PURPOSE: to conclude an Agreement between the EU and the US on the processing and transfer of Financial Messaging Data from the EU to the US for purposes of the Terrorist Finance Tracking Program.
LEGISLATIVE ACT: Council Decision 2010/412/EU on the conclusion of the Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the EU to the US for the purposes of the Terrorist Finance Tracking Program.
BACKGROUND: the JHA Council of 30 November 2009 authorised the Presidency of the Council of the EU to sign an interim agreement between the EU and the United States on the processing and transfer of Financial Messaging Data from the EU to the U.S. for purposes of the TFTP. The interim agreement, also signed on 30 November 2009, was to have a maximum duration of 9 months.
However, on 11 February the European Parliament adopted its Resolution withholding consent for the TFTP Interim Agreement (see NLE/2009/0190). A letter signed by the President of the Council was delivered to the US Secretary of State on 22 February 2010 stating that as a consequence of the Parliament's Resolution, the EU could not become a party to the Interim Agreement and terminating the provisional application of the Agreement. On 24 March 2010, the Commission adopted a Recommendation from the Commission to the Council to authorise the opening of the negotiations between the EU and the US on the same issue bearing in mind Parliament’s opinion expressed in its resolution rejecting the Agreement.
On 5 May, Parliament adopted a new resolution where it expressed its views on the limits and purposes of the Agreement (all information transfer must be strictly limited to that which is strictly necessary in the fight against terrorism).
On 11 May 2010, the Council adopted a Decision, together with negotiation directives, authorising the Commission to open negotiations on behalf of the EU to make available to the United States Treasury Department financial messaging data to prevent and combat terrorism and terrorism financing. The Agreement was signed by the Parties on 28 June 2010. The Agreement should be concluded on behalf of the EU.
CONTENT: the Decision approves the Agreement between the EU and the US on the processing and transfer of Financial Messaging Data from the EU to the US for the purposes of the Terrorist Finance Tracking Program on behalf of the Union.
The main points of the Agreement are as follows:
Purpose: the purpose is to ensure, with full respect for the privacy, protection of personal data, and other conditions set out in this Agreement, that:
- financial payment messages referring to financial transfers and related data stored in the territory of the European Union by providers of international financial payment messaging services, that are jointly designated pursuant to this Agreement, are provided to the U.S. Treasury Department for the exclusive purpose of the prevention, investigation, detection, or prosecution of terrorism or terrorist financing;
- relevant information obtained through the TFTP is provided to law enforcement, public security, or counter terrorism authorities of Member States, or Europol or Eurojust, for the purpose of the prevention, investigation, detection, or prosecution of terrorism or terrorist financing.
Scope of Application: it applies to the obtaining and use of financial payment messaging and related data relating to acts of a person or entity that involve violence, or are otherwise dangerous to human life or create a risk of damage to property or infrastructure, and which, given their nature and context, are reasonably believed to be committed with the aim of: (i) intimidating or coercing a population; (ii) intimidating, compelling, or coercing a government or international organization to act or abstain from acting; or (iii) seriously destabilizing or destroying the fundamental political, constitutional, economic, or social structures of a country or an international organization.
Ensuring Provision of Data by Designated Providers: the EU must ensure that providers of international financial payment messaging services (or Society for Worldwide Interbank Financial Telecommunication (SWIFT). provides the U.S. Treasury Department the requested financial payment messaging and related data.
U.S. Requests to Obtain Data from Designated Providers: the Decision makes provision for a procedure for the US Treasury to obtain data that are stored in the territory of the European Union.
Safeguards Applicable to the Processing of Provided Data: the US Treasury Department must take measures to ensure that Provided Data are processed in accordance with the provisions of the Agreement, that is: the data must be processed exclusively for the purposes in the text and it shall not involve data mining or any other type of algorithmic or automated profiling or computer filtering. The US Treasury must takes the safeguards specified in the text, which shall be applied without discrimination on the basis of nationality or country of residence.
There are provisions to ensure that the Treasury’s search of Provided Data shall be narrowly tailored, and demonstrate a reason to believe that the subject of the search has a nexus to terrorism or its financing. The Parties must recognise the special sensitivity of personal data revealing racial or ethnic origin, political opinions, or religious or other beliefs, trade union membership, or health and sexual life ("sensitive data"). In the exceptional circumstance that extracted data were to include sensitive data, the U.S. Treasury Department shall protect such data in accordance with the safeguards and security measures set forth in the Agreement.
Retention and deletion of data: during the term of the Agreement, the U.S. Treasury Department shall undertake an ongoing and at least annual evaluation to identify non-extracted data that are no longer necessary to combat terrorism or its financing. Where such data are identified, the U.S. Treasury Department shall permanently delete them as soon as technologically feasible. The general principle is that all non-extracted data received prior to 20 July 2007 shall be deleted not later than 20 July 2012. All non-extracted data received on or after 20 July 2007 shall be deleted not later than five years from receipt. Not later than three years from the date of entry into force of the Agreement, the European Commission and the U.S. Treasury Department shall prepare a joint report regarding the value of Provided Data.
Onward Transfer: the Agreement makes provision for limiting the onward transfer of information extracted from the Provided Data following specified safeguards.
Spontaneous provision of information: the U.S. Treasury Department shall ensure the availability, as soon as practicable to law enforcement authorities of Member States, and to Europol and Eurojust of information obtained through the TFTP that may contribute to the prevention, detection, or prosecution by the EU of terrorism or its financing. Any follow-on information that may contribute to the prevention etc by the United States of terrorism or its financing shall be conveyed back to the United States on a reciprocal basis.
Cooperation with future equivalent EU system: during the course of the Agreement, the European Commission will carry out a study into the possible introduction of an equivalent EU system allowing for a more targeted transfer of data. If, following this study, the EU decides to establish an EU system, the US shall cooperate and provide assistance and advice to contribute to the effective establishment of such a system.
Monitoring of safeguards and controls: compliance with the strict counter terrorism purpose limitation and the other safeguards set out in the text shall be subject to monitoring and oversight by independent overseers, including by a person appointed by the European Commission with the agreement of and subject to appropriate security clearances by the United States. There are provisions in the Agreement on transparency, providing information to the data subject’s right of access, the right to rectification, erasure or blocking, and on redress.
Joint review: at the request of one of the Parties and at any event after a period of six months from the date of entry into force of the Agreement, the Parties shall jointly review the safeguards, controls, and reciprocity provisions set out in the Agreement. Following the review, the European Commission will present a report to the European Parliament and the Council on the functioning of the Agreement.
Legal framework for the extraction of data on EU territory: in accordance with the opinion of the Parliament adopted on 8 July 2010, the Commission is invited to submit to the European Parliament and the Council, no later than one year from the date of entry into force of the Agreement, a legal and technical framework for the extraction of data on EU territory. Within three years from the date of entry into force of the Agreement, the Commission is invited to present a report of progress on the development of the equivalent EU system. If, five years after the date of entry into force of the Agreement, the equivalent EU system has not been set up, the Union shall consider whether to renew the Agreement.
Territorial provisions: the Agreement will apply to the United Kingdom. Ireland and Denmark will not take part in the application of the Agreement.
ENTRI INTO FORCE: the Decision enters into force on 13 July 2010. The Agreement itself enters into force on 1 August 2010.