Personal privacy
November 13, 2009
According to a draft seen by Deutsche Welle, financial records stored by the SWIFT financial data system including "name, account number, address, national identification number, and other personal data", can be shared with American authorities if there is a suspicion that the person is in any way involved with terrorist activity. The system manages international and sometimes domestic bank transfers in more than 200 countries
The draft's contents were first reported late Wednesday by the Financial Times Deutschland and the Web site www.netzpolitik.org (see below for a link to the actual documents provided by netzpolitik). The draft agreement is intended to be an interim solution before a more substantive agreement is signed and would go into effect February 1, 2010 and expire January 31, 2011.
According to the Financial Times Deutschland, the Swedish presidency of the EU hopes to have the agreement signed before December 1, when the Lisbon Treaty comes into effect and stricter review by the European Parliament becomes necessary.
The proposed agreement has reportedly lead to disagreements among EU member states with Reuters reporting that the ambassadors to the EU from Germany, France, Austria and Finland objected to the draft. The agreement would require the unanimous consent of all 27 members.
SWIFT sparks a scandal
The issue of US access to European financial records has been controversial since 2006 when it was revealed that American intelligence agencies were secretly monitoring the SWIFT system. The organization held a so-called 'mirror' server in the US, logging all the activity on its European system, giving US authorities access to information, in a way that was deemed unlawful by the EU.
At the time, SWIFT said it was bound by US anti-terrorism laws to allow surveillance, though the organization now plans to move its servers to Europe to protect European users' privacy.
The European Union and the US began talks in July on a new agreement intended to satisfy American demands for access to the data while taking into account European concerns about privacy and losing control of the information. Under the terms of the proposed deal, Europeans would also have access to financial data in the United States.
The draft says requests for information "shall be tailored as narrowly as possible" to prevent too much consumer data from being evaluated by law enforcement and intelligence authorities.
However, several paragraphs later, the draft stipulates that, if the provider of data "cannot identify the data that would respond to the request for technical reasons, all potentially relevant data shall be transmitted in bulk" to the state that requests it. States requesting data will be able to hold it for up to five years before being required to delete the information.
Privacy advocates worried
Privacy advocates are concerned the draft agreement would make it far too easy for authorities from any state to gain access to the personal financial lives of Europeans without strong judicial safeguards.
A "scandal" is how Manfred Westphal, head of the financial services department for the Federation of German Consumer Organizations, described the draft, complaining that an "extremely opaque process" created the agreement.
"The core problem with the treaty is the whole procedure of where data is stored and who has access to it," Frank Rieger, a spokesman for the Chaos Computer Club, an organization which advocates online privacy, in Berlin, said. "It's not an anti-terrorism agreement, instead it's data imperialism."
Rieger said the United States had not demonstrated an ability to treat confidential personal information with care.
"Look at the no fly lists, and see how well data is managed there - not very well," Rieger told Deutsche Welle, referring to the lists US authorities maintain to try and identify terrorist suspects boarding commercial flights, but which have snared many people not under investigation.
European parliamentarians outraged
The decision to move forward with the agreement before the Lisbon Treaty comes into force has outraged some European parliamentarians.
"It's an affront that the agreement should be pushed into force quickly, just one day before the Lisbon Treaty comes into effect," Green Party European Parliament member Jan Philipp Albrecht told the Financial Times Deutschland. Consumer advocate Westphal said the Swedish presidency's plans for the interim agreement showed "clear disregard" for the European Parliament.
"The way in which the process has been done is not very democratic," said the Chaos Computer Club's Rieger, "De-fanging the European Parliament is part of the agenda."
The new SWIFT data agreement could also put Germany's new coalition government of Chancellor Angela Merkel's Christian Democrats and Foreign Minister Guido Westerwelle's Free Democratic Party under strain, said consumer advocate Westphal.
The coalition agreement says any SWIFT agreement should have a "high level of data protection" and should only be used for the purpose for which it was requested. The FDP has traditionally supported efforts to protect individuals' privacy.
Author: Brett Neely
Editor: Susan Houlton