New PNR agreement  SWIFT (debate) 
President
The next item is the debate on
the oral question by Pervenche Berès, on behalf of the Committee on Economic and Monetary Affairs, and Jean-Marie Cavada, on behalf of the Committee on Civil Liberties, Justice and Home Affairs, to the Council, on the new PNR agreement and SWIFT B6-0001/2007), and
the oral question by Pervenche Berès, on behalf of the Committee on Economic and Monetary Affairs, and Jean-Marie Cavada, on behalf of the Committee on Civil Liberties, Justice and Home Affairs, to the Council, on the new PNR agreement and SWIFT B6-0002/2007).
Günter Gloser
Mr President, Commissioner, honourable Members, we now turn from such fundamentally demanding issues as energy and climate change to discuss another very important matter that has, in the past, demanded your attention here in the European Parliament, and also that of the European Union as a whole not merely on one occasion but repeatedly, and the issue to which I refer is that of the sharing of airline passengers' personal data.
As we all know, following the terrorist attacks on 11 September 2001, the United States enacted legislation according to which airlines running flights into and out of the United States must permit the US authorities electronic access to the data in their automatic reservation and processing systems, the material known as 'passenger name records', and, should the airlines decline to comply, they are threatened with the withdrawal of their landing rights.
I would now like to briefly remind the House of the state of play. In May 2006, the European Court of Justice had, in response to an appeal by your House, declared null and void the Council decision on the agreement between the European Community and the USA relating to the forwarding of passenger data to the US authorities and, likewise, the Commission's decision on the appropriateness of the data protection measures.
The ECJ's fundamental justification for its decision was the European Community's lack of power to conclude any such agreement, since it was not within the sphere of the first pillar. It had nothing to say about the material question of whether the data was sufficiently protected.
As you will be aware, negotiations with the USA on a successor agreement proved to be highly problematic, but it was nevertheless eventually possible to conclude them with an interim agreement due to expire on 3 July this year, which is on the basis of the third pillar and of the USA's undertaking given in respect of data protection, which had already been taken as a basis to the earlier agreement between the European Community and the United States.
At the beginning of January 2007, the Commission made a recommendation to the Council to the effect that it should approve the commencement of negotiations with the USA on a new passenger data agreement that should replace the present interim one. The EU's negotiating mandate for the Council Presidency, which the Commission endorses, was today discussed by COREPER, and the prospect is that the Council will adopt a resolution on the subject and lay down negotiating guidelines in February.
It is likely that the negotiations on a new passenger name record agreement will prove to be extremely difficult, since there is no evidence of any interest on the part of the United States in improving data protection. Indeed, it seems far more likely that they will claim that their undertaking in respect of data protection no longer applies. The conclusion of an agreement is, however, essential in terms of the standard of data protection that is to be guaranteed and in the interests of the European Union, for, in the absence of an agreement, the airlines would be under great pressure to pass on the passenger data in order not to risk losing their right to land in the USA.
The German Presidency of the Council will, with the Commission's support, be pressing for a legally watertight arrangement that secures the protection of data, taking the interests of the passengers and of the airlines into account and maintaining a high level of security, and I would like to stress that it is, in this, taking due account of the positions of your House as expressed in the relevant resolutions of September last year on data protection, on the combating of terrorism, and also on the defence of human rights.
This subject also brings me to speak in response to the oral questions put to me by Mrs Berès and Mr Cavada on the subject of SWIFT. The Council wishes to thank them for their interest in this dossier, in relation to which it has already had the opportunity to answer questions from your House's Members on various occasions. As regards my answers to these questions, I would refer the honourable Members to my statement.
In December 2006, the Council informed the Members that the questions they had raised demanded careful examination; the Council is still engaged in doing this, and its inquiries have not yet been completed. In the remainder of this speech, I shall be endeavouring, on behalf of the Council, to answer the various questions put to me by Members of your House, although all the matters to which I can refer are still subject to the Council's inquiries.
In a speech in July 2006, the Finnish minister for European affairs, as the then President-in-Office of the Council, announced to the plenary that the Council was not at that time able to confirm press reports of an exchange of information between SWIFT and the American authorities. She reminded your House that finding out what had actually happened was a matter for the national authorities, and went on to state that the European Union was then, and would in future be, prepared to act if it turned out that events made legislation at the European level necessary.
As I have already mentioned, the Council and the Commission are currently still engaged in examining every aspect and every issue of potential relevance to this dossier, while also taking the outcomes from the data protection group into consideration. The Presidency is giving thought to how the work on this at Council level might be organised, and will, in so doing, take account of what emerges from the current investigations, but what I can tell you is that no new group has as yet been appointed with this purpose in mind.
Since investigations are still ongoing, the Council is at present unable to answer the question as to whether these matters will impact Regulation 1781 of 15 November 2006 on the information on the payer accompanying transfers of funds. The Council has no knowledge of whether or not the Commission is considering submitting any proposal for the amendment of this Regulation, but I am sure that we will learn that when the Commission makes its statement.
Under the Treaty, it is the Commission's function to monitor the implementation of Community law in the Member States and to take appropriate action as and when a Member State fails to discharge its obligations under EC law.
Reference has also been made to the 'automated targeting system', an American system affecting the transport of freight and persons within the United States and from and into them. Whether data obtained from SWIFT have been fed into this system is one of the questions currently being examined.
When it stated that an international framework for combating terrorism was already in place, the data protection group was referring to the working party on fighting money laundering and the funding of terrorism and the recommendations made by it. The Council believes that good work is being done within this framework, although it has to be said that this group's recommendations are addressed to banks and financial institutions.
While I am on this subject, I would like to stress - speaking on the Council's behalf - that SWIFT cannot be regarded as a financial institution for this working party's purposes and that the Financial Action Task Force framework is therefore not directly applicable, except possibly to certain specific aspects. That concludes the Presidency's statement on behalf of the Council.
Franco Frattini
Vice-President of the Commission. Mr President, I shall begin by addressing PNR. As you all know, the temporary agreement concluded in October with the United States will expire by the end of July this year, in a few months' time. There is therefore the need to negotiate a very solid and stable legal framework which will enable the exchange of PNR data with the United States with full respect of data protection and privacy rights.
As the Presidency of the Council just said, the Commission has recommended to the Council that it authorise the Presidency, assisted by the Commission, to open negotiations on the basis of a set of negotiation directives. I am confident that these recommendations will be examined very soon. I personally strongly hope that by mid-February we will get a negotiating mandate to open this very difficult exercise.
The Commission is recommending to the Council to strive for full respect of fundamental rights, notably the right to privacy. I have said on a number of occasions that the right to privacy is for me non-negotiable. It has to be respected, fully and completely. Legal certainty is also an important element for air-carriers. It must be taken into account, as it has been from the very beginning. As I have already stressed in this Parliament several times, the Commission is committed to continuing to give due consideration to privacy on the one hand and legal security on the other, as they form key principles of this file, without forgetting the importance of preventing and fighting terrorism and related transnational crimes. The negotiations for a new agreement with the United States on PNR data are a key priority for the Commission, and for me personally, and I understand from what the Presidency of the Council just said that it shares this view. I warmly welcome the close cooperation between the Commission and the Council Presidency, which is crucial if we want to succeed, if we want to speak with one voice. On my side, of course, as usual, I will keep Parliament informed as this work progresses. You know very well that, as it was in the past, for me it will be a political commitment, though this document - for example, the negotiating recommendations - once approved will be classified as EU-restricted.
The negotiations will present a real challenge for Europe. It will require imagination; it will require a lot of common effort from all the EU institutions and from the United States as well in order to reach a very robust, solid solution.
To conclude, I would like to see, for example, this Parliament, together with the United States Congress - following the political phases of this very difficult exercise - making, perhaps for the first time, a joint political commitment which would be particularly useful for the ongoing negotiations. However, it is up to you to decide.
(IT) I shall now refer, ladies and gentlemen, to the SWIFT matter, which has also been addressed by the Presidency. You will recall that a few weeks ago, before the Christmas holidays, I informed the Committee on Civil Liberties, Justice and Home Affairs that the SWIFT case needed to be addressed from a European perspective, and I said on that occasion that we would begin an exploratory dialogue with the US authorities in order to address both the general issue of data protection and the specific issues raised by the use of SWIFT data by the US Treasury.
