EU to review banking data deal with US


Viviane Reding, the EU’s incoming justice commissioner, is preparing a broad review of EU privacy rules in order to face new challenges, including the SWIFT agreement on the transfer of personal banking data to US authorities.

Speaking on the occasion of the fourth European Data Protection Day in Brussels today (28 January), Reding will underline that data protection is at the core of her agenda and that this principle should be extended to the EU’s relations with other countries. 

Specifically, she will stress that agreements with third countries for anti-terrorism purposes should protect personal information as much as they can.

“Why should citizens have to reveal their personal information in order to prove that they have nothing to hide?” Reding will tell experts gathered in Parliament for Data Protection Day.

The SWIFT agreement on the transfer of EU citizens’ banking data to US authorities, set to enter into force next week, will be first on the list for the new EU justice chief.

“I remain to be convinced that all these SWIFT transfers are necessary, proportionate and effective to fight terrorism. I will be looking into this very closely in the coming weeks,” she will say, according to a speaking note obtained by EURACTIV.

“I want to make sure that our EU legislation and international agreements are based on evidence rather than on emotional responses to the latest scare,” the note continues.

Last week, MEPs confirmed their strong opposition to the SWIFT deal and asked for it to be delayed (EURACTIV 21/01/10).

Online social networks in the spotlight

Reding will also not miss the chance to reiterate her warning about the threat to privacy posed by social networking websites such as Facebook or MySpace.

Social networking sites are used by 41.7 million Europeans and allow personal information like photos to be seen by others, according to a note issued by the European Commission.

In an opinion, European privacy watchdogs stated that users of social networks “should only upload pictures or information about other individuals with the individual’s consent”. If applied, this provision could fundamentally alter the way such websites work.

EU rules say that a person’s information can only be used on legitimate grounds, with their prior consent, stresses the Commission note. 

At today’s Parliament meeting, Reding will say that clarifying rules on consent and transparency is among her top priorities.

In her speech to data protection experts, Reding will say that she intends to make sure that general data protection rules are up-to-date with technology and as comprehensive as required by the Lisbon Treaty. She will refer to reviews of the Data Protection Directive and the E-Privacy Directive.

Indeed, with the entry into force of the Lisbon Treaty at the end of last year, the protection of personal data has become a fundamental right for EU citizens. 

In her new role as justice commissioner, Reding will be in charge of “upholding EU fundamental rights in all EU legislation,” said officials close to her.

SWIFT is a private company that handles the banking transactions of thousands of banks, including most European institutions. The company is based in Belgium but also has a branch in the USA.

Following the September 11 terrorist attacks in 2001, the US government used the new Terrorist Finance Tracking Programme (TFTP) to force SWIFT's American branch (which mirrors all data based in Belgium) to allow US officials access to all bank transactions in order to help anti-terrorism operations.

The US believes the programme allows access to data that could prove vital in tracking transactions between terrorist cells.

However, some European political groups, notably the liberal faction in the European Parliament, have repeatedly criticised the agreement, arguing it is "not only a restraint on European sovereignty but a massive intrusion into every single European citizen's privacy".

In November 2009, European home affairs ministers passed an interim agreement with the USA allowing American investigators broad access to EU banking data, overruling the Parliament's desire to see the agreement delayed. 

The new provisions will enter into force on 1 February and will last for nine months.

Subscribe to our newsletters