European Diary: The US treasury has been "pulling a Swift one" on Irish and other EU citizens for years. This was the damning verdict from a Belgian state commission on data protection that issued a report last week on a covert CIA programme, which monitored international financial transactions, to try to identify sources of terrorist financing.
Swift is the acronym for the Society for Worldwide Interbank Financial Telecommunications. This is the company that manages a vast global network connecting 7,800 financial institutions (including 77 Irish-based banks) that enables businesses and private individuals to make international money transfers.
It is a Belgian firm, with a subsidiary in the US. After the terrorist attacks on September 11th the US issued subpoenas to Swift seeking access to its databases, which store transaction records for money transfers for 124 days. The firm dutifully complied even though the scope of the material requested was, as the commission noted, "very wide from a material, territorial and time-scale point of view".
Swift told the National Bank of Belgium, which is a member of its control committee, but the bank felt the issue was outside its competence. Several other EU central banks on the control committee were also aware of the covert monitoring. Ireland's Central Bank is not on the committee and had no knowledge of the CIA's secret data trawling, according to governor John Hurley. Minister for Finance Brian Cowen wasn't aware of the CIA programme either until the New York Times published the story almost three months ago, against the wishes of President George Bush.
"What we did was fully authorised under the law. And the disclosure of this programme is disgraceful," said President Bush. "We're at war with a bunch of people who want to hurt the United States of America." The CIA programme to snoop on EU bank transfers was legal in the US but it violated European laws, according to the Belgian commission. "It has to be seen as a gross miscalculation by Swift that it has, for years, secretly and systematically transferred massive amounts of personal data for surveillance without effective and clear legal basis and independent controls in line with Belgian and European law," it said.
Despite the stark findings, Belgian prime minister Guy Verhofstadt said Swift would not be penalised for handing over the information, and he said the transfers should continue until the EU could negotiate a deal with the US that offered safeguards to European citizens.
This is easier said than done. Europe's attachment to data protection law and personal privacy is currently being severely tested by the US on the issue of the transfer of air passenger information to US customs.
Talks between EU and US negotiators toward renewing a previous agreement on the transfer and use of this data by US law enforcement agencies hit an impasse on Saturday night over the type of safeguards to be put in place to protect EU passengers' privacy.
Under a previous deal, which expired on Saturday night, the US had agreed to abide by strict rules regarding how they could use up to 34 pieces of personal data (name, address, credit card details, etc) collected by airlines. For example, the US agreed to filter out sensitive information that could identify Muslim passengers, such as whether they had ordered a Halal meal on the flight. It also agreed to delete data collected on passengers after a 3½-year period and to limit the number of security agencies that could access the data.
EU negotiators have consistently said these safeguards were not up for discussion. But on Saturday US negotiators handed the text of a draft agreement, already initialled by homeland security secretary Michael Chertoff, to the EU team. The US action caused the three-month-long talks to break down, at least temporarily, and ensured a deadline set for reaching a deal was missed, ushering in a period of "legal limbo".
Few analysts have any doubts that the US is pushing hard to remove certain safeguards on privacy. In particular, the US wants access to more passenger data and to be able to share it more easily between different security agencies.
"The US are taking a belligerent approach," said Hugo Brady, an analyst with the London-based think tank Centre for European Reform. "For the US, national security trumps all other considerations, while in Europe, for example in the Netherlands or in the Nordic countries, data protection is governed by strict principles. . . For example, data should only be used for the purpose that it was originally collected for." The expiry of the previous EU-US deal on air passenger data means airlines are likely to face legal test cases by privacy advocates. It also means that the legal safeguards on privacy written into the original agreement have already fallen. In effect, the US can do what it wants with the information.
EU justice ministers will ponder the issue when they meet on Thursday and Friday. They face a conundrum: if they sign the US text, they could be criticised for undermining one of Europe's core fundamental values, the right to privacy. Yet if they don't sign a deal, the result could be legal chaos and possible hardships for passengers flying to the US.