Privacy & Cybersecurity Law Blog

On November 30, the Council of the European Union agreed to allow U.S. anti-terrorism authorities access to financial data of individuals located in the EU under certain circumstances. Under the agreement, U.S. authorities will continue to have access to data collected by Society for Worldwide Interbank Financial Telecommunication ("SWIFT") after a SWIFT database located in Switzerland becomes active later this year (the data had previously been processed in a database located in the U.S.). The agreement contains restrictions on access to the data that have been negotiated between the EU and the U.S. (e.g., access will be limited to data that relate to individuals with links to terrorist activities; U.S. authorities will not have access to data concerning intra-European transactions; and U.S. authorities seeking access to personal data will have to tailor their requests narrowly and justify their requests to the U.S. Department of the Treasury). The agreement will run until October 31, 2010, after which time a further agreement between the U.S. and the EU would have to be negotiated for the U.S. authorities to continue to have access to the data. The agreement was reached despite the abstention from voting of the governments of Austria, Germany, Greece and Hungary because of data protection concerns. Under the EU's new Lisbon Treaty (which went into effect on December 1, 2009), any further agreement will require participation by the European Parliament, which has been highly critical of the agreement.