BRUSSELS — The European Parliament voted Thursday to kill a deal giving U.S. counter-terrorism authorities access to banking data collected by the Society for Worldwide Interbank Financial Telecommunications, a Brussels-based registry of international financial transactions known by its acronym, Swift.
The vote, by 378 to 196, is a show of strength for the parliament, long an institutional weakling but emboldened by new powers granted under the Lisbon Treaty. It also presents a diplomatic headache for the Obama administration, which is keen to build support amongst European allies but also to shore up its terrorism-fighting cred at home.
Parliamentary leaders invoked privacy and human-rights concerns. The agreement signed by EU member states last November didn't achieve "the correct balance between security and the protection of civil liberties and fundamental rights," says Jerzy Buzek, the parliament's president.
The defeat is also an embarrassment for the EU's executive arm, the European Commission, which had backed the deal.
"I remain convinced that the program enhances the security of our citizens," said home-affairs commissioner Cecilia Malmstrom. She promised to craft a new deal with reinforced safeguards for privacy and data protection that would be palatable to the parliament--and the U.S.
U.S. officials say the Terrorist Finance Tracking Program has allowed U.S. authorities to foil a plot to blow up jets over the Atlantic in 2006 and early 2010, and has led to "more than 1,500 reports and numerous leads" handed over to European law enforcement, the U.S. mission to the EU said in a statement.
"We're disappointed, and we're evaluating our options," said a spokeswoman for the program.
Probing Swift records became a common tactic after the Sept. 11 attacks. Bush administration lawyers authorized officials at the U.S. Treasury Department to subpoena financial-messaging traffic records. The government used similar subpoenas to gain access to data from Western Union and other financial institutions. The practice came to light in 2006 and the 2009 deal formalized what had been an extra-legal practice.
"Our fundamental principle has been to preserve the confidentiality of ours users's data while complying with the lawful obligations in countries where we operate," Swift said in a statement in 2006. Swift officials did not comment on Thursday's vote.
Without consulting the parliament, EU governments agreed to a nine-month interim deal in November, shortly before the Lisbon Treaty became law. The treaty expands the powers of the parliament, including into matters of data-privacy. The parliament protested the lack of consultation, and national leaders agreed to put the measure to a vote. Now it's back to the drawing board.
Swift is currently moving its servers out of the U.S. and into Switzerland. While Switzerland isn't part of the EU, the U.S. needs an EU data-sharing deal because Swift is headquartered in Belgium.
Swift was founded in 1973 by banks around the world to act as an electronic gatekeeper for funds crossing borders. Swift doesn't handle any money itself but processes millions of transfers every day. It has over 8,000 clients in over 200 countries.
Banks and brokerages used Swift to relay information to each other through forms containing data sets that include sender and recipient identities, amounts and account numbers. Swift is administered by the National Bank of Belgium and is under the supervision of the Federal Reserve, the Bank of England, the European Central Bank and the Bank of Japan.