You will probably be aware that these informal, yet important, discussions have already begun. I am in favour of finding a European solution to addressing this issue, a European solution that ought, in my opinion, to include clear rules and precise guarantees, which the US Treasury should endorse and include in its documents. In other words, the two points at stake are, as ever, legal protection for personal data that are transferred and legal certainty for all parties concerned and, I must say, legal certainty for banks, too, for, as the Presidency has clearly highlighted, SWIFT is not a bank.
It is quite clear, then, that when I talk about guarantees from the US authorities, I intend to specify in which circumstances, for what purpose and by whom these data may be known and used. I would say right away that it must be made clear that the purpose is restricted solely to terrorism investigations and thus to preventing the funding of terrorism, so that we avoid the, albeit indirect, risk of such data being misused, for example for economic espionage purposes.
It is also clear that there seems to be a need for a further restriction, and that is to link the use of these data to research on specific individuals who are suspected of terrorist activity. In other words, there should be no non-specific transfers of data without suspects who warrant further investigation having first been identified.
You are aware of the letter that I wrote to all of the Member States in November asking for information about the conditions under which their banks use personal data through SWIFT. Only seven Member States have so far replied to my request for clarification. This is unfortunate, and I will obviously be asking for a reason in certain cases: in the specific case of Italy, for example, it has requested more time to respond. In other cases, there has simply been no response.
From the seven responses that I have actually received - although no general conclusions can be drawn from them because too few Member States have responded - it emerges that banks normally use personal data for the sole purpose of executing payment orders and that they were not informed, in such cases, of the fact that personal data are transferred to the US Treasury by SWIFT. Therefore, the general response given is simply that they are not aware of the fact that someone, namely SWIFT, transfers data after having received it from them. However, it has emerged - but you already knew this - that, in many cases, central banks had been informed precisely by the US Treasury of the transfer of data from SWIFT Europe to SWIFT United States and from SWIFT United States to the US Treasury.
You are aware that actions and further investigations are being carried out by the national data protection authorities with the aim of shedding some light on the issue and of finding out whether, apart from the Belgian case, which is now well known, there are other specific cases in which national data protection authorities can open a file and thus start proceedings. Clearly, as soon as I have some information in this regard, I will pass it on to you, as I have done in the past.
There is a specific question concerning the possibility of applying the Automated Targeting System to SWIFT data. On the basis of the technical explanations given to me, it would appear impossible or highly unlikely for the system in question to have been used for processing SWIFT data, for the simple reason that it is part of the Department of Homeland Security, which relates to the protection of borders and thus to the movement of people passing through the US. It was not surprising that the European Parliament asked about the application of this mechanism to PNR data. SWIFT data are in a totally different category because they come under a different administration, which is the Treasury.
The question submitted also asks whether the Commission is aware of other examples of US authorities requesting data from private parties in this sector. I have no information on that, and so I cannot answer that question. There is no doubt, however, that, while the fight against the funding of terrorism is a vital instrument for preventing terrorism, this fight cannot undermine or limit a fundamental right, such as that of customers to have their personal financial data protected. As you know, one of the violations uncovered by the Belgian authorities and the European Committee for privacy protection is precisely the lack of prior information for customers, which coincides with what the banks said, since they had not been informed of these transfers either.
To conclude, Mr President, ladies and gentlemen, I believe that there are two reasons why we need to work towards a European instrument. Firstly, we cannot limit or destroy our Euro-Atlantic collaboration in relation to the fight against terrorism: that would be a serious mistake, which I believe the European Union should avoid making. Secondly, we must also point out to our American friends that it is in everyone's interests for fundamental rights and the protection of personal data to be scrupulously adhered to. If, by virtue of having a European instrument, we succeed in doing the same thing that we are trying to do with the PNR - even though the two issues are very different, the principle is the same - and find a European solution that prevents differences in treatment between one EU Member State and another in relation to the United States, I believe that it will be possible to strengthen the European Union's negotiating power and to demonstrate at the same time that our aim is to strengthen the Euro-Atlantic link, not to weaken it.
Pervenche Berès 
author. - (FR) Enriched by the lessons of the case of passenger name records (PNR), we should be able to make quicker progress when it comes to SWIFT. I should like, if I may, Mr Gloser, to correct you on one point. I believe that this is the first time we have held a specific debate on SWIFT here in the Chamber, and this is no doubt in the normal course of things, but I do hope this debate will enable us to make progress.
SWIFT is not an undertaking that operates solely in Europe or solely between Europe and the United States. It operates everywhere. To put it simply, after September 11 the nature of relations between SWIFT and the US authorities changed beyond all recognition, and we are now seeing the consequences not only in terms of data protection for the EU but also in terms of the balance that should be struck between data protection, the fight against terrorism, the security of payment systems and protection against economic espionage.
The Commission has acknowledged that there is a problem and has begun to put forward proposals. In a recent letter addressed to Mr Cavada and me, the Central Bank also recognised that the time had come to enter new phases, without going too far in the proposals. This confirmed what it had said to us at the hearing, which, unfortunately, neither the Council nor the Commission saw fit to attend. The Central Bank had told us at the hearing that it bore very little responsibility for what had happened in the case, and the letter partly confirms that view.
Reading the memorandum concluded between SWIFT and the US Treasury in April 2004, it is very clear that there was awareness of the data protection issues involved in the manner in which SWIFT transferred information to the US Treasury. Just as a train driver bears some responsibility for his train and the post office bears some responsibility for what it carries, SWIFT must bear some responsibility for the data it passes on.
The key point here, following the hearing held jointly by the Committee on Economic and Monetary Affairs and the Committee on Civil Liberties, Justice and Home Affairs last October, is the briefing of the 'Article 29' working group which, on 22 November 2006, clearly confirmed our concerns, namely that, in the SWIFT case, data that should manifestly not have been concealed from the US authorities had in fact been concealed and that, accordingly, the 1995 Directive had not been complied with.
We should like to thank the Commissioner for taking the initiative of calling on the Member States to rectify, without delay, the issue of non-compliance with the 1995 Directive, but, as he himself also said, the results up to now have been quite poor. The European Central Bank, for its part, has heeded the lesson that it should demand customer consent. That remains a very prudent thing do.
As regards this last question, there are two points we must raise. The first is the nature of transatlantic relations and the manner in which data are used in something of a spirit of free, unbridled competition on the US side, and, on the European side - we have experience of this in the Committee on Economic and Monetary Affairs - sometimes with a degree of naivety.
One would like to think that these data are used solely for the purposes of combating terrorism. We dare to hope so, but we have no proof. Commissioner, Mr President-in-Office of the Council, if there is a message that, I believe, Parliament would like to convey to you when you hold talks with the Americans on the issue, it is that the purpose of the talks must not be to validate the current state of affairs as regards the transfer of data via SWIFT. It should be to ensure that the level of data protection and the concept of data protection itself that we have here in the EU are respected and accepted. Everything leads me to think that the task facing us in this area is a tough one, but you can count on Parliament's unwavering support.
Just one more minute, Mr President, to address the last aspect, which is the issue of the status of SWIFT. As SWIFT is a Belgian company, we are always being referred back to the Belgian State. That being said, the fact that SWIFT is a Belgian company is because we are in a legal vacuum. It is clear that SWIFT is doing a job that should really be done by a European-level body, overseen by a European supervisory body. I believe that in this area too, Commissioner, Mr President-in-Office of the Council, you need to proceed on the basis of new information. Parliament is once again ready to discuss this matter, but we cannot accept the current state of the debate.
Jean-Marie Cavada 
author. - (FR) Mr President, there is an expression in French to describe the surreal confusion of an institution when it finds itself faced with an unexpected situation. We say that it behaves 'comme une poule qui a trouvé un révolver [like a chicken that has found a revolver]'.
