EU opts into data agreement with the US

UK data to be fed into its Terrorist Financial Tracking Programme

EU opts into data agreement with the US

The UK has opted into an EU agreement with the US to allow European financial messaging data to be fed into its Terrorist Financial Tracking Programme (TFTP) despite demand from the European data protection supervisor for more proof that the process is necessary.

British Treasury secretary Mark Hoban announced the agreement in the Commons in a statement, and also apologised for failing to wait for it to be scrutinised by a special committee of MPs, claiming that if the government had not opted in, "it could have put the success of the whole agreement in jeopardy".

UK ministers are required to place information about forthcoming EU decisions before a scrutiny committee that can decide on whether the ministers can proceed or must await debate. And former committee chairman Michael Connarty has already protested at the delay in establishing the agreement following the general election.

Hoban said the TFPT had already brought security benefits, generating leads for investigations into the Bali bombing in 2002, the Van Gogh terrorist-related murder in Holland in 2004, a plan to attack JFK Airport in 2007 and the Mumbai and Jakarta hotel attacks in 2008 and 2009.

He said the deal included a binding agreement that would see the US Treasury compelled to search the Society for Worldwide Interbank Financial Telecommunications (Swift) data on request from EU member states that are complying with its terms. Hoban also claimed there were "strict yet proportionate data protection provisions".

But EU data protection supervisor Peter Hunstinx, in a formal legal opinion on a draft version of the agreement, stressed that the necessity of the proposed agreement should be unambiguously established, mainly compared to other less privacy-invasive existing instruments. The EU Parliament actually voted against an interim agreement.

Hustinx said that even if the need were proven, a series of measures should be put into place:

• The data should be sifted in the EU to ensure only relevant and necessary information is sent to the US
• There is a reduction in the the storage period for non-extracted data
• A public judicial body should assess requests from the US Treasury
• The EU should ensure that the existing data protection rights of citizens are effectively enforceable in the US.