EU-US financial information sharing has been blocked amid concerns about personal data safety
The European parliament has caused a serious setback to security cooperation between the European Union and the United States. In February it vetoed an agreement between Brussels and Washington that would have allowed EU financial data to be transferred across the Atlantic.
The vote was the latest twist in the so-called Swift saga. Swift, or the Society for Worldwide Interbank Financial Telecommunication, is the Belgium-based main provider of the global messaging service that underpins financial transactions. In the aftermath of the 9/11 attacks, as part of work to identify terrorist finance networks, the US federal investigators obliged Swift to open its databases.
This became public in 2006, prompting a Belgian government investigation, which concluded that Swift had “secretly and systematically transferred massive amounts of personal data for surveillance without effective and clear legal basis and independent controls”.
Since then, arguments have rumbled on. Washington and Brussels want to formalise the data transfer, but the case has become a focus for the debate about the right balance between security and privacy. The European parliament’s rejection of the deal suggests that the balance has yet to be found.
The parliament’s worry was that data collected for one purpose was being used for an entirely different one, potentially posing threats to Europeans. Nathalie Vandelle from the office of the European Data Protection Supervisor says such disclosures of data are “likely to expand” and “systematic cooperation between private companies and law enforcement” needs to be developed.
But there is a bigger question behind the Swift issue. Digital technologies have transformed personal and business relationships. Never before has it been so easy for corporations and governments to amass, exchange and exploit data, for good or ill.
Serge Ravet, a campaigner for data-privacy enforcement, says the situation is dangerous. There is “fragmentation of personal data and global lack of control”. Individuals have been “digitally quartered”, exposing them to a range of threats, from unauthorised access to personal messages or bank accounts, to identity theft or even the risk of being mistaken for a terrorist.
Rush online
The problem is that the headlong rush online, and the establishment of services based on personal data, such as social networks, have been accomplished piecemeal. Only now are fundamental questions being asked more widely: what is the meaning of identity in the digital age, and how can individuals benefit from their online existences without suffering the downsides?
Ravet says there should be “total separation” between the hosting and control of personal data, and its use by companies and governments. Individuals should have “personal organisational data stores”, or digital repositories of their personal information, and they should be able to choose to whom they grant access. Ravet argues this would render obsolete the holding of personal data by companies or governments.
Such a vision may seem unlikely to be realised soon, but cases such as the Swift saga mean the bigger questions of digital identity must be tackled. For now the EU and US authorities must go back to the drawing board and find at least an acceptable balance between privacy and security.