MOTION FOR A RESOLUTION on the suspension of the SWIFT agreement as a result of US National Security Agency surveillance
16.10.2013 - (2013/2831(RSP))
pursuant to Rule 110(2) of the Rules of Procedure
Alexander Alvaro, Sophia in ‘t Veld, Renate Weber, Gianni Vattimo, Marielle de Sarnez on behalf of the ALDE Group
See also joint motion for a resolution RC-B7-0468/2013
B7‑0472/2013
European Parliament resolution on the suspension of the SWIFT agreement as a result of US National Security Agency surveillance
The European Parliament,
– having regard to Article 16 of the Treaty on the Functioning of the European Union (TFEU),
– having regard to Article 87 TFEU,
– having regard to Article 225 TFEU,
– having regard to Article 226 TFEU,
– having regard to Article 218 TFEU,
– having regard to Article 234 TFEU,
– having regard to Article 314 TFEU,
– having regard to the Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for the purposes of the Terrorist Finance Tracking Program[1],
– having regard to its resolution of 4 July 2013 on the US National Security Agency surveillance programme, surveillance bodies in various Member States and their impact on EU citizens’ privacy[2],
– having regard to Council Decision 2010/412/EU of 13 July 2010 on the conclusion of the Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for the purposes of the Terrorist Finance Tracking Program[3], and to the accompanying declarations by the Commission and the Council,
– having regard to its resolution of 17 September 2009 on the envisaged international agreement to make available to the United States Treasury Department financial payment messaging data to prevent and combat terrorism and terrorist financing[4],
– having regard to its legislative resolution of 11 February 2010 on the proposal for a Council decision on the conclusion of the Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for purposes of the Terrorist Finance Tracking Program[5],
– having regard to its resolution of 5 May 2010 on the Recommendation from the Commission to the Council to authorise the opening of negotiations for an agreement between the European Union and the United States of America to make available to the United States Treasury Department financial messaging data to prevent and combat terrorism and terrorist financing[6],
– having regard to its legislative resolution of 8 July 2010 on the draft Council decision on the conclusion of the Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for the purposes of the Terrorist Finance Tracking Program[7], and to the recommendation of its Committee on Civil Liberties, Justice and Home Affairs,
– having regard to the reports of 30 March 2011 (SEC(2011)0438) and of 14 December 2012 (SWD(2012)0454) on the joint review of the implementation of the Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for the purposes of the Terrorist Finance Tracking Program,
– having regard to the report of 1 March 2011 on the inspection of Europol’s implementation of the TFTP Agreement, conducted in November 2010 by the Europol Joint Supervisory Body,
– having regard to the Europol Joint Supervisory Body’s public statement of 14 March 2012 on the implementation of the TFTP Agreement,
– having regard to the assessment of 18 March 2013 by the Europol Joint Supervisory Body of the outcome of its third inspection of Europol’s implementation of its tasks under the TFTP Agreement,
– having regard to the letter of 18 April 2011 from Paul Breitbarth, of the Dutch Data Protection Authority, to the head of delegation of the EU Joint Review Team TFTP,
– having regard to the letter of 7 June 2011 from Jacob Kohnstamm, on behalf of the Article 29 Data Protection Working Party, to Ms Melissa A. Hartman, Deputy Assistant Secretary, US Department of the Treasury,
– having regard to the letter of 21 December 2012 from Jacob Kohnstamm, on behalf of the Article 29 Data Protection Working Party, to Juan Fernando López Aguilar, Chair of the Committee on Civil Liberties, Justice and Home Affairs,
– having regard to the letter of 12 September 2013 from Commissioner Malmström to David Cohen, Under-Secretary of the US Department of the Treasury for Terrorism and Financial Intelligence, and to Under-Secretary Cohen’s answer of 18 September 2013,
– having regard to the Commission communication of 13 July 2011 entitled ‘A European terrorist finance tracking system: available options’ (COM(2011)0429),
– having regard to Written Questions E-11200/2010, E-2166/2011, E-2762/2011, E‑2783/2011, E-3148/2011, E-3778/2011, E-3779/2011, E-4483/2011, E-6633/2011, E‑8044/2011, E-8752/2011, E-617/2012, E-2349/2012, E-3325/2012, E-7570/2012 and E‑000351/2013,
– having regard to Rule 110(2) of its Rules of Procedure,
A. whereas the Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for the purposes of the Terrorist Finance Tracking Program (hereinafter ‘the Agreement’) entered into force on 1 August 2010;
B. whereas press reports indicate that the US National Security Agency (NSA) has had direct access to the IT systems of a number of private companies and gained direct access to financial payment messages referring to financial transfers and related data by a provider of international financial payment messaging services currently covered by the Agreement;
C. whereas, in its resolution of 4 July 2013 on the US National Security Agency surveillance programme, surveillance bodies in various Member States and their impact on EU citizens’ privacy, Parliament instructed its Committee on Civil Liberties, Justice and Home Affairs to conduct an in-depth inquiry into the matter in collaboration with national parliaments and the EU-US expert group set up by the Commission and to report back by the end of the year;
D. whereas, having rejected the temporary TFTP Agreement, a majority of the European Parliament gave its consent to the current TFTP Agreement only on account of the strengthened protection it afforded with a view to safeguarding EU citizens’ personal data and privacy rights;
E. whereas the US Treasury has classified a large quantity of relevant information regarding this Agreement as ‘EU Secret’;
F. whereas, according to the Article 29 Data Protection Working Party, the current procedure for exercising the right of access may not be adequate and in practice it may not be possible to exercise the right to rectification, erasure and blocking;
G. whereas the Commission has stated that while the Agreement sets out strict safeguards regarding the transfer of data, the Commission acknowledges the longer-term ambition for the EU to establish a system allowing the extraction of data to take place on EU soil;
H. whereas the Commission was invited to submit to Parliament and the Council, no later than 1 August 2011, a legal and technical framework for the extraction of data on EU territory and, no later than 1 August 2013, a progress report on the development of an equivalent EU system under Article 11 of the Agreement;
