STRASBOURG, 10.FEB.

2010

BY THE PRIVACY PLATFORM:

SOPHIE IN'T VELD (THE NETHERLANDS, ALDE), CARLOS COELHO (PORTUGAL,EPP),
RUI TAVARES (PORTUGAL,GUE/NGL), JAN PHILIPP ALBRECHT (GERMANY, GREENS)

WITH:
CLAUDE MORAES (UK, S&D), WOLFGANG KREISSL-DORFLER (GERMANY,S&D),
BIRGITE SIPPEL (GERMANY, S&D)

11 FREQUENTLY ASKED QUESTIONS ON THE

TERRORIST FINANCE TRACKING PROGRAM
[“SWIFT AGREEMENT”]

01: Has Council adhered to the Treaty on the Function of the European Union?

02: Does the agreement meet the criteria set by Parliament in its resolution of
17 September 2009?

03: How much data is actually transferred?

04: Does the agreement protect against onward transfers to 3rd countries?

05: Does the agreement meet EU data protection and privacy standards?

06: But there are security gains for the EU from the data transfer?

07: But isn't the agreement provisional anyway? Won't it last only for a nine-
month period?

08: What will happen to terrorist investigations if Parliament withholds its

consent to the agreement?

09: What will happen to transatlantic relations if Parliament withholds its

consent to the agreement?

10: What will happen to EU inter-institutional relations if Parliament withholds

its consent to the agreement?

11: Can we have a better agreement if we start from scratch?

01:
Q: Has Council adhered to the Treaty on the Function of the European Union?
A. No. Article 218 TFEU in the version of 1 December 2009 requires that "Parliament
shall be immediately and fully informed at all stages of the procedure".
First of all, Parliament has not been immediately informed. As you all know, the ratio
of such a duty to inform is a reflection of both the fundamental democratic principle
and of the duty on the institutions to practice mutual sincere cooperation. As the legal
service of Parliament confirmed in its opinion of 2 February, Council has acted "in
breach of the spirit of article 218(6)(a) TFEU" by submitting the Agreement to
Parliament only 5 working days before its provisional application on 1st February and
without having reacted to repeated requests by Parliament to do so since December.
Requests for discussions by MEPs to Council and Commission have also repeatedly
not been answered until a few days ago. Furthermore, because of this extremely late
request for consent and the Agreement already being provisionally applicable, the
Council has deprived Parliament of the possibility of properly exercising its
prerogatives
Secondly, Parliament has not been fully informed. There is still a confidential annex
to the agreement that has not been made available. This Annex designates the
financial transaction providers and therefore is crucial for the scope of the
Agreement. It is also unclear if and how Parliament would be informed if this Annex is
modified in the future.

02:
Q: Does the agreement meet the criteria set by Parliament in its resolution of
17 September 2009?
A: No. The Legal Service of Parliament, the European Data Protection Supervisor
and the Article 29 Data Protection Working Party explain in their opinions that several
criteria ser by Parliament are not met. For example, there is no prior judicial ruling
needed for transfer of data, the definition of "terrorism" is slightly wider than the
established EU definition, the Agreement does not indicate what the retention periods
are and when data will be erased, and there is no legal redress available for EU
citizens in the U.S. against data transfers or possibly serious consequences thereof.

03:
Q: How much data is actually transferred?
A: A lot. Because of the technical set-up of SWIFT, the company can not limit data
searches to specific individuals. In effect, it will have to (and has in the past) transfer
data about all transactions from a certain country on a certain date. There have been
reports that the U.S. Treasury has received up to 25% of all SWIFT transactions,
which number in the billions each year. This is not proportional to the purpose and
also puts the EU at risk of economic espionage.

04:
Q: Does the agreement protect against onward transfers to 3rd countries?
A: No. According to the Legal Service of Parliament, the agreement excludes
transfer of raw data to third countries or agencies, but allows transfer of "leads".
While "leads" is not an established legal term in the EU, this of course will contain
personal information about EU citizens, residents, and their business partners in
other countries. The European Data Protection Supervisor and the Article 29 Working
Party also express their concerns stating that "the sharing of personal data with third
countries is neither clearly defined nor subject to appropriate guarantees".

05:
Q: Does the agreement meet EU data protection and privacy standards?
A. No. The European Data Protection Supervisor and several other Data Protection
Authorities have repeatedly published detailed analyses showing that the Agreement
is very privacy-intrusive, since it interferes with the private life of all Europeans. In
order to justify such privacy-intrusive measures, evidence is needed that such
measures are necessary and proportionate. This evidence is missing. It is not
possible to see any added value of the Agreement since it overlaps with already
existing EU and international instruments in this area.

06:
Q: But there are security gains for the EU from the data transfer?
A: No. That is: financial data are indubitably useful in the fight against terrorism, but
the information can be obtained without the Agreement as well. The confidential
reports by Judge Bruguière have not shown evidence that there has been one case
of terrorism that was prevented or prosecuted based on the financial data alone. The
reports even make false claims by e.g. referring to the German IJU case from 2007.
The German Federal Criminal Police Office (BKA) has publicly confirmed that
financial data was not needed at all in this case.

07:
Q: But isn't the agreement provisional anyway? Won't it last only for a nine-
month period?
A: Not exactly. The data collected through this period and provided to the American
authorities will be under a retention period of 5 years. If extracted for purposes of
judicial investigation, these data will be subject to the retention period foreseen by
American law, which is of up to 90 years (and it has to be said that, due to technical
reasons, the data extracted may include vast amounts of collateral information, for
instance: the data on a country during a given month or year). Also, this so called
interim agreement will establish institutional practices that may prove very hard to
change. It may come that a "permanent" agreement will not be able to change much
from what we have in the interim agreement.

08:
Q: What will happen to terrorist investigations if Parliament withholds its
consent to the agreement?
A: There will be no security gap. The provisional application of the Agreement will
be suspended after 10 days and it will terminate after 30 days. US authorities will still
be able to request data for specific investigations, on the basis of the Mutual Legal
Assistance Agreement (MLAA) and national law. These national laws have
transposed the European Convention on Human Rights, the Charter on Fundamental
Rights, Council of Europe Convention 108 and will therefore have the right level of
protection. The fight against terrorism, including investigation of terrorist related
financial operations, will not stop if Parliament withholds consent.

09:
Q: What will happen to transatlantic relations if Parliament withholds its
consent to the agreement?
A: The U.S. government will be able to negotiate another agreement with the EU in
the future, based on mutual respect and shared values, while respecting the clear
criteria spelled out by Parliament 5 months ago. This will in effect strengthen
Council's negotiation position vis-à-vis the United States and ensure better protection
for EU citizens.

10:
Q: What will happen to EU inter-institutional relations if Parliament withholds
its consent to the agreement?
A: Council and Commission will also make sure that Parliament is immediately and
fully informed in international negotiations in the future. This will in effect ensure that
inter-institutional relations are handled according to Art. 218 TFEU, providing full
democratic legitimacy to future agreements.

11:
Q: Can we have a better agreement if we start from scratch?
A: Yes. During the hearings to new Commissioners, Mrs. Cecilia Malmström and
Mrs. Viviane Reding, dealing with Home Affairs and Fundamental Rights respectively,
gave convincing answers when questioned as to what they would do if they were to
negotiate a new agreement. They persuaded most MEPs that they would have both
the knowledge and the competence to negotiate an agreement that obeys to the
principles of necessity and proportionality in the fight against terrorism, and that
protects the integrity and safety of European financial data.