The European Parliament,

–  having regard to the European Convention on Human Rights, in particular Article 8 thereof,

–  having regard to the Charter of Fundamental Rights, in particular Articles 7 and 8 thereof,

–  having regard to Council of Europe Convention No 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data,

–  having regard to Article 6 TEU and Article 286 EC,

–  having regard to Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data,(1)

–  having regard to Regulation (EC) No 45/2001 of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data,(2)

–  having regard to the proposal for a regulation (COM(2005) 343)on the transfer of funds,

–  having regard to the complaints filed by Privacy International to data protection and privacy regulators in 33 countries alleging that the SWIFT transfers were undertaken without regard to legal process under data protection law, and that the disclosures were made without any legal basis or authority,

–  having regard to Rule 103(2) of its Rules of Procedure,

A.  whereas European and US media have recently revealed the existence of the Terrorist Finance Tracking Program, put in place by the US administration, which has allowed US authorities to access all the financial data stored by SWIFT (Society for Worldwide Interbank Financial Telecommunications), a Belgian-based industry-owned cooperative which consists of more than 8 000 commercial banks and institutions in 200 countries, including a number of central banks,

B.  whereas the information stored by SWIFT to which the US authorities have had access concerns hundred of thousands of EU citizens, as European banks use the SWIFT messaging system for the worldwide transfer of funds between banks, and whereas SWIFT generates millions of transfers and banking transactions on a daily basis,

C.  whereas any transfer of data generated within EU territory that is to be used outside EU territory should as a minimum be subject to an adequacy assessment pursuant to Directive 95/46/EC on data protection,

1.  Recalls its determination to fight terrorism and believes in the need to strike the right balance between security measures and the protection of civil liberties and fundamental rights; expresses its serious concern at the fact that a climate of deteriorating respect for privacy and data protection is being created;

2.  Stresses that the European Union is based on the rule of law and that all transfers of personal data to third countries are subject to data protection legislation at national and European level, which provides that any transfer must be authorised by a judicial authority and that any derogation from this principle must be proportional and founded on a law or an international agreement;

3.  Believes that only by applying Article 8 of the Convention on Human Rights, acting in the framework of Community law and having regard to Article 13 of Directive 95/46/EC, can the Member States – in the interests of state security, public order and safety – derogate from the principle of data finality banning onward forwarding of commercial data, which is the only legitimate basis for the storing of personal data by private parties, and thereby reduce the level of data protection only when this is necessary, proportional and compatible with a democratic society;

4.  Notes the proposal for a regulation on information on the payer accompanying transfers of funds (COM(2005) 343), which may contribute to establishing a legal framework for the transfer of this information; regrets that the European Parliament – contrary to the principle of loyal and constant cooperation between the Community institutions – has not been informed during negotiations and trialogues by the other institutions, in particular the European Central Bank, of the existence of the SWIFT transfers;

5.  Demands that the European Commission, the Council and the European Central Bank explain fully the extent to which they were aware of the secret agreement between SWIFT and the US government;

6.  Demands in this context that the role and functioning of the European Central Bank be clarified, and asks the European Data Protection Supervisor to verify as soon as possible whether, in accordance with Regulation (EC) No 45/2001 of 18 December 2000 on the protection of individuals with regard to the processing of personal data, the ECB was obliged to react to the possible violation of data protection which had come to its knowledge;

7.  Recalls that the ECB is to guarantee that central banks access SWIFT only within a legal framework;

8.  Demands that the Member States ensure and verify that there is no legal lacuna at national level and that the Community data protection legislation also covers central banks; asks the Member States to transmit the results of this verification to the European Commission, the Council and the European Parliament;

9.  Demands that the Council urgently examine and adopt the framework decision on data protection in judicial and police cooperation in order to ensure that European citizens enjoy a uniform and high level of data protection throughout the Union’s territory;

10.  Draws the Council’s attention in particular to Amendments 26 and 58 of Parliament’s report adopted on 14 June 2006 on the data protection framework decision,(3) which aim to regulate the treatment of data transferred to private parties in the public interest;

11.  Reiterates its great disappointment with the Council’s unwillingness to overcome the current legislative situation, where, under either the first or the third pillar, two different procedural frameworks for the protection of fundamental rights apply; reiterates, therefore, its demand for this dual framework to be abolished by activating the bridging clause provided for in Article 42 TEU;

12.  Requests that the Commission undertake an evaluation of all adopted EU anti-terrorist legislation from the point of view of efficiency, necessity, proportionality and respect for fundamental rights; strongly urges the Commission and Council to consider what measures should be taken to avoid future repetitions of such serious privacy breaches;

13.  Strongly disapproves of any secret operations on EU territory that affect the privacy of EU citizens; is deeply concerned that such operations should be taking place without the citizens of Europe and their parliamentary representation having been informed; urges the United States and its intelligence and security services to act in a spirit of good cooperation and notify their allies of any security operations they intend to carry out on EU territory;

14.  Instructs its President to forward this resolution to the Council, the Commission, the European Central Bank, the governments and parliaments of the Member States and candidate countries, and the United States Government and the two Chambers of Congress.

(1) OJ L 281, 23.11.1995, p. 31. (2) OJ L 8, 12.1.2001, p. 1. (3) Minutes of that date, P6_TA-PROV(2006)0258.