Privacy & Cybersecurity Law Blog

On February 11, 2010, the plenary of the European Parliament rejected by a vote of 378 to 196 the agreement reached in 2009 between the EU and the U.S. to allow access by U.S. law enforcement authorities to the payment database of the financial consortium SWIFT.  The agreement had been negotiated between the EU Council of Ministers and the European Commission with the U.S. government to allow continued access to the database, a mirror copy of which had been moved by SWIFT from the U.S. to Europe.  With the Lisbon Treaty’s entry into force, the Parliament gained new powers to approve measures affecting law enforcement and civil liberties, and a number of members of the Parliament have expressed concern regarding the level of data protection provided for in the agreement.  According to news reports, several top U.S. government officials (including Secretary of State Hillary Rodham Clinton and Treasury Secretary Timothy Geithner) had been lobbying the European Parliament to approve the agreement, on the grounds that it was essential to fight terrorism in both the U.S. and Europe.

The rejection of the agreement sends the EU and the U.S. back to the drawing board to negotiate a new agreement, this time with the participation of the Parliament.  The vote illustrates the enhanced powers of the Parliament in data protection and privacy matters under the Lisbon Treaty, and the dangers that companies face when caught between U.S. law enforcement requirements on the one hand and EU data protection restrictions on the other.