Frankly, Mr Gloser, without wishing to underestimate you, the least we can say is that your position on this matter is extremely disappointing. I therefore feel entitled to remind you that your mandate is to defend European sovereignty, something of which I have seen little sign so far. As you will have appreciated, we are therefore disappointed and above all worried.
I will talk firstly about PNR data. In a few month's time, as we know, as you have said and as Mr Frattini has pointed out, the interim agreement on air passenger data will expire. We have no clear information on how it is working. I would also like to point out that when the previous agreement was annulled by the Court, it was based on an assessment of the adequacy of data protection in the United States. This is not the case with the agreement in force, however, even though this assessment is required by the protocol to Convention 108 of the Council of Europe, which is binding on the Member States and hence directly, or at least indirectly, on the European institutions. Having a dubious basis, the agreement has not so far been properly implemented, since the data transmission system that should have been in operation since 2004, the 'push' system, is not yet operational, and that is despite the announcements made, most notably last September.
In a spirit of cooperation, I would like to ask certain questions publicly. Firstly, I wonder whether the Commission should have applied more pressure in order to ensure that the 'push' system was implemented by the airlines and electronic reservation centres that it monitors. Secondly, I wonder whether effective information for air passengers should have been demanded with regard to the use of their personal data for security purposes, in the same way that information campaigns have been carried out on rights in the event of delays or flight cancellations, for example.
For our part, with regard to this dossier, we are awaiting clarification from the Commission and, above all, from the US authorities on a number of points. I shall mention two of these. First of all, we do not understand why, in order to fight terrorism and organised crime, it should be necessary to have all thirty-four pieces of data listed in the PNR and not just the nineteen pieces of data that Parliament and the data protection authorities had deemed sufficient for that purpose.
Secondly, how can it be that European citizens and passengers could have been classified as dangerous for years, unbeknownst to them, without us demanding anything in return?
I shall now turn to the SWIFT system. This second issue is even more delicate and it concerns the American authorities' access to data relating to financial transfers. My fellow Members have already dealt with a number of points. I shall therefore just express the views of the Committee on Civil Liberties, Justice and Home Affairs. At stake here is the protection of our citizens' fundamental rights and the credibility of our partnership with the United States. It is really incomprehensible that no reciprocal arrangements have been proposed in order to negotiate with a partner, even if it is a friend. Will we one day act in the same way with another partner to the east of our borders, Russia? I would therefore like to say that European sovereignty is not being respected.
In agreement with the political groups, therefore, I have taken the initiative to invite the competent committees of the American Congress and I am awaiting a response.
(The President asked the speaker to conclude)
I understand perfectly well that Parliament's timing is extremely important, and since I am confident that my colleagues will say everything else that needs to be said, I will stop there. I have said the most important things I wanted to say. I honestly thought that I had five minutes.
President
I am of course very sorry, Mr Cavada, but unfortunately, when we organise our parliamentary business, it is essential to abide by speaking times in general so that we can proceed, especially in the case of 'mini-sessions', when times are accordingly short.
Mihael Brejc
The Group of the European People's Party (Christian Democrats) and European Democrats is working towards consistent compliance with the acquis communitaire and all the documents that uphold the values of European civilisation and protect the freedom and personal integrity of each individual. We are opposed to any unlawful conduct which restricts such freedoms and works against the individual.
We recognise, however, that protecting peace and security also imposes certain constraints. For this reason we believe that any intrusion into personal privacy should be kept to a minimum and be conducted on a legal basis. On the basis of the documents that are available to us, there is a well-founded suspicion that access to the data held in the SWIFT System could represent an illegal intrusion into personal privacy. So, please allow me to put to you the following questions:
First, I would like a detailed answer as to which data held in the SWIFT System are available to the US authorities and which data are they entitled to access on that basis?
Second, do the US authorities have access to all the transactions carried out in SWIFT branches in the USA, and can they, through these or other SWIFT branches, also gain access to transactions carried out outside the USA?
Third, I would like to ask the Commission, the Council and the European Personal Data Ombudsman whether accessing the data held in the SWIFT System represents a violation of the provisions on data protection and, consequently, an illegal intrusion into personal privacy.
Fourth, at the October hearing we did not get any convincing or sufficiently clear answers on the competence of institutions with respect to SWIFT. So I would like to ask who is actually competent to rule on the SWIFT issue and on what legal basis?
And fifth, I am interested in the principles underpinning our negotiating platform with the USA on these issues and whether, within that framework, we will also learn how the US authorities make use of the data obtained and what dangers are involved in data leaks and abuses.
Mr Coelho will address the PNR issue. Thank you.
Martine Roure
on behalf of the PSE Group. - (FR) Mr President, the controversy surrounding the transmission of personal and banking data by SWIFT to the US law enforcement authorities and the judgment on the EU/US agreement regarding PNR data have demonstrated the urgent need to draw up a global framework for the transmission and protection of personal data within the context of trans-Atlantic relations.
Europe understands the United States' increased need for security and we want to enhance our cooperation with our American partners with a view to fighting terrorism effectively. Having said that, it is also essential to deal with the protection of fundamental rights and privacy within the framework of trans-Atlantic dialogue. We are in favour of reaching a new PNR agreement, but it must be respectful of fundamental rights and provide guarantees on the protection of European citizens' privacy. That is why we want the Commission to communicate to us the details of the proposed mandate for the negotiation of this new agreement. The European Parliament must be fully involved in this process.
Could you also provide us with more information on the work of the high-level working group on the sharing and protection of data? We would also like to know about the priority proposals recently put forward by our American partners.
With regard to SWIFT, the Belgian data protection authorities and the 'Article 29' Working Group believe that this transmission represents a violation of the Belgian and European rules on the protection of personal data. So far, no concrete solution has been proposed to put an end to this violation. All of the actors involved agree that it is urgent that a European solution be found, a solution that is respectful of fundamental rights and which companies can implement properly. The European institutions must ensure that the payment system in the European Union, provided by SWIFT, complies with the Community legislation on data protection.
We would therefore ask the Council and the Commission what measures have been taken to resolve this problem. Are there plans to negotiate an international agreement, similar to the PNR agreement? You tell us that the Commission has held a dialogue with the American Treasury department with a view to finding a solution. Can you tell us what solutions have been studied? Furthermore, at our last debate on the same subject, you informed us, Mr Frattini, that a questionnaire would be sent to the Member States in order obtain all possible information on this transfer of information. Have you really received all of the necessary replies and how are you going to follow up on that questionnaire?
Furthermore, in 2006, within the codecision procedure, Parliament adopted its Alvaro report on the regulation stipulating the personal data that must accompany transfers of funds and under what conditions. The transfer to a third country of banking data that does not have a specific link with that country clearly falls outside of the scope of the regulation and may represent a breach of the fundamental principles of data protection.
For the same reason, given that the transfer of the SWIFT data does not just involve data relating to transactions between Europe and the United States, but also data relating to transactions within the European Union, it would appear to be clear that this issue belongs in the first pillar. An agreement pursuant to Articles 24 and 38 of the European Union Treaty would not be an appropriate solution. We cannot accept an agreement to legalise current violations on a case by case basis. SWIFT has no legal obligation to use a mirror site in the United States. Would it not be possible to find a solution in another country in order to move that mirror site to one that contains European data, as the 'Article 29' Working Group suggested?
Finally, SWIFT, PNR, and also the Automated Targeting System, ATS, and perhaps in the future telephone data, demonstrate that the exchange of information is intensifying and the urgent need to draw up a common framework for protecting the privacy of European citizens. Do you not believe that the European Union should take a global approach to these issues, in order to establish general principles for the transmission and protection of data with our American partners.
Sophia in 't Veld
on behalf of the ALDE Group. - Mr President, I am always very touched when I hear how attached the Council and the Commission are to involving Parliament, because it is indeed true that in the area of counter-terrorism policies, the decision-making is profoundly undemocratic because it totally excludes the European Parliament, and national parliaments are only very partially involved.
Therefore I would have a solution to offer you, and that is not just to make solemn pledges here before the House, but to actually consult Parliament on a voluntary basis on the mandate for negotiations on PNR and SWIFT, because that would not only lend democratic legitimacy to such a mandate: it would also actually strengthen your negotiating position, because frankly, although I have a high appreciation for the officials who do the actual negotiations, I think matters of such importance should have a political mandate.
