About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Draft Agreement for EU-US Data Sharing on the Table with Plans for European-based Data Processing Centre

Subscribe to our newsletter
Following several months of debate, a draft agreement is finally on the table about data sharing arrangements between the US and Europe with regards to tracking terrorist financing. The potential compromise, which is to be voted on this week, could mean the eventual elimination of bulk transfers of data across the Swift network and the establishment of a European-based data processing centre for these checks.

Data privacy concerns and a regulatory turf war meant that discussions about Swift transfer practices between the US and Europe were fraught over the last few months. However, the negotiation of new safeguards and the proposals for a new system has been successful between the European Council and the US Treasury Department. Moreover, the recommendation that the European Parliament as a whole authorise the conclusion of Swift II was drafted by German politician Alexander Alvaro and approved in committee with 41 votes in favour, 9 against and 1 abstention. If parliament backs the proposals this week, the agreement will come into force on 1 August.

The key to the deal for the European Parliament is the eventual elimination of bulk data transfers due to the establishment of a European equivalent to the US Terrorism Finance Tracking Programme (TFTP). Once Europe has a system enabling it to analyse data on its own territory, it need only transfer data relating to a specific terrorist track. The draft agreement will also empower the EU’s Europol criminal intelligence agency, based in the Hague, to block data transfers to the US.

All of this means more direct scrutiny of firms’ data practices around tracking terrorist financing on European shores and that data must be sent by Europeans to the US rather than being directly gathered by US authorities. Europol will have to check that every data transfer request by the US Treasury is justified by counter-terrorism needs and that the volume of data requested is as small as possible.

The new version of the agreement also provides that the use of data by the US authorities, which must be exclusively for counter-terrorism purposes, is to be supervised by a group of independent inspectors, including someone appointed by the European Commission. This person will be entitled to request justification before any data is used and to block any searches he or she considers illegitimate.

The agreement prohibits the US TFTP from engaging in data mining or any other type of algorithmic or automated profiling or computer filtering. Any searches of Swift data will have to be based on existing information showing that the object of the search relates to terrorism or terrorism finance.

In February 2010, after rejecting the previous agreement, MEPs demanded that European citizens should be guaranteed the same judicial redress procedures as those applied to data held on the territory of the European Union, and in particular payment of compensation in cases of illegal processing of personal data. They pointed out that the US Privacy Act, which protects US citizens against such misuse, does not protect European citizens who might become victims of such misuse on American soil. The new proposal says this time that US law must provide a right of redress, regardless of nationality.

Extracted data may be retained only for the duration of the specific procedures and investigations for which they are used. Each year, the US Treasury must take stock of any data that have not been extracted, and hence individualised, for counter-terrorism purposes, and delete them.

Finally, the text enables either party to suspend the agreement, with immediate effect, in the event of a breach by the other party. If the agreement is approved by the European Parliament, it will take effect on the first day of the following month, for five years, and will be renewable, year by year, thereafter. However, the two parties must together assess the functioning of the agreement’s safeguards and control systems, at the latest within six months of the agreement’s entry into force.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: How to maximise the use of data standards and identifiers beyond compliance and in the interests of the business

Data standards and identifiers have become common currency in regulatory compliance, bringing with them improved transparency, efficiency and data quality in reporting. They also contribute to automation. But their value does not end here, with data standards and identifiers being used increasingly for the benefit of the business. This webinar will survey the landscape of...

BLOG

Duco Unveils AI-Powered Reconciliation Product for Unstructured Data

Duco, a data management automation specialist and recent A-Team Group RegTech Insight Awards winner, has launched an artificial intelligence-powered end-to-end reconciliation capability for unstructured data. The Adaptive Intelligent Document Processing product will enable financial institutions to automate the extraction of unstructured data for ingestion into their systems. The London-based company said this will let market...

EVENT

AI in Capital Markets Summit London

The AI in Capital Markets Summit will explore current and emerging trends in AI, the potential of Generative AI and LLMs and how AI can be applied for efficiencies and business value across a number of use cases, in the front and back office of financial institutions. The agenda will explore the risks and challenges of adopting AI and the foundational technologies and data management capabilities that underpin successful deployment.

GUIDE

Regulatory Data Handbook 2024 – Twelfth Edition

Welcome to the twelfth edition of A-Team Group’s Regulatory Data Handbook, a unique and useful guide to capital markets regulation, regulatory change and the data and data management requirements of compliance. The handbook covers regulation in Europe, the UK, US and Asia-Pacific. This edition of the handbook includes a detailed review of acts, plans and...