EU Parliament Scrutinizes International Data Sharing Agreements
Should US and European law enforcement agencies be given unrestricted access to commercial and travel transactions from individuals around the world without judicial oversight? That was the question on the table in a heated debate in the European Parliament this week.
In the early years of the so-called “War On Terror”, the US government created a number of secret programs that granted it and its agents sweeping new global surveillance powers. In particular, the US Treasury Department has sought and been given access to financial information held by the SWIFT network to find and track down individuals suspected of terrorism as part of its Terrorism Finance Tracking Program. Another agreement requires all airlines flying to the US to provide the Department of Homeland Security with full electronic access to detailed personal information on all passengers, in the form of Passenger Name Records (PNRs).
Europeans have long been arguing that handing over this information to US law enforcement agencies violates privacy rights protected by European legislation. But when the Lisbon Treaty and the European Charter of Fundamental Rights entered into force at the end of 2009, personal data protection was greatly strengthened in Europe. In addition, the European Parliament now has a crucial right to give or withhold consent to these international data-sharing agreements. This year, the European Parliament has used its new powers to demand that the European Commission and European Council address serious data protection, privacy and due process concerns.
Read on to hear more about the debate in European Parliament.
No Financial Data Sharing Agreement
On the financial data transfer agreements, yesterday the Parliament adopted a resolution stating that indiscriminate bulk data transfers bypass EU legislation. Members of Parliament also demanded that any possible future agreement guarantee European citizens the same rights as US citizens in the event of an abuse of the data; currently only US citizens and permanent residents can claim rights under the US Privacy Act - EU citizens have no redress. The Parliament has also demanded access to any documents that demonstrate the actual need for these agreements.
SWIFT is a banking network, headquartered in Brussels, that routes financial data between 8,300 financial institutions in over 208 countries. There have been several previous SWIFT interim agreements, all of which have ignored existing legal safeguards against government abuse of citizens' data. This was the primary reason why the European Parliament rejected the latest interim-agreement last February. These accords allow US law enforcement agencies to access citizens' financial data held by the SWIFT network with complete immunity, bypassing court-approved warrants or subpoenas required to examine specific transactions. As Dutch MEP Jeanine Hennis-Plasschaert said, "with the proposed [rejected] interim-agreement we, instead, rely on broad administrative subpoenas for millions of records of European citizens".
No Travelers' Passenger Records Agreement
On the Passenger Name Records (PNR) accord, the European Parliament yesterday decided to postpone its vote to approve or reject the agreement until a standard Passenger Name Record file model is devised that meets Parliament's demands regarding data protection. The Parliament Resolution calls for any future PNR agreement to be created as a binding international treaty. The Resolution further demanded an appropriate mechanisms for independent review, judicial oversight and democratic control. The interim PNR agreement requires all airlines flying to the US to provide the Department of Homeland Security with full electronic access to detailed personal information on all passengers.
Between 2004 and 2007, three consecutive agreements between the US Department of Homeland Security and the Council of the European Union were negotiated, over the objections of the European Parliament. In 2004, the European Court of Justice annulled the 2004 agreement on the basis of a complaint made by the European Parliament. The 2007 PNR agreement required 19 categories of data to be collected, stored and disclosed to US law enforcement authorities. As European lawmakers said, "PNR data, which was originally collected for commercial purposes, is increasingly being used to combat crime."
While the European Parliament is now playing an important role in calling for information on the need for these agreements, and plans to scrutinize the agreements to see whether they’re limited to law enforcement purposes (and not for instance, for copyright enforcement), by comparison, the US Congress currently plays no role in oversight of their negotiation.
So where does all of this leave citizens who are concerned about this massive government effort to collect, use, and disclose their personal data, without judicial oversight? There is growing recognition that legally enforceable data protection standards and legal safeguards against intrusive warrantless electronic surveillance of private information are needed.
These privacy protection concepts are embodied in Article 17 of the International Covenant on Civil and Political Rights, the most important international treaty that protects the right to privacy. In analyzing Article 17, the UN Special Rapporteur has highlighted the erosion of the right to privacy in the fight against terrorism. In its 2009 annual report, he emphasized "the need for a comprehensive data protection and privacy law that creates limits on the use, storage, and disclosure of the information, and that they have a right to access and redress, regardless of nationality and jurisdiction."