SWIFT implementation report: MEPs raise serious data protection concerns
US requests for EU citizens' banking data under an EU-US counter-terrorism data-sharing deal are too general and abstract to allow Europol to check whether they meet EU data protection standards, and Europol seems to be merely rubber-stamping them, said worried Civil Liberties Committee MEPs debating a watchdog report on the deal's first six months on Wednesday. This should be borne in mind when Parliament is asked to approve other data transfer agreements, they added.
The four SWIFT data transfer requests made by the US authorities to the Europol agency in the first six months of the Terrorist Finance Tracking Programme (TFTP) Agreement were so abstract that it was impossible for the agency to verify that they complied with it, Civil Liberties Committee MEPs heard on Wednesday.
"Those four requests are almost identical in nature and request - in abstract terms - broad types of data, also involving EU Member States' data", says the report presented to MEPs on Wednesday by Ms Isabel Cruz, chair of the Europol Joint Supervisory Body (JSB - the agency's data protection watchdog).
Ms Cruz also said that information provided orally to certain Europol staff by the US authorities had persuaded Europol to transfer data, but that the content of that oral information was not known, again making it impossible to verify compliance with the TFTP agreement.
The JSB had made some recommendations for improvement, stressing that compliance with them is vital if Europol is to properly fulfil its role: for instance, requests must contain more detailed information, specific to each request, and the US authorities may need to provide certain additional information.
MEPs and EU citizens betrayed
"As Members of Parliament we feel betrayed reading this report", said Alexander Alvaro (ALDE, DE), Parliament’s rapporteur on the TFTP agreement. "We voted in favour [of this agreement last year] in the trust that both parties would apply the adopted agreement", which "concerns the transfer of sensitive data belonging to our citizens", he stressed, adding that "the credibility of Parliament and of this committee are being jeopardised. This is about trust and confidence of the public in what the EU did and is capable of doing here".
"We have given our trust to the other EU institutions, but our trust has been betrayed", said Sophia in't Veld (ALDE, NL), rapporteur on the EU-US Passenger Name Record (PNR) agreements. "This should be kept in mind when they want our approval for other agreements", she declared.
"Somehow I am not surprised", said Simon Busuttil (EPP, MT), recalling that "at the time of the negotiations last year we were not satisfied with having Europol controlling it - we wanted additional safeguards". He added that "the agreement is not satisfactory", since it involves the transfer of bulk data, and insisted that "we need an EU TFTP".
For Claude Moraes (S&D, UK), the US demands are "too general and too abstract". He also recalled that MEPs had insisted at the time that it must be specified how the US request would be made and that they needed to be "narrowly tailored". A written explanation should accompany each request, he added.
This agreement is not in line with Member States' constitutional principles and with fundamental rights, argued Jan Philipp Albrecht (Greens/EFA, DE). He highlighted the problem of bulk data transfer, "which is exactly what we have criticised before".
Europol's role: a fox in charge of the chicken coop?
Entrusting this task to Europol "is like putting the fox in charge of the chicken coop" said Sarah Ludford (ALDE, UK). Several MEPs questioned Europol's credibility, given that it transfers data in response to oral requests by the US authorities. MEPs asked that the Director of Europol to come to the committee to explain his views on this.
"Europol should not have been the body to oversee this - we all underlined at the time that Europol should not have been entrusted with this role", said Stavros Lambrinidis (S&D, EL), adding that the fact that the agency only has 48 hours to answer requests would only make sense it they are "super duper", which does not always seem to be the case.
Data requests that are so abstract as to make it impossible to verify that they comply with the requirements "should have been refused" by Europol, said Andrew Brons (NI, UK).
Ms Cruz replied that "we always said it had to be a legal, judicial, body to verify the legality of these requests. Europol has a role which is extremely confusing".
A bad precedent
Rui Tavares (GUE/NGL, PT), considered this a bad precedent for further agreements in this area. He stressed that Parliament must have access to the full report, including the classified sections. "We might have to engage in another battle for access to documents, but we are used to that", he added.
Timothy Kirkhope (ECR, UK), said "we are hitting the wrong target here. This agreement is essential for the fight against terrorism. What has been said [in the JSB report] is far too vague", he said.
The committee's reaction was one of "dissatisfaction, unrest and discomfort", said committee chair Juan Fernando López Aguilar (S&D, ES), adding that "the EP has to exert control on the implementation of this agreement".
The European Commission is due to publish its evaluation of the TFTP on 17 March 2011. Home Affairs Commissioner Cecilia Malmström is also expected to brief Civil Liberties Committee MEPs on this on 17 March.
In the chair: Juan Fernando López Aguilar (S&D, ES)