Europe's Home Affairs Commissioner said on Wednesday that she would be keeping a close eye on data-sharing deals with the U.S.
On the same day that she announced that the European Commission would not suspend the E.U.-U.S. safe harbor data privacy agreement, Commissioner Cecilia Malmström presented reviews of two other transatlantic data sharing deals -- the Terrorist Finance Tracking Programme (TFTP) and the Passenger Name Record (PNR).
The TFTP agreement allows the U.S. Treasury to access some data stored in Europe by international bank transfer network Swift. However, allegations of possible U.S. access to Swift financial data outside the scope of the TFTP agreement enraged politicians last month.
Documents leaked by former U.S. National Security Administration contractor Edward Snowden and reported by The Washington Post indicate the NSA spied on Swift. The company is included in an NSA training manual for new agents on how to target private computer networks, according to the documents.
Malmström, however, said she has received written assurances from the U.S. government that it has not breached the TFTP agreement and will continue to respect it fully. Nonetheless another review of the functioning of the agreement will be conducted in spring 2014, sooner than expected.
Over the last three years, in response to 158 requests made by the E.U., 924 investigative leads were obtained from the TFTP. Most recently, TFTP-derived information has been used to investigate the April 2013 Boston Marathon bombings, threats during the London Olympics and E.U.-based terrorists training in Syria, Malmström said.
Under the agreement, non-extracted data can be kept for no longer than five years and information extracted from the data can only be retained for as long as is strictly necessary for specific investigations or prosecutions.
The current E.U.-U.S. PNR agreement entered into force on July 1, 2012. According to the review presented on Wednesday, the U.S. authorities have been implementing the agreement in accordance with the standards and conditions it contains.
PNR data is collected by airlines and the current agreement with the U.S. uses information on passengers traveling between Europe and the U.S. to target, identify and prevent potential terrorists and terrorist weapons from entering the U.S.
PNR data is stored in airlines' reservation and departure control databases. It contains several different types of information, such as travel dates, travel itineraries, ticket information, contact details, the travel agent with which the flight was booked, the means of payment used, seat numbers and baggage information.
PNR data can only be used to fight terrorism and serious transnational crimes that are punishable by at least three years of imprisonment under U.S. law. According to the Commission, this excludes minor crimes, while allowing PNR to be used to tackle serious crimes such as drug or human trafficking.
The data collected under the PNR agreement can be retained for 15 years for terrorist-related offenses and for 10 years transnational crime. However it must be "depersonalized," with identifying information removed from the data, after just six months and moved to a dormant database with stricter controls after five years.
The next review of the agreement is due to take place during the first half of 2015.
The European Commission had proposed a similar plan for passengers traveling within the E.U. But last month the European Parliament delayed voting on it. Commissioner Malmström also said on Wednesday that any plans for an E.U.-wide TFTP had been shelved.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.