Data Transfers to US: EU Parliament States its Terms
Any new agreement on providing bank data to the US – for example via the SWIFT system – must avoid ‘bulk data’ transfers until they can be processed within the EU, warned Members of the European Parliament (MEPs). As for passenger name records (PNRs), Parliament opted to postpone its vote on the existing agreements with the US and Australia and called for those accords be renegotiated on the basis of new criteria.
MEPs voted on two resolutions: one on the opening of negotiations for an EU-US agreement to provide the US Treasury Department with bank data to combat terrorism, and the other on the launch of negotiations for PNR agreements with the US, Australia and Canada, also for counter-terrorism purposes.
Bank Data Transfers
On the issue of bank data transfers, Parliament’s adopted resolution argues that bulk data transfers infringe EU legislation. It urges the European Council and European Commission to “address this issue properly in the negotiations”. In addition, the new agreement should include “strict implementation and supervision safeguards, monitored by an appropriate EU-appointed authority” on the day-to-day extraction of and use by the US authorities of all such data. The maximum storage period must not exceed five years and the data may not be disclosed to third countries.
Any new agreement should be limited in duration and pave the way for arrangements to enable requested data to be extracted on European soil, said MEPs. They believe that “the option offering the highest level of guarantees” would be to allow for the extraction of data to take place on EU soil, in EU or joint EU-US facilities. In the medium term, an EU judicial authority should oversee the extraction of data in the EU. Meanwhile, select EU personnel should take part in the oversight of the extraction process in the US.
Reciprocity would require the Americans to allow EU authorities to obtain and use data stored in servers in the US.
Parliament wants access to any documents that demonstrate the need for the scheme. It also wants to know whether the envisaged agreement will guarantee the same rights to European citizens as to Americans in the event of any abuse of the data: the rights guaranteed under the US Privacy Act can be invoked only by citizens and permanent residents of the US.
PNR: Parliament Postpones its Vote
The accords with the US and Australia on PNRs need Parliament’s approval but, in a resolution also adopted by show of hands, the Parliament decided to postpone its vote.
MEPs want to explore the options for arrangements for the use of PNRs that are in line with EU law and meet the concerns expressed by Parliament in earlier resolutions on data protection, proportionality and opportunities for redress.
They call on the Commission to present, no later than mid-July 2010, a proposal for a single PNR model and a draft mandate for negotiations with third countries. The model should ensure that data is only used for law enforcement and security purposes, is not used for profiling and is not forwarded to third countries. MEPs also argue that PNR data alone must not be used as grounds for banning an individual from flying.