Strasbourg, 23rd October 2013. The EU should suspend its Terrorist Finance Tracking Program (TFTP) agreement with the US in response to the US National Security Agency’s alleged tapping of EU citizens’ bank data held by the Belgian company SWIFT, says a non-binding resolution voted today by the European Parliament.
The resolution, tabled by the S&D, ALDE and Greens/EFA groups, was passed by 280 votes to 254, with 30 abstentions. Although the Parliament has no formal powers to suspend or terminate an international deal, “the [European] Commission will have to act if Parliament withdraws its support for a particular agreement”. Today’s statement adds that Parliament will take account of the Commission’s response to this demand when considering whether to give its consent to future international agreements.
MEP Sophie in’t Veld (ALDE, D66, NL), Vice-President of the Parliament’s Civil Liberties committee, commented, “Another day, another scandalous NSA revelation, the latest being France where the press reported that 70 million phone calls were intercepted over 30 days, and again not a single member state has yet asked the Cybercrime unit of Europol to investigate this large-scale data mining of EU citizens”.
“Europe has the moral responsibility towards its citizens to ensure that European agreements with third countries are respected,” she continued. “The Americans have never actually denied the accusation in relation to the NSA snooping on SWIFT. They simply said they have not had unauthorised access to the SWIFT server, but they also said they reserve the right to have such access. That in itself is already a breach of the agreement, which requires a suspension.”
MEPs are urging EU countries to authorise an inquiry by Europol’s Cybercrime Centre. The resolution also calls for a “full on-site technical investigation” into allegations that the US authorities had gained unauthorised access or possible “back doors” into the SWIFT servers. The Civil Liberties Committee special inquiry into the mass surveillance of EU citizens should also continue to investigate the allegations, it adds.
Parliament stresses that any data-sharing agreement with the US must be based on a consistent legal data protection framework, offering legally-binding standards on purpose limitation, data minimisation, information, access, correction, erasure and redress.
The existing EU/US TFTP agreement on monitoring the processing and transfer of bank-messaging data to track terrorists’ financial flows entered into force in August 2010. However many MEPs have had reservations about the program’s implementation since its launch.
Parliament withheld its consent on the conclusion of the first TFTP deal in February 2010 due to concerns over data privacy, and the deal only went ahead after assurances of a higher level of protection for EU citizens’ data. Since then the agreement’s compliance with EU data-protection standards has been repeatedly questioned, with MEPs raising concerns in 2011 and again in 2012.
Several MEPs have stressed that if external governments are proven to have been tapping into European citizens’ personal financial data without following strict agreed protocols, such activities would constitute a clear breach of the EU/US agreement.