Secondly, I fully agree with the remarks made by Mrs Roure on the need for global standards on data protection. People who think that we are anti-American are wrong. I have actually seen how attached the Americans are to their privacy laws, which are very good, and how critical they are when the public authorities do not respect the rules on privacy. So I think we should take their critical attitude as an example.
I would like to know if Commission and Council are aware of other categories of data being accessed by the US authorities, not only passenger data and SWIFT data, but also, for example, telecommunications records and insurance company or social security records, and if not by the US authorities, by other countries. If you are not aware of this, maybe you should start investigating.
With regard to PNR, SWIFT and ATS, I will not repeat here all the expectations that we have of the PNR negotiating mandate. That has been said already. But I would like to know why the Commission and the Council did not bother to insist on a second joint evaluation of the implementation of the PNR agreement before agreeing on a new negotiating mandate. Would it not make sense to first evaluate how this one works and how effective it has been before we start talking about the next one?
I would also like to know what the state of play is with regard to the switch from push to pull, which was scheduled for December 2005, then for December 2006. It is now January 2007. Where are we on this point?
I would also like to know what the state of play is with regard to information to passengers. I have been travelling myself lately and I could not get any information on the matter.
I would also like to know on what basis the European Commission will actually be negotiating an agreement on SWIFT.
Finally, with regard to ATS, you get a letter from the Department of Homeland Security saying, 'Do not worry, we comply with the PNR agreement as we understand it'. I am not a lawyer, but I think that is rather a funny formulation. It does not reassure me and I would like further reassurances about profiling and data-mining. Does it take place? I should like to know about the discrepancy with regard to storage periods and about purpose limitation. What other data are being fed into this and what are the exceptions as regards the privacy act?
Mario Borghezio
Mr President, ladies and gentlemen, this extensive legal-political debate involves the fundamental issue of European sovereignty, as the chairman of the Committee on Civil Liberties, Justice and Home Affairs has also rightly pointed out. Consequently, there is a factor that has not yet been referred to that should not be left out, which is the statements made by the highest US authorities; I do not think they have been challenged, but they are worth mentioning.
The SWIFT system, which we are analysing in relation to European law, has certainly had the merit of cutting short some atrocious terrorist initiatives; it has made it possible to uncover or has helped to identify the perpetrators of the London bombings in July 2005; and it has at least led to the capture of key players, such as the terrorist Hambali, who seems to have been the brains behind the Bali bombing in October 2002. It should certainly also be said that the publicity surrounding this procedure has, in all likelihood, led many terrorists to give up using such methods.
On the other hand, it is undeniable that, when the SWIFT society was faced with a contract involving both European law and US law, it confined itself to negotiating data protection mechanisms with the US Treasury Department without obtaining further safeguards.
This is a problem that must be addressed, as is the problem of the European Central Bank's role and responsibility. The ECB had been informed about the issue right from the start, and it played a leading role in this instrument - I shall not go into the matter of its transparency. Before the Committee on Civil Liberties, the ECB, through its president, Mr Trichet, sheltered behind the confidentiality agreement among the ten banks and also claimed that it had not been able to give SWIFT its blessing because that was not within its power.
What, then, we wonder, are the powers of the ECB if it does not have power in a situation like this one? This is a very important point, and I think we will have to thoroughly re-examine the ECB and its transparency.
Kathalijne Maria Buitenweg
on behalf of the Verts/ALE Group. - (NL) Mr President, ladies and gentlemen, Mrs in 't Veld may be unwell physically, she is still in excellent form verbally. That being so, I should like to carry on where she left off.
I still feel that we are very much running behind the facts. When it became evident that the United States collected credit card data, as well as other personal data from our passengers, it was a scandal, and we as MEPs wanted a regulation in place, and in most cases, the governments did not want anything, except that if rules were broken, they wanted this to be done quietly; eventually they were forced into a form of action. With SWIFT, we saw a repeat of past events: the government mounted a low-level investigation, which will hopefully culminate in some sort of action, and the question is indeed: are we now entirely convinced that this is it? The Commission is quite clear-cut when it says that although it is not in any event aware of any developments, it does not rule them out either. I should like a response from the Council to this. Do you consider it conceivable and what will you do now to know for certain? We are always saying that we are partners with the United States, which is true, for that is what we are, and we have a great deal of work to do. This also means, though, that you are entitled to know what your friends are getting up to. I would therefore like to find out from the Council how it intends to address the issue in order to know exactly what data are being collected of our citizens in all kinds of areas.
According to the Council, it is hard to conclude a fresh agreement, because the United States is not so keen on this data protection. There is, however, a limit to the level of blackmail we are willing to accept. You cannot say that we have to reach agreement, at any cost, if at a given moment in time, the price we need to pay is too high. It could, in fact, be quite funny, once we have sunk as low as we can, to draw the line at some point. This may imperil the landing rights, but will, at the same time mobilise quite a bit of opposition, including in the United States, because it is true that although the US administration would very much like to force this through, there is much support for our position among the parliamentarians.
Sylvia-Yvonne Kaufmann
on behalf of the GUE/NGL Group. - (DE) Mr President, Mr Gloser, Mr Frattini, I have to say how astonished I am that, in your remarks about the PNR negotiations, you made no mention of the Automatic Targeting System (ATS).
I, for my part, wonder how it can have come about that a system like ATS, which was originally designed and implemented for freight, could, for years, have been used, in conjunction with PNR data, for passengers, and this without anyone knowing.
While we have been negotiating agreements with the United States in order to guarantee the protection of our citizens' fundamental rights, a system such as this has, at the same time, been operating behind the scenes. The USA now assures us that ATS is compatible with the present, as well the previous, PNR agreements. That being said, I want to state very clearly that assurances of this kind are not enough for me. For me, it is not obvious how 40 years' data storage using the ATS system is compatible with the PNR Agreement.
There is also the fact that ATS can apparently be used for any old purpose. How, then, can this be compatible with the obligations under the PNR Agreement, whereby PNR data is only allowed to be used for the purpose of combating terrorism and other serious crimes?
We have not so far received any convincing answers to any of these questions, any more than we have to the question of why the ATS system was kept secret at all. How, during the negotiations for the PNR Agreement, could the United States conceal such essential information from its partner? One would probably be justified in asking how it might be guaranteed that there are no further ATS-style systems that we simply know nothing about.
With regard to the new PNR Agreement, I should expressly like to support what my fellow Member, Mr Cavada, said, namely that the number of transferable items of information about airline passengers needs to be significantly reduced. It must be guaranteed that the US customs and border protection authorities are not just passing on data willy-nilly to any old authority involved in the fight against terrorism.
What is more, we must, as the European Union, insist that European citizens be given the same opportunities for safeguarding their rights as are American citizens.
Philip Claeys
on behalf of the ITS Group. - (NL) Mr President, I should like to take a stand against the black and white terms in which this debate is all too often held. It also appears, some of the time, that the United States is an enemy instead of an ally in the fight against terrorism. One may well deny it, but just about every measure that has been taken has come under fire from this House.
It is, of course, the case that the SWIFT case evokes a number of justified questions, which Members from various groups have already asked. Where, for example, do you draw the line between tracking down terrorists and respecting fundamental rights? It is a question, in fact, that has also been put to the American Congress.
In the final analysis, the fight against terror is largely related to risk analysis, the calculation of probability, in other words. The processing of commercial data on top of personal data pure and simple can make a useful contribution in this respect. What we must do, though, is to put guarantees in place to prevent misuse. For example, among other things, this House must monitor the functioning of the system, as well as the algorithms that are used which, moreover, have to be highly confidential; sanctions must be put in place in the case of misuse; the information obtained may be used only for the purpose of combating terrorism, and there must be a call centre where complaints from the public can be handled.
It goes without saying that this requires a great deal of consultation with the United States. A clear legal framework is needed, and, in creating one, all partners must be open to fresh ideas and new techniques.
