Europe's police force, Europol, has approved requests to send private citizens' banking data to the U.S. Department of Treasury without sufficient consideration for data protection laws, according to an internal report.
An official report on an investigation carried out by the organization's Joint Supervisory Body (JSB) was made public by the German Commissioner for Data Protection and Freedom of Information on Wednesday.
Since August 2010, the European Union has allowed European citizens' financial data to be transferred to the U.S. under the Terrorist Finance Tracking Agreement, also known as the Swift agreement. However, one stricture of the accord specifies that the U.S. must "clearly substantiate the necessity of the data" in combating terrorism.
The JSB inspection team was made up of seven data protection experts who found, that of the four requests made by the U.S. since the Swift pact was established, all were too abstract to allow proper verification for whether they comply with the accord.
The report concludes that given the dearth of information, verifying whether the requests to date "are in line with the conditions of the agreement, is impossible."
Oral statements from the U.S. Treasury to Europol personnel had a bearing on the decisions, but even the JSB team has no knowledge of the content of those statements. Therefore it is impossible to tell whether omissions in the written requests were rectified by oral information, according to the report. This renders proper inspection by Europol's Data Protection Office impossible, concluded the report.
Giving Europol a role in implementing the controversial agreement was one of the concessions made to the European Parliament after it initially rejected the accord over concerns about civil liberties. On Wednesday these misgivings resurfaced. Parliamentarians said that Europol appears to be just rubberstamping requests for the transfer of bulk data, without any kind of scrutiny or oversight.
Alexander Alvaro, Parliament's rapporteur on the TFTP Agreement, called for "all relevant documents must be declassified."
"This report should send alarm bells ringing in Brussels," added Sophie In't Veld, vice-president of the parliamentary committee on civil liberties. "It would seem Europol has not been respecting the agreed data protection safeguards which we insisted upon as a condition for this agreement to go ahead. We need clarification on how these data transfers are being processed."
The Commission is due to publish its evaluation of the TFTP on March 17.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.