The original US-EU deal over SWIFT banking data created a European data haven for terrorist transactions, ensuring that European transactions would not be subject to US examination. It appears that the EU has agreed to give the US access to the data that it pulled out of US jurisdiction in the last deal.
This arrangement is being heavily criticized by members of the European Parliament, which is apparently feeling disrespected. Which, for some reason, made me think of this story.
UPDATE:
In my original post, I unfairly conflated the European Commission,
which did the SWIFT deal, with other European officials. Here's the
broader story.
In 2006-2007, SWIFT
was subjected to a bitter European campaign for cooperating with US
measures to identify terrorist financing. The campaign included an
irresponsible Belgian criminal investigation that was ultimately shut
down once the Belgian government had the facts. As a result, an EU-US
deal was negotiated that imposed limits on the US antiterrorism
program. That deal was reached in June 2007.
While the deal resolved the
US-EU diplomatic dispute, that didn't solve the legal problems faced by SWIFT, which was still under
Belgian criminal investigation and being criticized heavily by the
assembled data protection authorities of Europe, a group known as the
Article 29 Working Party.
Pressed
on these fronts, in October of the same year, SWIFT announced that it
had decided to create a separate Swiss operations center that would
handle European transactions. It would not be sending data from this
center through the US, so terrorists were free to conduct intraEuropean
financing transactions free from US scrutiny. This triumph of privacy
doctrine over good sense was hailed by the Article 29 Working Party: "The new
structure foresees by the end of 2009 the creation of a new
operation centre in Switzerland" the group said with evident
satisfaction. "This means personal data in
intra-European transactions will no longer be processed in the US
operating centre." The Belgian data protection authority also cited
the new Swiss center favorably when it announced in early 2008 that SWIFT actually
hadn't broken Belgian law. Coincidence? Nope. SWIFT admitted
that pressure from the data protection authorities was one of them:
"Distributed architecture will improve resilience, add
capacity, control long-term average message costs, and alleviate
European data protection concerns."
In
short, it's pretty clear that SWIFT was forced to create a safe haven
for European terrorist financing, and the pressure came from European
government officials.
But,
to be fair, it wasn't the European Commission that insisted on a Swiss
safe haven, and indeed the whole point of the 2009 agreement was to
mitigate the consequences of the privacy campaigners' insistence on a
safe haven. That is, it restores some US scrutiny of intraEuropean
transactions for indicia of terrorist financing.
On
the one hand, I suppose this could be seen as a good new precedent,
since the European Commission is actually proposing to give the US
access to data located in Europe for antiterror purposes. More realistically, it is the adults on the Commission coming in to clean up a mess left by Europe's privacy bureaucrats, since
at best the deal will restore the status quo ante -- "giving" the US
access to data that it had access to before the privacy agencies
decided to declare SWIFT guilty before trial.
What's remarkable, though not surprising, is that the Commission's action is provoking criticism in the European Parliament.