Carlos Coelho
(PT) I should like to begin by saying that I see the United States of America not as an enemy but as a friend and partner in shared fights. Of course, in our shared fights we must pay particular attention to combating terrorism, but it is also important to mention that, in some of these fights, the US Administration has at times gone too far, both at internal and international levels, and I am chairing a European parliamentary committee to look into some of these excesses on the international stage.
It should also be noted that the US Congress has undergone a shift of balance, which has led the US Administration to pull back from implementing some of its more controversial plans at internal level, and I hope that this will have an effect at external level, too. This, to my mind, means that the USA is clawing back its good record of placing the emphasis on civil liberties, which is a good thing.
Mr Frattini has reminded us that the demands of security must not undermine the values of essential freedoms and in particular data protection, and Mr Cavada rightly pointed out that the amount of data requested is excessive. Does Parliament want to know what data is involved? Who can have access to it? How can we ensure that objectives are limited and that data are not used for other purposes? With whom can they be shared? For what length of time can they be kept? Then there is the issue of the push system, as mentioned by previous speakers, and the question of people's rights to appeal in the event of the misuse of their personal data.
Previous speakers have said that, if we in Europe offer US citizens the same level of personal data protection that we offer European citizens under the principle of reciprocity, we are legitimately entitled to claim the same, namely that European citizens in the USA should enjoy the same level of data protection as that offered to US citizens.
Stavros Lambrinidis
(EL) Mr President, the debate on the PNR agreement - SWIFT and secret CIA abductions and flights unfortunately highlights a philosophical divide between America and Europe. The US Government considers that the fight against terrorism warrants any means. Europe does not. However, the recent elections in the USA now give the European Union the chance to negotiate a new PNR agreement from a different position of strength, with many more allies among the people of America and Congress itself. Let us hope it will do so.
In order to achieve the objective of an agreement which protects fundamental rights, it must, inter alia:
Firstly, insist that the USA makes an explicit undertaking to provide full and effective personal data protection, as opposed to the current, unacceptable practice of a non-binding and unsatisfactory protocol.
Secondly, restrict the number of data items currently transmitted to the USA, many of which have little to do with the legitimate objective of identifying terrorist suspects.
Thirdly, ban the use of data for purposes unrelated to the fight against terrorism.
Fourthly, expressly stipulate and limit the US departments which will be entitled to access data.
Fifthly, ban at long last the right of direct access in the USA to airline company files. We must bring this saga to an end.
Sixthly and finally, make provision for the European Commission and the European Parliament to have the facility for constant, direct and effective control of the strict application of the USA's obligations and to stop immediately any investigation that infringes the intended purpose. We have even been told by a private company, by SWIFT, that they demanded and achieved this in its negotiations with the USA. There is no excuse for twenty-seven European prime ministers to be unable to negotiate and achieve this. If they do not, it will be a question not of 'I could not' but of 'I would not' and we shall all rightly judge them at that point.
Wolf Klinz
(DE) Mr President, ladies and gentlemen, data protection has high status in the EU. It was therefore a shock for us to learn from the media - and from the American media at that - that, despite the data protection requirements documented in all the EU Member States, SWIFT was prepared to give in to pressure from the United States and to forward data concerning European citizens to Washington. This happened without the knowledge, never mind the agreement, of the European Parliament, the national parliaments or the individuals concerned.
To date, we have not been able to examine the memorandum of understanding between SWIFT and the United States that forms the basis for transferring the data. We can only hope that the data has in actual fact been used only for the purposes of combating terrorism and not, for example, for economic espionage. We do not to date have any confirmation of this. We all support, and appreciate the need for, determination in fighting terrorism. However, individuals' fundamental rights must be safeguarded. Emphatically, the fight against terrorism must not be conducted to the detriment of basic civil rights and the right to data protection.
That is a particular concern of the Group of the Alliance of Liberals and Democrats for Europe too, and that is why we requested a hearing on this issue. It did not surprise us that the Americans, who were also invited, stayed away from the hearing without saying why.
We welcome the prompt and thorough investigation by the Belgians, who have come to the clear view that a violation of rights or, as Commissioner Frattini put it, a criminal offence has taken place. Incidentally, the people responsible at SWIFT either knew, or at least suspected and feared, this from the beginning, and they have indirectly informed us that they did so.
The failure of corporate governance at SWIFT is still incomprehensible to me. The supervisory bodies were informed, but did nothing to enlighten people as to what was happening or to tell the governments about it. With the best will in the world, that is no way to treat politically mature citizens. People's confidence in the EU as a legal community has been badly damaged. The SWIFT case is leading to an increase in Euroscepticism in the population, and it will be difficult to win back the confidence that has been lost.
I would ask the Council and the Commission to conclude the careful inquiry, of which Mr Gloser has spoken, as quickly as possible and to present practical proposals as to how the rights of European citizens might be enforced in respect of the United States too. You should show people that you are not kow-towing to the United States but take the European Union seriously as a community of values and courageously defend it in relation to major partners too, and precisely because they are friends rather than enemies.
Ryszard Czarnecki
(PL) Mr President, the European Parliament was quite right to become fully involved in monitoring the routine transfer of European Union citizens' personal data to the United States. Control by the European Parliament is acceptable. Refusal to transfer data is not. It seems that data transfer can be justified on the grounds of the terrorist threat, posed mainly by Islamic extremists. Nonetheless, such a threat cannot be perceived and exploited as a good pretext for the uncontrolled and unrestrained restriction of citizens' rights. We must not become extremists ourselves. We must not retreat from the front line of the war against terror under the banner of citizens' rights. On the other hand, we need to control those who would like to control us in the interests of that war. I refer to the monitoring our flights, financial affairs and privacy. If the justifiable war against global terrorism is not to transform into a dictatorship and a war against citizens' freedoms, it must itself be subject to strict scrutiny by the European Parliament.
Cem Özdemir
(DE) Mr President, we need a thorough assessment in the run-up to an agreement. Central to this will be the issue of the effectiveness not only of the present agreement, but also of the previous one. This question must be answered before we can make further progress in this matter.
Any future agreement must be based on the push system. The pull system is no longer acceptable, since, as is well known, the push system ought already to have been introduced in the previous agreement. The transfer of passenger data needs to be strictly limited in terms of the purposes for which such data is used. Otherwise, we cannot contemplate such a regulation.
The future agreement must also be given full democratic legitimacy, a process that should involve the European Parliament and, if appropriate, the national parliaments.
We also need an annual evaluation as a necessary component of any agreement, and the evaluation reports must be publicly accessible. Clearly, the rules governing personal data need urgently to be protected under the third pillar, as do global standards covering all the categories of personal data.
Alexander Radwan
(DE) Mr President, ladies and gentlemen, I very well remember the statements by Chancellor Merkel in Strasbourg, in which she rightly spoke of European values and also about our need to get across to people, and make it clear to them, what Europe's strong points are.
Mr Gloser, this would appear to be a case in which we should explain to people that the European Union helps them safeguard their rights. We are not concerned in this instance with the issue of combating terrorism. There is consensus in this House on that matter, and it does not need to be discussed. Where, however, do we stand, then, in this debate? We began by discussing airline passenger data, and now we come on to SWIFT. In view of the speed with which the Council debate is currently being conducted, it is to be feared that, over the next few years, we may possibly have further SWIFTs to contend with, but we still have not made further progress.
In the meantime, we have a situation in which, under pressure from the United States, a European company signs a memorandum of understanding with the Americans, which Europeans are unable to scrutinise. Moreover, SWIFT still does not even have a registered office in the United States, but only a data bank. That is sufficient for American regulators to be able to take SWIFT to task in Belgium. This is like a running theme. There is more and more American regulation of European affairs, appropriated by the United States without we Europeans managing to adopt corresponding countermeasures and to monitor the effects of these.
I would therefore, bearing in mind that Germany does not only have the Presidency of the European Council but also chairs the G7, urge the Commission to take an active stance in this area and, as well as investigating matters, to resolve one issue: how, on the basis of our common values and while adhering to data protection requirements and safeguarding human dignity, are we to join together in combating terrorism?
