Resolution on the Recommendation from the Commission to the Council to authorise the opening of negotiations for an agreement between the European Union and the United States of America to make available to the United States Treasury Department financial messaging data to prevent and combat terrorism and terrorist financing

Following the debate which took place during the sitting of 21 April 2010, the European Parliament adopted a resolution on the Recommendation from the Commission to the Council to authorise the opening of negotiations for an agreement between the EU and the United States of America to make available to the United States Treasury Department financial messaging data to prevent and combat terrorism and terrorist financing. The resolution had been tabled by the ALDE, S&D, EPP and ECR groups. It recalls that on 30 November 2009 the Council signed an EU-US interim agreement on the processing and transfer of financial messaging data (FMDA) for the purposes of the US Terrorist Finance Tracking Program (TFTP) to be provisionally applied as from 1 February 2010 and expire on 31 October 2010 at the latest. On   11 February 2010 Parliament decided to withhold its consent to the conclusion of the FMDA. The Commission adopted new TFTP Recommendation and Negotiating Directives on 24 March 2010, which reflect important elements contained in the relevant European Parliament resolutions on this issue.

Members welcome the new spirit of cooperation demonstrated by the Commission and the Council and their willingness to engage with Parliament, taking into account their Treaty obligations and they reiterate their openness to an agreement which would help both Europe and the US strengthen their fight against terrorism, without undermining the rule of law. They stress that fundamental principles still need to be laid down by the EU stating how it will generally cooperate with the US for counter-terrorism purposes and how financial messaging data providers could be asked to contribute to this fight, or indeed more generally to the use in connection with law enforcement of data collected for commercial purposes.

Parliament emphasises that the principles of proportionality and necessity are key to the envisaged agreement. It points out that the problem that financial messaging data providers are unable to search the 'content' of the messages, leading to the transfer of data in bulk, cannot subsequently be rectified by oversight and control mechanisms, since basic principles of data protection law have already been compromised. It also stresses the following:

• the 'purpose limitation' of the agreement is important in order to ensure that any exchange of information is strictly limited to that required for the purposes of combating terrorism and that this is done on the basis of a common definition of what constitutes 'terrorist activity';
• bulk data transfers mark a departure from the principles underpinning EU legislation and practice. The Commission and Council are asked to address this issue properly in the negotiations, bearing in mind that the TFTP is currently designed in such a way that it does not allow for targeted data exchange. Solutions should include restricting the scope of the transferred data and listing the types of data that the designated providers are able to filter and extract, as well as the types of data which may be included in a transfer;
• the Agreement on Mutual Legal Assistance is not an adequate basis for requests to obtain data for the purposes of the TFTP. It does not apply to bank transfers between third countries and it would, in any case, require the prior identification of a specific bank, whereas the TFTP is based on targeted searches of fund transfers. Future negotiations should focus on finding a solution to make one compatible with the other.

Parliament urges the Council and Commission, therefore, to explore ways of establishing a legally sound procedure for the authorisation of the transfer and extraction of relevant data as well as for the conduct and supervision of data exchanges. Such steps are to be taken in full compliance with the principles of necessity and proportionality and the rule of law with full respect for fundamental rights requirements under EU law, by giving a role to a European authority, which would make it possible for relevant European legislation to become fully applicable.

If the above arrangements are not feasible in the short term, Members insist on a twin-track approach which differentiates between, on the one hand, the strict safeguards to be included in the EU-US agreement, and, on the other, the fundamental longer-term policy decisions that the EU must address. They emphasise that any agreement between the EU and the US must include strict implementation and supervision safeguards, monitored by an appropriate EU-appointed authority, on the day-to-day extraction of, access to and use by the US authorities of all data transferred to them under the agreement. In this respect, they point out that the option offering the highest level of guarantees would be to allow for the extraction of data to take place on EU soil, in EU or Joint EU-US facilities. The resolution asks the Commission and the Council to explore, in parallel, ways to:

phase into a medium-term solution empowering an EU judicial authority to oversee the extraction in the EU, on behalf of Member States, after a mid-term parliamentary review of the agreement;

ensure, in the meantime, that EU select personnel – from EU organs or bodies, including for example, the EDPS, or joint EU-US investigation teams – with high clearance, joins SWIFT officials in the oversight of the extraction process in the US.

Parliament points out that true reciprocity would require the US authorities to allow both the EU authorities and competent authorities in the Member States to use financial payment messaging and related data stored in servers in the US on the same terms as apply to the US authorities.

It asks to be provided with detailed information on the specific rights of European and US citizens (e.g. access, rectification, deletion, compensation and redress) and as to whether the agreement is to safeguard 'rights' on a non-discriminatory basis, regardless of the nationality of any person whose data are processed pursuant to it, and requests the Commission to submit an overview of the respective rights to Parliament.

Parliament also points out the following:

• once a mandate has been established, a judicial public authority should be designated in the EU with the responsibility to receive requests from the United States Treasury Department. It is crucial that the nature of this authority and the judicial oversight arrangements should be clearly defined;
• any agreement between the EU and the US, regardless of the implementing mechanism chosen, should be limited in its duration and provide for a clear commitment on the part of both the Council and Commission to take all the measures required to devise a legally sound European solution to the issue of the extraction of requested data on European soil;
• the agreement should provide for evaluations and safeguard reviews by the Commission at set times during its implementation;
• the agreement must ensure that personal data extracted from the TFTP database are kept on the basis of a strictly interpreted 'necessity' principle and for no longer than necessary for the specific investigation or prosecution for which they are accessed under the TFTP;
• the concept of non-extracted data is not self-evident and should thus be clarified. A maximum storage period should be established, which should be as short as possible and in any case no longer than five years;
• the importance of the principles of non-disclosure of data to third states if no specific reasons are given for a request and of disclosure of terrorist leads to third states only subject to strict conditions and appropriate guarantees, including adequacy assessment;

Lastly, Members request that all relevant information and documents, including the underlying intelligence, must be made available for deliberations in the European Parliament, in line with the applicable rules on confidentiality, in order to demonstrate the necessity of the scheme in relation to already existing instruments. Members ask the Commission, further, to report regularly on the functioning of the agreement and to inform Parliament fully about any review mechanism to be set up under the said agreement.