Members of European Parliament have criticised the bank transfter data sharing deal between the European Union and the US in debates preceding the six-month review of the agreement, the European Parliament press service said in a statement.
The requests for for EU citizens' banking data were "too general and abstract to allow Europol to check whether they meet EU data protection standards, and Europol seems to be merely rubber-stamping them," MEPs in the civil liberties committee said.
The agreement signed in 2010 gave US law enforcement access to European bank data from Swift, the largest system of cross-border bank payments, headquartered in Belgium, which reportedly handles 80 per cent of the global electronic financial transfers. The US uses the data for its terrorist financing tracking programme (TFTP).
Since the agreement went into effect, four data transfer request have been made by US authorities.
"Those four requests are almost identical in nature and request – in abstract terms – broad types of data, also involving EU Member States' data," a report presented to MEPs by Isabel Cruz, which chairs the Europol joint supervisory body, said.
Cruz said that information provided orally to Europol staff by the US authorities had persuaded Europol to transfer data, but that the content of that oral information was not known, again making it impossible to verify compliance with the TFTP agreement.
The review report elicited strong reaction from MEPs.
"We feel betrayed reading this report", the rapporteur on the TFTP agreement, German liberal Alexander Alvaro, was quoted as saying. "We voted in favour [of this agreement last year] in the trust that both parties would apply the adopted agreement", which "concerns the transfer of sensitive data belonging to our citizens", he said. "The credibility of [European] Parliament and of this committee are being jeopardised. This is about trust and confidence of the public in what the EU did and is capable of doing here".
Dutch liberal Sophia in't Veld, the rapporteur on the passenger name record agreements with the US, said: "We have given our trust to the other EU institutions, but our trust has been betrayed. This should be kept in mind when they want our approval for other agreements."
Echoing her comment, Portuguese MEP Rui Tavares from the United European Left/Nordic Green Left group said that European Parliament had to be given access to the full report, including the classified sections. "We might have to engage in another battle for access to documents, but we are used to that", he said.
Other MEPs criticised Europol's role in handling the bank data requests.
"Europol should not have been the body to oversee this – we all underlined at the time that Europol should not have been entrusted with this role", Greek MEP Stavros Lambrinidis from the Socialists and Democrats group said. The fact that the agency only has 48 hours to answer requests would only make sense it they are "super duper", which does not always seem to be the case, he said.
US authorities first subpoenaed Swift for bank transfer data in the aftermath of the September 11 2001 terrorist attacks in New York, although this did not become public knowledge until 2006. Public demands for EU privacy laws, which are more stringent when it comes to bank data than those in the US, resulted in a formal agreement in 2007, which was rendered obsolete by Swift's decision to store European data in Switzerland, which meant that intra-European data was stored only in Europe, as opposed to a server in the US, leading to the need for a new agreement in 2010.
The European Commission was due to publish its six-months evaluation of the TFTP agreement on March 17, when home affairs commissioner Cecilia Malmström was expected to brief European Parliament's civil liberties committee MEPs on the report.