EU agrees bank data transfer with US

The European Union Council of Ministers has granted US anti-terrorism investigators the right to access EU bank data, amid concerns over the protection of European bank customers’ privacy.

The temporary agreement ensures that, for anti-terrorism purposes, the US will still be able to analyse data collected by the Society for Worldwide Interbank Financial Telecommunication.

The agreement was made necessary after it was discovered in early 2006 that US intelligence services, including the CIA, had pressured SWIFT to provide them with European banking data.

SWIFT admitted it had handed over millions of pieces of data including the names of participants in payment transactions, addresses, document identification numbers, account numbers, payment amounts and the declared purpose for individual transactions.

The revelation sparked outrage not only among privacy advocates and politicians, but also among many of SWIFT’s corporate customers who feared the data could be used for industrial espionage.

SWIFT owns and operates the private global messaging network used by over 8,000 financial institutions in more than 200 countries to transfer financial transaction data. While the organisation provides the routing channel and messaging format to transfer the data related to financial transactions, such as bank payments, the actual fund transfer takes place in separate payment and clearing mechanisms.

SWIFT, which after 2006 established segregated US and European data centres, is now moving all its data centres to Switzerland.

Concerned that the US might once again force SWIFT to pass on data, EU foreign ministers sought to strike a deal in order to put the data provision on a legal footing and establish rules and procedures governing the information transfer.

The agreement between the EU and the US only covers the release of data related to individuals with links to terrorist activities.

At the same time data requests by investigators have to be as narrowly defined as possible and any information obtained by the US may not be shared with third countries.

Information about financial transfers within the EU is excluded.

The EU and the US will continue their negotiations over the issue to strike a permanent deal for the time after the temporary 12-month agreement expires.

Some EU member states including Germany, Austria and Hungary continue to press for stricter privacy protection to ensure that only data linked to potential terrorist activity is provided.

However, the three states abstained from the Council vote, which required unanimity, to enable the interim agreement.

Thomas de Maiziere, the German minister of the interior justified the abstention by arguing that, ‘a not-completely-satisfying agreement in this field of data exchange combating terrorism is – in the interest of European and also German data protection – better than no agreement.’