SWIFT - making available financial payment messaging data to prevent and combat terrorism and terrorist financing

Motion for a resolution on the envisaged international agreement to make available to the United States Treasury Department financial payment messaging data to prevent and combat terrorism and terrorist financing

Tabled by Raul Romeva and Jan Albrecht
On behalf of the Greens/EFA Group

The European Parliament,

- having regard to Article 6(2) TEU and Article 286 TEC,

- having regard to Articles 95 and 300 TEC,

– having regard to the European Convention on Human Rights, in particular Articles 5, 6, 7 and 8 thereof,

– having regard to the Charter of Fundamental Rights, in particular Articles 7, 8, 47, 48 and 49 thereof,

- having regard to Council of Europe Convention No 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data,

- having regard to Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data[1],

– having regard to Regulation (EC) No 45/2001 of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data,[2]

- having regard to Directive 2005/60/EC on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing[3] and Regulation (EC) 1781/2006 on information on the payer accompanying transfers of funds,[4]

- having regard to the Agreement on mutual legal assistance between the European Union and the United States of America of 2003, and especially its Article 4 (Identification of bank information)^[5],

– having regard to the US Terrorist Finance Tracking Program (TFTP) founded on the US Presidential executive Order 13224[6], which authorise in case of national emergency notably the US Treasury Department to obtain by means of "administrative subpoenas ", sets of financial messaging data transiting over financial messages networks such as the ones managed by the Society for Worldwide Interbank Financial Telecommunications (SWIFT);

– having regard to its previous EP resolutions inviting SWIFT to comply strictly with the EU legal framework notably when European financial transactions take place on the EU territory;[7]

– having regard to the negotiating directives for the Presidency of the Council and the envisaged international agreement between the EU and the US on the transfer of SWIFT data, which have been classified "EU Restricted",

– having regard to the opinion of the European Data Protection Supervisor of 3 July 2009, which has been classified "EU Restricted",

– having regard to Rule 90(5) of its Rules of Procedure,

A. whereas the Council adopted unanimously on 27 July 2009, the negotiating directives for the Presidency, assisted by the Commission, to negotiate an international agreement on the basis on Article 24 and 38 TEU with the US to continue the transfer of SWIFT data to the US TFTP;

B. whereas the negotiating directives as well as the legal opinion on the choice of legal basis from the Council Legal Service have not been made public, as they are classified "EU Restricted";

C. whereas the international Agreement will provide for provisional and immediate application from the time of signature until entry into force of the Agreement;

1. Urges the European Commission and the Presidency to ensure that the European Parliament and all national parliaments be given full and public access  to the negotiation documents and directives as a precondition for any further negotiation and agreement;

2. Requests the Commission and Presidency to suspend the negotiations until when they can ensure the involvement of the Parliament into the negotiations as well as the following very minimum standards:

a) data are only transferred and processed to fight terrorism, as defined in the Council Framework Decision 2002/475/JHA, Article 1 and related to individual or terrorist organisations recognised as such also by the EU;

b) the processing of such data as regards their transfer (only by means of a "push" system), storage and use must not be disproportionate with regard to the objective for which these data have been transferred and subsequently processed

c) the transfer requests should be based on specific, targeted cases, limited in time and subject to judicial authorisation and that any subsequent processing must be limited to data which discloses a link with persons or organisations under examination in the US. The data which do not disclose such links should be erased.

d) EU citizens and enterprises should be granted the same level of defence rights and procedural guarantees and the right of access to justice as exist in the EU and that the legality and proportionality of the transfer requests should be open for judicial review in the US.

e) transferred data should be subject to the same judicial redress mechanisms as would apply to data held within the EU, including compensation in case of unlawful processing of personal data,

f) that the agreement should prohibit any use of SWIFT data by US authorities for other purposes than those linked to terrorism financing. The transfer of such data to third parties other than the public authorities in charge of the fight against terrorism financing should also be prohibited,

g) a reciprocity mechanism is strictly adhered obliging the competent US authorities to transfer relevant financial messaging data to the competent EU authorities, upon request;

h) the Agreement expressly is set up for an intermediate period through a Sunset clause not exceeding 12 months, and without prejudice to the procedure to be followed under the Lisbon Treaty for a new possible agreement in this field,

i) the interim agreement should clearly foresee that US authorities should be immediately notified after the entry into force of the Lisbon Treaty and that a new agreement will be negotiated under the new EU legal framework that fully involves the European Parliament and national parliaments

3. Recalls its determination to fight terrorism and its firm belief in the need to strike the right balance between security measures and the protection of civil liberties and fundamental rights, while ensuring the utmost respect for privacy and data protection; reaffirms that proportionality and necessity are key principles without which the fight against terrorism will never be effective;

4. Stresses that the European Union is based on the rule of law and that all transfers of European personal data to third countries for security purposes should respect procedural guarantees and defence rights and comply with data protection legislation at national and European level[8] ;

5. Reminds the Council and Commission that in the transatlantic framework of the EU-US agreement on legal assistance, which will enter into force on 1 January 2010, Article 4 provides for access to targeted financial data upon request through national state authorities; deems that it could therefore constitute a more sound legal basis for the transfer of SWIFT data than the proposed interim agreement;

6. Underlines the importance of legal certainty and immunity for citizens and private organizations subject to data transfers under such arrangements as the proposed EU-US agreement;

7. Instructs its President to forward this resolution to the Council, the Commission, the European Central Bank, the governments and parliaments of the Member States and candidate countries, and the United States Government and the two Chambers of Congress.

[1]OJ L 281, 23.11.1995, p. 31.

[2]OJ L 8, 12.1.2001, p. 1.

[3]OJ L 309, 25.11.2005, p. 15.

[4]OJ L 345, 8.12.2006, p. 1.

[5]OJ L 181, 19.7.2003, p. 34.

[6] Executive Order 13224 was issued by President Bush on September 23, 2001, pursuant to the International Emergency Economic Powers Act (IEEPA), 50 U.S.C. §§ 1701-1706. The President delegated his authorities under the Executive Order to the Secretary of the Treasury. Treasury issued the subpoenas to SWIFT pursuant to Executive Order 13224 and its implementing regulations.

[7]P6_TA(2007)0039; B6?0395/2006.

ref. to ECHR, Convention 108 and the FD on data protection in the third pillar