Michael Cashman
Mr President, of course the reality of this is that on PNR, the Americans are setting a negotiation bar for conditions of entry into the US or into their airspace. That is the reality. They can set the bar as high as they like. We have citizens who wish to travel and businesses who want to work there. That is the reality.
The reality on SWIFT is that we had an institution, not I believe the only institution, that was dealing with a conflict of jurisdictions, operating and holding data in the US and equally in the EU. It had subpoenas which it legally had to meet in the United States of America and that was where we had the conflict. SWIFT, I believe, has actually operated and negotiated an excellent memorandum of understanding.
We can either come into politics to name, shame, moan and whinge, or to try and solve a problem. I came in for the latter. Therefore I believe, Commissioner Frattini, you are absolutely right. We need legal certainty for EU citizens, for EU businesses operating outside the EU and with offices outside the EU as well as within, and in which they hold data. We need a joint political commitment of Congress and this Parliament working across the transatlantic divide to fight the threat of terrorism which affects us all, and indeed we need to protect above all our fundamental rights and freedoms.
Therefore I welcome the joint meeting of this House and US elected representatives so that we can reach an agreement.
Finally, this will only be achieved by decisive action at Council level, not just at Commission level. I welcome the excellent suggestion of the previous speaker of bringing this up at the G7.
Let us solve the problem; let us not moan about it.
Adina-Ioana Vălean
Mr President, I should like to thank the Commissioner and the President-in-Office for being present at this very important debate. We have heard that maintaining good cooperation with the US was crucial in our fight against terrorism. I do not deny that. I even believe that the transatlantic relationship must be reinforced because terrorism is a global phenomenon. We must join forces to fight it efficiently by exchanging information and providing our law enforcement agencies with the necessary means. Our citizens have the right to live in a safe and secure place. However, the SWIFT case is showing us again the drifts arising if we do not ensure strict safeguards when exchanging information. There is a correct balance to be struck between freedom and security, and in this case, security has once again prevailed. You cannot combat terrorism by giving up the very rights that terrorism seeks to destroy. Our high standards must not be lowered under pressure from any third country, even from our closest partners.
It is even more important that many of the new Member States have a long history of dictatorship and mass surveillance of their population. Unfortunately, in some of these countries, there is a perception that the illicit practices of the past are still carried on. That is why Europe must remain the defender of fundamental rights, and that includes the right to privacy. On the one hand we need a framework decision on data protection in the third pillar to ensure high standards in police and judicial cooperation. We have been waiting for it for too long now. On the other hand, we must also remain vigilant and ensure that the existing instruments are properly enforced in our own countries. We must prosecute those who infringe our basic rights to privacy. We need to reassure our citizens that we want to maintain high standards in Europe.
Piia-Noora Kauppi
Mr President, as my colleagues have said before, this is not a debate about the shape of the transatlantic relations. Everyone in this House should know that the United States is our strongest ally in the fight against terrorism. But this does not change the fact that if we are partners it makes it easier for us to stand firm and really defend our values and our laws.
I can only echo what my PPE colleagues - especially Mr Radwan - have said: in order for us to really safeguard the respect of the European regulatory framework, we need full information from the Commission and Council on the information that is delivered to the US authorities and how this information is protected by the US authorities. We have to start to negotiate and get an agreement on information exchange which is on a viable basis and which respects the EU laws. If this does not happen, we have to immediately stop delivering any kind of information to the US authorities.
Even after the ECB's response, I am quite puzzled as to what the role and the responsibility of the ECB is in this case. The ECB itself is subject to the data privacy requirements of EU law, but it does not seem to take any responsibility for what it might have in this information exchange.
I also understand that there is a clear need for the US to track down information on international bank transfers that might have a link to terrorist financing, but these details have a link to other kinds of financing. Our European businesses, especially, might be at risk if we do not act and stand firm. The information that will be given should always be in line with our legislation and protect our citizens and European businesses.
The national financial transfers contain such delicate information that this is really an issue which should be taken seriously by the Commission and by the Council, this Parliament and the US Congress.
Ulrich Stockmann
(DE) Mr President, Mr Gloser, Commissioner, the Presidency-in-Office of the Council should, in my view, observe the following guidelines in its current negotiations with the United States on the transfer of airline passenger data.
Firstly, it is through a proportionate approach that an appropriate level of security will be achieved, and that approach is not apparent in the case of the current agreements. Such an approach depends - and this is my second point - on implementing compliance with normal European data protection standards, and that in my view involves changing the status quo, mainly through reducing the quantity of behaviour-related data. Where switching over to the push system is concerned, Austrian Airlines has, to my knowledge, operated this system from the beginning - successfully, too. The system involves having a clearly defined framework for using the data, a limit on the period for which the data is stored and, not least, the ability to lodge a complaint in the event of data being misused.
Mr Gloser, you rightly said that we need legal certainty as quickly as possible for European airlines. As a politician involved in transport issues, I can only concur with that. Given that the transfer of data really is about making progress in combating terrorism, it has an international dimension, and we no doubt also need international agreements with internationally binding data protection rules. These are what we should be negotiating towards.
We must always be concerned to uphold our right to freedom of movement, which can only be achieved in an open society in which people can move about freely without falling under general suspicion. It would be unacceptable to us as Members of the European Parliament if the principle of equality were to be violated and if different levels of data protection were to apply to US citizens, on the one hand, and to non-Americans, on the other. I have confidence in the determination of the German Presidency of the Council as it conducts the negotiations. I know that these will not be a simple matter.
Alexander Alvaro
(DE) Mr President, Mr Gloser, Commissioner, the fact that you have heard the same refrain right across the political groups should, I believe, give you pause for thought. The message is that we do of course need a transatlantic partnership and that we are allies in the fight against terrorism. Not only the refrain, but even the verse was the same across the board, namely that credibility, confidence and transparency are necessary where these issues are concerned.
Let us begin with credibility. I still remember very well how, in his last speech in this House, the Commissioner particularly praised the data protection aspects of the agreement. I do not believe that such praise is compatible with the rights that we should have from the point of view of data protection law. Where the transfer of airline passenger data is concerned, there is no duty to provide information, and the individuals concerned have no right to correct the data. What, moreover, has happened to credibility when you call the conversations you are conducting with the United States 'negotiations'? You are standing with your back to the wall and with a pistol pointing at your chest. The United States is threatening no longer to allow aircraft to land, and none of the European Union's institutions has the backbone to say that, in all good faith, we shall not allow ourselves to be treated like that.
Credibility is undermined by our hearing again and again that Parliament is to be involved. If you are serious about that, then include us around the table and, in so doing, show us that you mean what you say.
Turning now to the subject of transparency, which European citizens are aware that, when they board an aircraft, 34 items of data, including information about what they have to eat and where they sit, are transferred? None do. I have discussed this very question with citizens in a broadcast. No one knows that this is what happens when he or she boards an aircraft.
We are on your side, so involve us instead of just fobbing us off.
Frieda Brepoels
(NL) Mr President, ladies and gentlemen, the SWIFT debate very clearly fits within the wider discussion on the high-wire balancing act between the fight against terrorism on the one hand and the protection of fundamental human rights and privacy on the other. Not only, though, is there a clear dividing line between the European and American positions, we cannot even seem to agree on a common definition for terrorism. The Commissioner has indicated on this platform how he would like to develop a European instrument for the future that would meet these requirements, but that is something that cannot, of course, be done overnight. We are, indeed, left with the situation from the past and present, something about which I have quite a few questions. To this day, data are being passed on, as if there was nothing wrong, within the SWIFT dossier. The conclusions of the reports from both the Belgian privacy committee and the European Committee are clear and unanimous: the Belgian and European rules on data protection have clearly been flouted. In view of the fact that the Belgian courts have now decided not to prosecute SWIFT, and the Belgian Government cannot see any point in continuing those illegal practices, I should like to ask what Europe's response to this is. Will the Commission now start an infringement procedure against Belgium? If so, when will this be decided? If not, what does the Commission intend to do to ensure that the European privacy rules are respected hic et nunc in all Member States, including Belgium?
