Answer given by Ms Malmström on behalf of the Commission
31.5.2011
The number of financial payment messages accessed was not provided to the Commission — the US authorities indicated that for technical reasons, they cannot provide this number. In the annex to the report of the review (SEC(2011)438 final), the US authorities have indicated the overall number of searches executed of the TFTP, which provides an indication of the overall number of financial payment messages accessed. The US authorities have also indicated that this overall number of searches includes searches of TFTP data not obtained on the basis of the EU‑US TFTP Agreement. In addition, the US authorities have indicated that searches that yield multiple results may allow analysts to determine from the search results whether individual messages should be viewed, and thereby accessed, or whether they need not be accessed, and that in addition, the overwhelming majority of messages that are accessed will never be disseminated or even printed; most will be viewed for a few seconds to determine value and thereafter closed, with no further action or dissemination.
Requests for data under Article 4 must indeed be tailored as narrowly as possible. As indicated in the review report (SEC(2011)438 final, p.11), ‘whilst the Agreement requires that every effort is made to ensure that the categories of data which are requested from the designated provider are as narrowly tailored as possible, in effect the TFTP — and by extension the TFTP Agreement — cannot work effectively without the provision of significant amounts of data, since it is impossible to predict in advance which part of that data will be relevant to a terrorism investigation.’ The report also states that ‘the Agreement (Article 5) provides that safeguards are put in place to ensure that the provided data is only accessed in cases where there is a clear nexus to terrorism, and where the search of the data is narrowly tailored.’ (SEC(2011)438 final, p. 13). Even though the same wording is used in Articles 4 and 5, there is a clear difference in practical effect because in Article 4, this terminology is applied to categories of data whereas in Article 5, this terminology is applied to searches made of the data. This different application of the terminology is fully in line with the Agreement. It means that in practice, requests for data should not seek to obtain categories of data from the designated provider which fall outside of the criteria stipulated in Article 4, and that searches of the provided data do not go beyond the criteria laid down in Article 5. No financial messaging data was provided which was not requested because the designated provider only provides the data categories which are included in the request.
Whilst it is indeed impossible to predict which part of the provided data will be relevant to a terrorism investigation, it is in fact possible to predict which categories of data are relevant to terrorism investigations, based on the experience the US authorities have built up over the past years. This is also the reason why it has proven to be possible to reduce the number of categories of data which are requested, even in the period of the review, as referred to in the review report (SEC(2011)438 final, p.12). Since no information can be provided on the categories of data requested in order not to negatively influence the effectiveness of the TFTP, it is also impossible to provide an indication by what percentage the request for data was reduced.
OJ C 314 E, 27/10/2011