Legal base	Articles 24 and 38 EU; —; unanimity
Department	HM Treasury
Basis of consideration	EM of 19 November 2009
Previous Committee Report	None
To be discussed in Council	30 November 2009
Committee's assessment	Legally and politically important
Committee's decision	Cleared

Background

16.1 Following the September 2001 terrorist attacks, the United States Department of the Treasury developed a Terrorist Finance Tracking Program (TFTP) to identify, track, and pursue terrorists and their financial supporters. The TFTP uses payment information carried by SWIFT (the Society for Worldwide Interbank Financial Telecommunications), a Belgian company, which is the world's main system for passing international payment instructions between financial institutions. This information is provided on the basis of an administrative subpoena requiring that the US branch of SWIFT should provide the US Treasury with specified financial transaction record data, which are stored in the United States. This data is held by the US Government in a highly secure database and is used exclusively for terrorist finance tracking purposes.

16.2 These arrangements were disclosed in public in 2006, and concerns were raised in the EU about the use made of the information by the US and about the protection of personal data. To address these concerns, the US Treasury gave a set of unilateral undertakings, known as Representations, to the EU in June 2007. These specified a series of commitments and safeguards to ensure the protection of EU-originating personal data processed under the TFTP and that the data would be used exclusively for counter-terrorism purposes.[46]

16.3 The EU appointed an "Eminent European Person", Judge Bruguière, to oversee the use of EU-originated payment information by the TFTP. In December 2008 Judge Bruguière presented his first annual report on the processing of EU originating personal data by the US Treasury. This report concluded that the US Treasury has been vigilant from the outset in respecting the safeguards included in the Representations and notably the strict counter terrorism purpose limitation. Judge Bruguière's report also concluded that the TFTP has generated since its implementation, and continues to generate, significant value for the fight against terrorism both in the USA and beyond. Moreover the US Government has readily shared this intelligence with third countries — Member States being the principal non-US beneficiary of TFTP lead information.[47]

16.4 Changes to the operation of the SWIFT system from the beginning of 2010 will place most payment information outside the scope of US administrative subpoenas. This would lead to such information being unavailable to the TFTP, seriously impairing its scope and coverage.

The document

16.5 This draft Council Decision is to authorise the signing, but not the conclusion, of an agreement between the EU and the US in order to allow transfer of SWIFT data to the US Treasury for the purposes of the TFTP. The agreement would make financial payment messaging data stored in the EU available to the US, subject to strict compliance with safeguards for the protection of personal data and is intended to maintain the availability of data stored in the EU to the TFTP and so ensure that the TFTP continues both to have coverage of all regions and to support counter-terrorism authorities in the US and EU.

16.6 The agreement would:

• enable the US to request financial payment messaging data from designated providers in the EU;
• have data protection safeguards based on those contained in the Representations, but strengthened;
• include controls on the purposes for which EU-origin payment information may be used (which is limited to the prevention, investigation detection or prosecution of defined terrorist activities), the manner in which information may be used (which limits access to cleared personnel, requires a reason to believe the subject of a search has a connection to terrorism and prohibits data-mining techniques) and protection of personal data;
• require the US to provide information originating from the TFTP to counter-terrorism authorities of concerned Member states; and
• strengthen review arrangements to monitor US compliance with these requirements to include two Member State data protection authorities.

16.7 The agreement would be a temporary solution designed to last for no more than a year. The Commission intends to make a Recommendation regarding a long-term agreement in early 2010. Although this temporary agreement would be signed before the Lisbon Treaty takes effect, it would be concluded under the Article 217 of that Treaty and would require the assent of the European Parliament. The European Parliament's Civil Liberties, Justice and Home Affairs (LIBE) Committee has welcomed the efforts to secure an agreement with the US, in particular in relation to data protection.

The Government's view

16.8 Although there is not yet a text of the draft Decision available to us the Exchequer Secretary to the Treasury (Sarah McCarthy-Fry) offers us comment on the proposal. First she says, recalling that the Eminent European Person's report on the TFTP concluded that the programme has generated since its implementation, and continues to generate, significant value for the fight against terrorism and that the US Government has readily shared this intelligence with third countries — Member States being the principal non-U.S. beneficiary, that the Government endorses the assessment that the TFTP is a valuable and important counter-terrorist tool. The Minister comments further that:

• information originating from the TFTP is provided by the US to the UK and to other Member States and is a valuable source of information for counter-terrorist authorities;
• the continued availability to the TFTP of payment messaging information from all regions of the world is important to maintaining its coverage and in particular to maintaining the value of TFTP-generated information to the UK and EU; and
• the Government would therefore like to see the TFTP continue to have access to payment messaging information from EU-based providers.

16.9 The Minister continues that the proposed agreement would not significantly change current practice. Its main effects would be to enable the TFTP to continue, following the change in the payment systems architecture, and to formalise and strengthen the safeguards applied to it, including on how and for what purposes the data would be used, the reciprocal provision of information to EU counter-terrorism authorities and the protection of personal data.

16.10 The Minister tells us that the data would be sought and transferred in line with the EU-US Agreement on Mutual Legal Assistance in criminal matters (MLA) and the relevant Member State (Belgium)'s bilateral treaty with the US. But she adds that:

• one deviation from standard MLA procedure is that if the relevant data could not be identified by the "Designated Provider" in the relevant Member State all potentially relevant data might be transmitted in bulk to the US;
• current practice in the UK would not allow such a transfer to happen;
• however, given that the UK is not the relevant Member State in the proposed agreement, and given its temporary nature, this may not give rise to immediate or direct concerns;
• other Member States will have different legal provisions in place that might allow them to comply;
• the preamble to the proposed agreement states that it does not constitute a precedent regarding the processing and transfer of financial payment messaging data;
• nonetheless, given the data transfers envisaged by the agreement and the specific reference to the MLA contained therein there is a clear risk that it would be more difficult for the UK to refuse a similar request from the US in the future given that a precedent would in fact have been set; and
• this could, therefore, have an effect on UK MLA practice.

16.11 Finally the Minister says that it is the Swedish Presidency's intention that the draft Council Decision on signing be adopted, and the agreement be signed, on 30 November 2009.

Conclusion

16.12 Given the Government's endorsement of the assessment that the TFTP is a valuable counter-terrorist tool, the data-protection safeguards built into the proposed agreement, its temporary nature and that a more permanent agreement would be subject to greater democratic scrutiny, we can merely note, whilst clearing the document, the Government's support for the draft Council Decision, despite its reservation in relation to the operation of the MLA.

47   The report has not been published, but for a Commission announcement about its findings see http://europa.eu/rapid/pressReleasesAction.do?reference=IP/09/264&format=HTML&aged=0&language=EN&guiLanguage=en.  Back