Finally, at the Council of 15 December, the SWIFT case was also raised by the Belgian Prime Minister who argued in favour of a European approach. Although I understand from the presidency that the inquiry is still underway, I have a very straightforward question: are the Council, and hence all the Member States, behind the idea of regulating this issue by means of a European instrument?
Sarah Ludford
Mr President, I do not doubt Commissioner Frattini's own personal good faith and commitment to data protection. But I think the Commission, as well as the Council, are being as feeble about SWIFT privacy abuses as they have been over PNR over the last four years. This is European data, belonging to European citizens, made available for commercial purposes in Europe under the protection of European data protection law. But despite the persistent and insistent demands of MEPs, the EU, in the less than robust hands of the Council and Commission, has allowed a large degree of US extra-territorial jurisdiction. In any global framework for exchange of mass commercial data for security purposes, the EU must forcefully project its own laws and principles.
Commissioner, you say that it is 'unlikely' that SWIFT data have been used in the automated targeting system, which is a profiling exercise assigning a risk score to each individual based on assumptions - and no doubt stereotypes - deriving from their behaviour and characteristics. But why do you not know categorically, yes or no, whether SWIFT data has been used in ATS? In relation to PNR, you accept the Department of Homeland Security's assurance that the use of PNR data for profiling complies with the undertakings of the PNR agreement. But do you agree with the DHS assessment? Yes or no? The lack of clear answers is undermining trust, and I think that we are owed those clear answers as to the Commission's legal evaluation.
Corien Wortmann-Kool
(NL) Mr President, Commissioner Frattini, you did not beat about the bush when you made your commitment to the negotiations known. Full compliance with the fundamental rights, including privacy, there is no room for any misunderstanding here, and we will keep you to this pledge. There is, then, little point in 780 MEPs sitting where the negotiators should be; it would not work. That does, however, mean that the Council must be ambitious in its negotiations, instead of - as I now hear them doing - mainly weighing up the hazards it might meet with along the way. We assume, however, that your commitment to the negotiations is as firm as Commissioner Frattini's, because we will hold you to that as well.
This is about SWIFT now, and SWIFT not being a bank should not be a licence not to take privacy rules seriously or not to comply with them. The inquiry you mounted, Commissioner Frattini, is to be welcomed, but you will need to take legal measures promptly in order to fill the vacuum, because data exchange at SWIFT should also be able to stand the test of European privacy rules.
The fight against terror must also be able to look into financial transactions in this framework, because this may well lead to terrorist organisations. Something that has struck me is that many citizens have much sympathy for the difficult dilemmas we face in this context. We cannot resolve this overnight. I am, for example, quite shocked by the fact that there has not been more of a fuss made about the rules on liquids in aircraft. We should not seize this as an excuse, though. Tough negotiations are needed. The suggestion mooted by Mr Radwan to place this in a wider G7 context is something I am happy to endorse.
Hubert Pirker
(DE) Mr President, Mr President-in-Office of the Council, Mr President of the Commission, none us in this House disputes the fact that there needs to be enhanced prevention of terrorism in the future. However, the issue inevitably arises of the means to be used in this connection, as well as the issue of the strategies to be adopted. Undoubtedly, international cooperation and the exchange of data are just as much a part of the process as, on the other hand, legal certainty and the necessary data protection. As all of us do in this House, I support transatlantic cooperation in this connection.
We must, however, attach importance to seeing a balance maintained between security and the combating of terrorism, on the one hand, and data protection, on the other. If, moreover, it is now a question of negotiating a new agreement, then this new agreement needs to fulfil certain basic preconditions.
Firstly, personal data needs to be given the same level of protection as has already been achieved in the interim agreement. Secondly, the airlines must be afforded legal certainty so that the promise to switch over to a push system, enabling us to control which data is delivered to whom and at which juncture, is kept. The purpose for which the data can be used must also, of course, be laid down so that the data can only, and is only allowed to, be used for the purpose of preventing and combating terrorism. There should also in future be a duty to provide travellers with information in this connection.
I would make one last point, which I do think is important. In negotiating the new agreement, added value should also be created. As soon as an act of terrorism is suspected, the US authorities should be obliged to notify the corresponding judicial and police authorities in the Member States, as well as the corresponding EU institutions, namely Europol or Eurojust. If all this is guaranteed, we shall have available to us a further instrument designed to make EU citizens more secure.
Günter Gloser
Mr President, Commissioner, ladies and gentlemen, I should firstly like to thank you most sincerely for the many comments, ideas and of course - whether one likes them or not - the critical remarks. In a debate, they serve to indicate whether or not one is on the right track and whether it is possible to prevent some state of affairs that was not perhaps right in the past from arising again.
Not only legal protection and legal certainty but also the issue of how we are to combat specific forms of international terrorism are, it is true, unanimously deemed to be important, but we must not in any circumstances play these off against each other. Where the two areas of PNR and SWIFT are concerned, we face different situations.
In the statement by the Presidency, I again made a point of clearly emphasising cooperation and interchange with the Commission, on the basis of which we wish together to arrive at a legally certain regulation. This raises many issues to which you have also referred today, including those of how extensive the information is, what access there is to it and what controls need to be exercised by the other party. Similar issues arise too where the subject of SWIFT is concerned, and in this connection I am again happy to take up Mr Radwan's idea. Irrespective of whether or not it is at present on the agendas of the G7 or G8 or comes within the area of relations between the European Union and the United States, it is important to address this issue.
There would certainly be no benefit in just moving constantly from one aspect to the next, as what is at issue here is essentially the same. We are concerned with data protection, with legal certainty and, furthermore, with the form to be taken by the transatlantic partnership, in connection with which we are of the view that partnership is not a one-way street. It is a question of working with, rather than against, each other.
We need the information concerned, and relations between the European Union and the United States should be such that, in the forthcoming meetings between the two countries, it should be possible to address the issues very clearly, above all with a view to confronting the danger that some of you have described. I can do no more than say how absolutely right it is to address these issues openly. When are we to be confronted with the next case in which data is perhaps unsafely accessed? That is a point that we should like to take up. Without now going into technical details, I also say that with, specifically, SWIFT in mind. Where is the data? Is it here, and would we have the opportunity to put it in order and limit its extent without its being passed on? Or is the data possibly already available in the USA where, because of the nature of data protection there, it is very easy to access? The implication in that case, however, is that we have no influence at all.
The question is, however, that of what influence the European Union has on data that is transferred and that is, as it were, ready to be called up elsewhere? Specifically where SWIFT is concerned, this is certainly a complicated procedure. All this should, however, give us the opportunity for discussing these matters in depth and for arguing how important it is for us in the European Union to stand for certain values and also to act in defence of those values. It should also give us the opportunity for arguing how essential it is to maintain the existing balance. That does not mean that we are always in agreement about the fight against international terrorism. It is just that all these matters have to be balanced out.
Commissioner Frattini did in fact make this very clear in giving precedence not only to people's safety but also to legal protection and to the very high level of data protection such as we do in fact have in the European Union. I can only assure you that these many facets that you have discussed are also to be included for discussion in the forthcoming negotiations, and in relation not only to PNR but also, of course, to SWIFT.
Franco Frattini
Vice-President of the Commission. - (IT) Mr President, ladies and gentlemen, as always I shall be perfectly sincere in my reply to this House, and I shall also address the points on which I do not share your views.
First, as the Committee on Civil Liberties, Justice and Home Affairs is well aware - and its chairman, Mr Cavada, is here - I have never, under any circumstances, either denied or concealed any information, including confidential information, that I could have given to the committee and thus to Parliament. I intend to continue in the same way, as I said in my introduction. Thus I do not share the opinion - which is actually to prejudge the issue - that the European institutions and Parliament in particular might be in danger of being excluded from this political process.
You are well aware that I am in favour of your being politically involved, even when the Treaties do not allow for it. I have said it a thousand times and I shall say it again: we shall find a way, and that is why I welcome Mr Cavada's idea of even organising an agreement with the US Congress to monitor the political stages of these negotiations. It is also clear that this debate has affected Euroatlantic relations, contrary to what somebody said. I am convinced that, if Europe wants to be a leader on the world political stage, it must achieve a global balance between the right - I personally consider it a duty - to pursue and investigate terrorists and the duty to protect fundamental rights, such as the privacy of personal data.
