. But in the end, the consideration according to which “an imperfect deal is better than no deal” prevailed.
Back then, in an attempt to alleviate MEPs’ fears, the European Commission had stressed that the agreement included strict privacy rules and data protection guarantees restricting U.S. use of the information, adding that the “EU would also have the right to terminate the agreement in the event of breach of any of the data protection safeguards.”
Yet, everything seems to indicate that U.S. authorities have always had – and still have – unlimited access to the personal data obtained by SWIFT and that the European Union’s member states have, at best, chosen to ignore this. They pretend to be indignant each time media reports reappear on the transfer of European data to the American government and promise to adopt more stringent measures but in reality it increasingly looks like the massive transfer of information never stopped — and will go on.
In July, both Germany and France had called to postpone the trade negotiations for a Transatlantic Trade and Investment Partnership (TTIP) with the United States following the initial NSA snooping scandal reported by The Guardian, but they backed off after the U.S. offered to set up more working groups on data protection. The two trade partners held their first round of negotiations on July 12.
EP inquiry into the surveillance programs
In the meantime, however, the U.S. and the EU have decided to cut data protection from the ambit of the TTIP negotiations. “Data protection is a fundamental right. It is different in nature to the tariff of a good or to the schedule of a service. That is why a discussion on standards of data protection should be kept separate from the give and take of a trade negotiation,” Justice Commissioner Viviane Reding said earlier this month.
For its part, and following the recent NSA scandal and persistent reports in the press over alleged spying by the American and European governments, the European Parliament decided last July to launch an inquiry on the impact of the U.S. NSA and other surveillance programs on EU citizens’ privacy and the lack of democratic oversight of these programs.
The inquiry – led by the Committee on Civil Liberties, Justice and Home Affairs – includes a series of hearings with the authorities, legal and information-technology experts, NGOs, data protection authorities, national parliaments and private firms involved in data transfers. MEPs could also hold meetings with U.S. authorities and U.S. Congress during a delegation visit to Washington already planned for the end of October.
It will then assess the impact of these activities on the EU’s fundamental rights, in particular those linked to data protection and respect for private life, freedom of expression, the presumption of innocence and an effective remedy. “The aim of the investigation is to determine the impact of these surveillance activities on EU citizens,” inquiry leader Claude Moraes, a British MEP, declared.
MEPs will also look into the best tools for redress should violations of these rights be confirmed, make recommendations to prevent further violations and advice on how to strengthen IT security in EU institutions, bodies and agencies. MEPs’ conclusions and recommendations will then be set out in a report to be presented to the plenary of the European Parliament by the end of the year.
A first hearing took place on Sept. 5 on the impact of surveillance programs on the EU’s privacy and more particularly on media freedom, following the use of U.K. anti-terror law to detain David Miranda and the U.K. government’s direct threat that it would use the law to demand the destruction of the NSA material held by the Guardian. During the debate, MEPs emphasized the importance of investigative journalism and the need to protect whistleblowers.
As for the TFTP, if, after analyzing all the information, the European Commission deemed it necessary to propose a suspension of the agreement, this would have to be decided by qualified majority in the European Council — i.e. member states’ governments. In other words, a suspension looks highly unlikely: where the U.S. is concerned, European governments bark but do not bite.