Why bank data flow to US came to a SWIFT halt

The European Parliament has vetoed an agreement that gives the US authorities access to banking details of Europeans.

The European Parliament has vetoed an agreement that gives the US authorities access to banking details of Europeans. IT and EU law expert Lassi Jyrkkiö, who currently works in the European Parliament for Finnish Green MEP Heidi Hautala explains the context behind and impact of the decision.

You just might have missed it but 11 February was a game-changing date for citizens' data protection in Europe. Civil liberty activists opened champaigne bottles after the European Parliament (yes, that over-subsidised talking shop) sensationally voted 396 to 187 to veto the SWIFT bank data agreement between the EU and United States.

The European section of the US government's Terrorist Finance Tracking Program, which allowed US Treasury and CIA access to SWIFT's (Society for Worldwide Interbank Financial Telecommunication) transaction database, had been executed post-9/11 - not only in secret but also in breach of EU data protection laws. The scheme was finally exposed in 2006. Ever since, the USA has made agreements with the EU Council (Governments of EU member states), enabling American surveillance authorities to access the data.

The eventually snubbed agreement was secretly negotiated and signed by the Council at the end of last year. However, the dodgy-sounding Lisbon Treaty came into force on 1 December, enabling the Parliament to veto international agreements such as SWIFT. US government understood the risk of rejection. Officials such as Hillary Clinton appealed intensely to MEPs to give their consent. But the agreement's shortcomings were too plain to see.

The biggest fault was that US authorities would have been allowed access to European citizens' bank transfers data in bulk. As anyone with some internet savviness has learned, it's easy to assemble extremely specific information on almost anything by connecting facts from several sources.

Similarly, if you grant a foreign government with practically unrestricted access to citizens' private information such as bank, passenger and phone call data, you effectively create an enormous potential of wrongdoing-enabling combinations. Whilst access should sometimes be given to a specific detail, it is an altogether different matter to let US authorities "google" European SWIFT data.

There was also the lack of reciprocity; the data highway over the Atlantic was set to be used as a one-way street. Furthermore, the agreement allowed USA to pass information onwards to other countries and the redress mechanisms were inadequate. The data retention period would have been too long; in the words of one MEP "one day [the data] may be available not to an Obama administration, but to a Sarah Palin one."

While in some EU countries the whole chain of events was a non-issue, the agreement made front-page news in German-speaking Europe for months. Not only the blogosphere but the general public got worried. This shifted even many conservatives to oppose the agreement (not just the leftist, liberal and Green usual suspects). This scenario was encouraging for UK and the rest of Europe.

The SWIFT agreement would have been an interim one, running out at the end of October. Now the USA will seek information in accordance with the respective laws of each member state. Negotiations for a new long-term SWIFT deal will begin soon. Security and civil liberties will again have to be the reconciled in the agreement on aeroplane Passenger Name Records. After 11 February, you just might expect somewhat sensible future deals from certain useless talking shops.

Read more on IT legislation and regulation

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close