It is therefore obvious that if, as the President-in-Office of the Council has just said, we want to achieve an overall balance together with the United States, we want to do so because we are convinced that Euroatlantic relations are crucial, not only with regard to Europe's past history but, above all, with regard to its present and future history.
As many of you are well aware, I have on many occasions supplied detailed answers, above all to the Committee on Civil Liberties, of course, but I address Parliament when I am invited to do so and I speak to those committees that invite me. Regarding the 'push' system, for instance, I announced in December that experiments with such a system for passenger name records would begin before the end of the month, and they did. The experiment was started with the US Administration's Customs and Border Protection System and Amadeus. There is a technical point regarding requests for ad hoc data, but it is a technical problem, while the 'push' experiment has indeed started, as we had been promised.
With regard to the number of data items, I was interested to hear what many of you had to say about the 34 items that are currently the subject of the PNR agreement. I can tell you quite openly that, as far as my part in the negotiations is concerned, I intend to call for the number of data items in question to be cut, but not because I subscribe to the idea that the US is asking for too many. If all 34 items were of use in pursuing terrorists, I would not be afraid to tell you that 34 items were needed. However, the really useful items are probably those 19 that have been mentioned: that is to say, a much smaller number.
Believe me, though, the principle that counts as regards the data to be processed is not the number of items but rather the usefulness of the data, and it is on those grounds that I intend to take action in the negotiations. I do not mean to endorse the idea that, if we cut the 34 items down to 15, we will in any case have done a good job: we may actually have done a very bad job if some of the excluded data items could have prevented a terrorist attack. I am in no doubt about one thing: I am quite certain that the main aim is to make the system effective. Who has access to the data? What for? How many data and for how long? These are the points of an agreement that we are going to start negotiating soon, and Parliament will be kept informed, as I have already said.
Ladies and gentlemen, many of you believe that passenger information is the missing factor in the PNR system. It is fair to imagine that if no consensus is reached between the two sides, no agreement will be made at the end of July. Just in my mind's eye, I can see a very simple solution: every ticket to the United States that is purchased could come with a sheet for the passenger to sign, informing them that their data will be processed in a particular way. If that should happen - and I strongly hope that it never will - we will certainly have ensured that passengers are given information but, without an agreement at European level, passengers' rights will be limited to the private sphere of the air carriage contract. That is an eventuality that we must avert by every possible means, which is why we must try to achieve a new European agreement. The alternative would be very simple: passengers would merely need to be asked to accept a few restrictions as part of the air carriage contract, and I believe that the majority who want to go to the United States for honest reasons would sign it. We would, however, be giving up a role for Europe that we have already played and which it is vital that we still play. That is why we need new negotiations, in part to cut down the number of data items, but in such a way that reducing the amount of data does not jeopardise the fight against terrorism.
In connection with the ATS system, I have mentioned to the Committee on Civil Liberties that I have received written assurances from the United States regarding compliance with the PNR agreement. In a speech made in this Chamber, I was criticised for not having checked the veracity of this statement. Ladies and gentlemen, if I, in Brussels, had the power to investigate the behaviour of the United States, I would have powers that no authority at either European or national level has ever had or is ever likely to have. Everything is possible, apart from checking the veracity of that letter, as I was asked to do in that speech. When I receive a formal reply saying that the rules are being complied with, I have to take it at face value unless there is evidence to the contrary. That is what happens between allies, unless you have some evidence to the contrary - which I frankly do not have, and I am being absolutely honest - because otherwise we would have to open a permanent inquiry into every minute detail of the letters we receive from the United States.
Mrs Roure asked me whether we can give Parliament our information on the negotiating mandate. As you know, such information is classified; nonetheless, as I said before, even though it is classified, we will find a way to keep Parliament informed, in other words a way to give you political information without violating a rule enshrined in the Treaties, whereby classified ('EU restricted') information cannot be published. This is the political solution that I propose: if the Treaty is amended so as to specify a mechanism by which classified acts may be communicated to Parliament, I shall apply such a rule without hesitation. It is a matter, however, of overcoming the obstacle that Parliament cannot be informed if classified material is involved. I shall keep you up to date on this.
Many people have called for a framework agreement, Mr President, which I think is the right way to go. A framework agreement on data transmission is precisely what we have started working on with the Presidency: we are setting up a joint working party to deal with a number of topics relating to personal data processing - separate, therefore, from the SWIFT case and PNR, which are going on in parallel. We believe that the time has now come to conclude a Euroatlantic political agreement - a framework agreement - with the United States on personal data processing, and we intend to work on this agreement in order to specify what kinds of data can be transmitted, for what purposes and for how long.
Ladies and gentlemen, there is a further point that has not been addressed in this debate, but which needs to be addressed: how can we preserve the confidentiality of the technical information that forms part of this agreement? Since it concerns investigation procedures, it would be a gift to criminals if it were revealed. Such information needs to be kept confidential. There is thus another problem, because it is obvious that we would be giving suspected terrorists a powerful tool if we revealed details about how they are monitored. Can a solution be found? I am quite sure that one can, but there needs to be political will on both sides.
I should like to end with a final thought: none of all that justifies the specific violations of European law and the legislative failings in the SWIFT case. You may recall that, when nobody was yet talking about a European agreement, I addressed the Committee on Civil Liberties, Justice and Home Affairs on the need for such an agreement, because it is much better to close a legislative gap with a European rule than to leave it to the individual Member States to legislate as they please. The SWIFT case is typical: out of 27 Member States, only seven have given me a reply. That is a sign that the issue needs to be addressed at a European level.
For all these reasons, therefore, I can assure you that 1) I believe that a political agreement is essential and that the legitimacy of such an agreement will be weaker if Parliament is not involved; and 2) such a political agreement should be aimed at solving the problems constructively, without pointing the finger at the United States as if it was the problem: the problem, ladies and gentlemen, is the terrorists, not the United States.
President
The debate is closed. The vote will take place during the next part-session.
Since it is time to resume the sitting, there will be no suspension.
I would like to thank the interpreters for their generosity and professionalism; this Parliament could not function without them.
Written statements (Rule 142 of the Rules of Procedure)
Pedro Guerreiro
(PT) There have been months and months of condemnation of the unacceptable transfer of passenger name records by airlines and of personal data by the Society for Worldwide Interbank Financial Telecommunications (SWIFT) system to the security and information services of the United States. Yet, in response to the questions asked here in Parliament, the German Presidency of the Council and the Commission have offered nothing that would result in complete clarification of these matters and an end to this blatant violation of the citizens' rights, freedoms and guarantees.
Their responses do not contain a single word on the practical measures needed to put an end to these unacceptable, illegal practices, or on demanding full clarification from the US Administration.
Such behaviour is ultimately indicative of the Council's submissive, passive attitude to the USA's blackmail and demands.
I must also mention the attempts by those whose only goal is to benefit from these situations by further applying qualified majority voting in the Council on issues of justice and home affairs. All measures that, under the guise of the so-called 'war on terror', undermine the citizens' fundamental rights must be rejected outright.
Athanasios Pafilis
(EL) Both the Commission and the Council have confirmed in their statements that they will continue to satisfy US demands by holding files on all European citizens and handing over their personal data to the US secret security services.
The representatives of the German Presidency and the Commission have not only accepted that the new agreement with the USA on the transmission of the personal data of passengers flying there will not differ from the present agreement; they have also cynically admitted that they are prepared to legalise the SWIFT scandal by laying down so-called principles for the provision of information on financial transactions by European citizens in the USA, so that this will now be legal.
As they clearly stated, they will not commit the cardinal sin of disrupting relations between the EU and the USA. As far as the protection of fundamental rights, personal data and privacy are concerned, they will try to persuade our 'American friends' to respect them, obviously just as they respect them in Iraq and Afghanistan.
It is crystal clear that the policies of the EU and the USA are identical, are equally reactionary and anti-democratic and are equally dangerous to democratic rights and grass-roots freedoms, using as they do the 'fight against terrorism' as the necessary pretext to limit fundamental rights.
