European Union countries have agreed on a deal that would allow the United States continued access to European citizens' financial transaction data for anti-terror investigations.
Without the deal, the US would have needed individual countries' permission to access financial transaction data
Germany, Austria, Greece and Hungary abstained from the vote on Monday, allowing the controversial measure to pass. It allows American justice authorities to access data from SWIFT - the Society for Worldwide Interbank Financial Telecommunications, a cooperative of banks and other financial institutions that facilitates trillions of dollars in daily international transactions. Its members include almost 8,000 financial institutions in more than 200 countries.
SWIFT is based in Brussels and has a server in the US, but a plan to move data servers to the Netherlands and Switzerland at the end of the year would have cut off US officials' ability to access such information. The existence of the US server allowed American authorities to use American anti-terror laws to access European transaction data. EU law would have barred such access had the servers been on European soil.
Germany and Austria had worried about the possibility that personal information could be passed on from the US to third parties.
The agreement states that the US will not be allowed to share European data with third countries, and transactions between EU countries will not be monitored. The initial agreement will last for nine months, taking effect February 1, with plans to draw up a longer-term agreement when it expires.
SWIFT, based in Brussels, acknowledged providing the US with some personal data after the September 11 attacks
Better something than nothing at all
German Interior Minister Thomas de Maiziere said that abstaining instead of outright opposing the accord ensured some degree of data protection.
The new agreement limits US authorities' information requests to people with links to terrorist activity. US authorities also must justify their requests with the US Treasury, and must structure them to be as specific as possible. However, if a pinpointed request is not possible, SWIFT would provide "all relevant" data - which could include names, addresses and personal identification numbers.
"A not-completely-satisfying agreement in this field of data exchange combatting terrorism is - in the interest of European and also German data protection - better than no agreement," said de Maiziere.
But the deal was not without its detractors. And it will eventually face another vote, from the European Parliament, after it comes into force.
"SWIFT is about sensitive data, personal finances," said Manfred Weber, a conservative member of the EU parliament. "It affects nearly all citizens directly. And we as the European Parliament want to ensure European data protection standards for all European data."
The timing of the deal had irritated the EU parliament because it was signed one day before the Lisbon Reform Treaty, which would have given them equal decision-making powers, comes into effect.
"The fact that this has been agreed today … is not nice, but at the same time, we think that an ongoing access to information is required in the interest of fighting terrorism," said de Maiziere.
Privacy advocates worry that American data protection standards are too low
But the abstention by de Maiziere, a Christian Democrat, was criticized by the liberal Free Democrats, coalition partners who have pushed for higher data protection standards.
"This decision makes millions of citizens in Europe less secure," said German Justice Minister Sabine Leutheusser-Schnarrenberger (FDP).
Germany's commissioner for Data Protection, Peter Schaar, also voiced his displeasure, saying that the new agreement would enable the collection of transaction data with only "marginal, indirect or presumed links to terrorism."
Tracking terrorists through banking
SWIFT admitted in 2006 that it had been providing personal data to American authorities after the September 11, 2001 attacks, as US federal law required them to do. But once SWIFT moves its servers out of the US, it will no longer be subject to those laws, and the US would have to rely on each country to submit data voluntarily.
"This has helped prevent plots in Europe. … The Americans are very eager to avoid any disruptions," said Gilles de Kerchove, EU Counterterrorism Coordinator. "It's a program they have the most interest in."
Financial transaction data was used to break up a terrorist network in Britain and in the arrest of four members of the "Sauerland Group," who are charged with plotting to blow up an American military base in Germany.
"During the past eight years, the terrorist finance tracking program (TFTP) has provided invaluable leads in many major terrorism investigations, contributing greatly to our ability to thwart deadly terrorist attacks around the world," a US Treasury statement issued on Monday said.
"With scrupulously designed and multilayered controls and safeguards that are subject to numerous, complementary forms of independent oversight, the TFTP also embodies the highest standards of data privacy protection," the statement added.
Editor: Michael Lawton