I. whereas instead of submitting the legal and technical framework for the extraction of data on EU territory, on 13 July 2011 the Commission presented a description of the different steps it has taken to move towards establishing such a legal and technical framework, communicating preliminary results and some theoretical options for a European terrorist finance tracking system without going into detail;
J. whereas a progress report on the development of an equivalent EU system under Article 11 of the Agreement was never presented;
K. whereas talks between Commission services and the US administration cannot be considered to count as an investigation, and nor does mere reliance on statements by the US;
1. Takes the view that, given that the EU’s core aim is to promote freedom of the individual, security measures, including counterterrorism measures, in support of that freedom must be pursued through the rule of law and must be subject to fundamental rights obligations, including those relating to privacy and data protection;
2. Reiterates that any transfer of personal data, including of bulk data, must comply with EU and Member State law and with fundamental rights obligations, including those relating to privacy and data protection;
3. Is seriously concerned about recently revealed documents on the NSA’s activities as regards direct access to financial payment messages and related data, which would constitute a clear breach of the Agreement, in particular Article 1 thereof;
4. Calls for a full on-site technical investigation of allegations that the US authorities have unauthorised access or that they have created possible back doors in the SWIFT servers, such an investigation to be carried out by independent IT and cyber security experts, for example the Europol Cybercrime Centre;
5. Deplores the fact that the Dutch authorities, as the responsible government of the country hosting the SWIFT servers, have refused to carry out an on-site technical investigation;
6. Deplores, also, the fact that not a single Member State has asked the Europol Cybercrime Centre to conduct such an investigation; is concerned that in the absence of an investigation by technical experts, the facts cannot be verified;
7. Expects all parties to the Agreement to ensure:
– that the Agreement, in particular the safeguards specified in Article 5 thereof, covers, without any exceptions, all financial payment messages and related data stored in the territory of the EU, as specified in Article 1 thereof,
– that Requests under Article 4 are not abstract, but are tailored as narrowly as possible,
– that the term ‘tailored as narrowly as possible’ under Article 4 should be interpreted in the same way as it currently is under Article 5,
– that the number of financial payment messages accessed is communicated to the public,
– that the rights of access, rectification, erasure and blocking can be fully exercised in practice,
– that the permanent overseer appointed by the Commission has full authority to review in real time and retrospectively all searches made of the Provided Data, the authority to block any or all searches that appear to be in breach of Article 5, the authority to query such searches and, as appropriate, the authority to request additional justification of the terrorism nexus;
8. Reiterates the need to base data sharing agreements with the US on a coherent legal data protection framework offering legally binding personal data protection standards, including with regard to purpose limitation, data minimisation, information, access, correction, erasure and redress;
9. Is concerned that the Agreement has not been implemented in accordance with its provisions, in particular those laid down in Articles 1, 4, 12, 13, 15 and 16 thereof; requests the Commission, therefore, to present a legal proposal for the suspension of the Agreement;
10. Does not consider the Commission’s communication on a European terrorist finance tracking system to be an adequate basis for further detailed discussions; strongly urges the Commission, therefore, to present a legal proposal for a legal and technical framework for the extraction of data on EU territory without any further delay;
11. Strongly urges the three institutions to deliberate carefully on the human rights implications of any future data exchange alternatives which fully respect data protection principles, especially the necessity and proportionality test;
12. Points out that the test of the necessity and proportionality of any measure that limits fundamental rights and freedoms needs to take into account the entire body of existing security measures targeting terrorism and serious crime; takes the view, therefore, that every additional legal measure proposed as part of the fight against terrorism and serious crime needs to meet an ever higher and more stringent necessity and proportionality test; opposes, therefore, the trend towards blanket justification of every security measure by a general reference to the fight against terrorism or serious crime;
13. Expects any legal proposal for a legal and technical framework for the extraction of data on EU territory to ensure:
– full compliance with European data protection legislation,
– that no Single Euro Payments Area (SEPA) or national financial data, regardless of the system in which they are processed, are extracted,
– that no data are extracted or retained without prior authorisation;
14. Requests, in the light of the above, that the Commission temporarily suspend the Agreement until the following conditions for opening negotiations on its resumption have been met:
– full and comprehensive clarification of the facts as to whether any US Government agency or equivalent has gained unauthorised access to the financial data governed by this Agreement, outside or in breach of this Agreement,
– achieving full mitigation of the situation where necessary,
– conducting a full analysis of the implementation of Articles 1, 4, 12, 13, 15 and 16 of the Agreement and identifying a solution for proper implementation,
– a legal proposal by the Commission for a legal and technical framework for the extraction of data on EU territory;
15. Requests, in the light of the above, the Council and the Member States to authorise an investigation by the Europol Cybercrime Centre into allegations of unauthorised access to financial payment data governed by this Agreement;
16. Considers that, although Parliament has no formal powers under Article 218 TFEU to initiate the suspension or termination of an international agreement, the Commission will have to act if Parliament withdraws its support for a particular agreement; points out that, when considering whether or not to give its consent to future international agreements, Parliament will take account of the responses of the Commission and the Council in relation to this Agreement;
17. Requests that all relevant information and documents be made available immediately for Parliament’s deliberations;
18. Instructs its President to forward this resolution to the Council, the Commission and Europol.