MEP Jan Albrecht posted the agreement on his blog. Read it
here.
Earlier this week Commissioner Malmström had said that the talks had yielded “considerable improvements” over an interim deal that was rejected by the Parliament in February. Malmström said that the draft agreement contained “significantly stronger” guarantees on data protection and opportunities for rectifying or erasing inaccurate data.
Though the new agreement expressly precludes data mining (art.5.3), it still allows for the sending of data “in bulk” – which will prove to be one of hardest selling points of the agreement to the European Parliament. The Parliament earlier has expressed its reservations about the sending of bulk data to the U.S. The major stumbling block is article 12:
Article 12: Monitoring of Safeguards and Controls
1. Compliance with the strict counter terrorism purpose limitation and the other safeguards set out in Articles 5 and 6 shall be subject to independent monitoring and oversight. Such oversight, subject to appropriate security clearances, shall include the authority to review in real time and retrospectively all searches made of the Provided Data, the authority to query such searches and, as appropriate, to request additional justification of the terrorism nexus. In particular, independent overseers shall have the authority to block any or all searches if it appears that one or more searches have been made in breach of Article 5.
2. The independent oversight shall also include the ongoing monitoring of compliance with and reporting on all safeguards set out in Articles 5 and 6.
3. The oversight described in paragraphs 1 and 2 shall be subject to ongoing monitoring, including of the independence of the oversight described in paragraphs 1 and 2, by an independent person appointed by the European Commission, with the modalities of the monitoring to be jointly coordinated by the Parties. The Inspector General of the U.S. Treasury Department will ensure that the independent oversight described in paragraphs 1 and 2 is undertaken pursuant to applicable audit standards.
As Statewatch points out:
Financial data from the EU is opened and searched by US agencies using specialists “tools” (highly sophisticated computer programmes) – which only the USA has access to. In simple terms US agencies get a “packet” of personal financial data from the EU which they “open” and then “select” the data on specific names. But the EU cannot check the names selected – as it has no access to the “tools” – and therefore cannot exercise its right to “safeguards” and “controls” by “blocking” the inclusion of specific individuals.
Other new developments:
Under the new agreement, Europol will verify and approve US requests for data on bank transfers. (articles 4.3 4.5).
Where data concerns a citizen or resident of an EU member state, the sharing of leads with third countries will require the consent of the member state concerned.
Importantly, EU citizens will have access to administrative redress under the agreement, which also provides the possibility of judicial redress.
Article 18.2
Any person who considers his or her personal data to have been processed in breach of this Agreement is entitled to seek effective administrative and judicial redress in accordance with the laws of the European Union, its Member States, and the United States, respectively. For this purpose and as regards data transferred to the United States pursuant to this Agreement, the U.S. Treasury Department shall treat all persons equally in the application of its administrative process, regardless of nationality or country of residence. All persons, regardless of nationality or country of residence, shall have available under U.S. law a process for seeking judicial redress from an adverse administrative action.
The draft agreement also includes the possibility of EU establishing its own TFTP, with the US authorities assisting in its creation and development.
Article 11: Cooperation with Future Equivalent EU System
1. During the course of this Agreement, the European Commission will carry out a study into the possible introduction of an equivalent EU system allowing for a more targeted transfer of data.
2. If, following this study, the European Union decides to establish an EU system, the United States shall cooperate and provide assistance and advice to contribute to the effective establishment of such a system.
3. Since the establishment of an EU system could substantially change the context of this Agreement, if the European Union decides to establish such a system, the Parties should consult to determine whether the Agreement would need to be adjusted accordingly. In that regard, U.S. and EU authorities shall cooperate to ensure the complementariness and efficiencies of the U.S. and EU systems in a manner that further enhances the security of citizens of the United States, the European Union, and elsewhere. In the spirit of this cooperation, the Parties shall actively pursue, on the basis of reciprocity and appropriate safeguards, the cooperation of any relevant international financial payment messaging service providers which are based in their respective territories for the purposes of ensuring the continued and effective viability of the U.S. and EU systems.