Other available languages: none
Brussels, 24 March 2010
Adoption of a proposal for a mandate for negotiating an agreement on bank data transfers with the United States government under the Terrorist Financing Tracking Programme
Under the Terrorist Finance Tracking Programme (TFTP) the United States Department of the Treasury (U.S. Treasury Department) seeks to identify, track and pursue suspected terrorists and their providers of finance.
As part of the TFTP the U.S. Treasury Department would require by law SWIFT to transfer to it identified sets of financial messaging data relevant to terrorism investigations.
On 11 February the Plenary adopted its Resolution withholding consent for the TFTP Interim Agreement. A letter signed by the President of the Council was delivered to the US Secretary of State on 22 February stating that as a consequence of the Parliament's Resolution, the EU cannot become a party to the Interim Agreement and terminating the provisional application of the Agreement.
In order to avoid security gaps as relevant data are only kept for 124 days by SWIFT, the Commission is putting forward a new proposal which should meet the European Parliament concerns.
The data transferred under the TFTP are financial transaction record data. Such data may include identifying information about the originator and/or recipient of the transaction, including name, address, national identification number and other personal data related to financial messages.
Under the TFTP, requests for data are narrowly tailored based on past analyses of relevant message types, geography and perceived terrorism threats. General data sets would be transferred to the Treasury Department under the TFTP. However these data would not be subject to open-ended searching, but instead to specific searches based on pre-existing information demonstrating a reason to believe that the subject of the search is connected to terrorism or its financing. Data not subject to a specific search would be kept anonymous.
While the data requested under the TFTP represent only a small fraction of all SWIFT "FIN" messages, the essence of the TFTP is that each month a large volume of data is transferred. When Treasury Department request data, they do not know the identity of the terrorists who may plot an attack 6 months later. So the request for data is necessarily broader than suspects already under criminal investigation.
Personal privacy is guaranteed since the data on the TFTP database are effectively anonymous unless there is a reason to believe that a person is engaged in terrorism – in which case that person's data can be extracted and seen.
The draft mandate provides for significantly greater data protection safeguards than under the Interim Agreement. These include:
The draft mandate includes significant data protection guarantees such as a strict counter terrorism purpose limitation, an absolute prohibition on transfers on bulk data to third countries (only leads on terrorists derived from the analysis can be transferred) , and the EU will have the right to terminate the Agreement in the event of breach of any of the data protection safeguards.
In line with EU law, the mandate will propose a general maximum data retention period of 5 years.
More than 1450 TFTP-generated leads have been passed to date to European governments from January to September 2009. Concrete examples of the benefits of TFTP-derived information include:
The mandate provides for regular reviews of the safeguards, reciprocity provisions and proportionality of the TFTP. It seeks to ensure a balanced representation in the EU review team of counter terrorism and data protection experts. It leaves open the detail of who would participate in this team.
With concerns running high about the security gap, we envisage that a new agreement should be signed this summer.