The European Parliament ended up having no say, as the home affairs ministers decided in extremis, on 30 November, to renew authorisation for the United States to access European citizens’ banking data as part of the counter-terrorism drive. The 27 ministers did not await the entry into force of the Lisbon Treaty - the following day - which gives MEPs their say on protection of personal data.

The only source of satisfaction for the EP (the Greens in particular had threatened to protest hasty signature) is that the agreement is limited to nine months, from 1 February. On a proposal from the European Commission, in early 2010 the EU will negotiate a new agreement “based on the Lisbon Treaty,” notes the Council.

“It is very positive that we were able to reach this agreement today. It improves EU data protection,” welcomed Sweden’s Home Affairs Minister Tobias Billström, whose country holds the rotating EU Presidency. He added: “We have to cooperate on combating terrorism, but [under the agreement] such information must not be used for other purposes”.

“This is a temporary agreement for just a few months. In February, we are going to seek a negotiating brief for a longer-term agreement,” explained Commissioner Jacques Barrot. It was urgent “not to interrupt data on financial flows that are strongly suspected of being linked to the financing of terrorism”.

The EU was forced into renewing the agreement, set up by the United States after the terrorist attacks of 11 September 2001, after the private company SWIFT (Society for Worldwide Interbank Financial Telecommunication) decided to revise its systems architecture. The Brussels-based firm treats the financial flows of nearly 8,000 banks worldwide. By the end of 2009, it will be transferring all its European databases to a global operations centre in Amsterdam, the Netherlands. Consequently, a large volume of European data that is currently transmitted to the US Treasury Department will no longer be stored on US territory. To continue having access to data on European citizens, Washington therefore needed a green light from Europe. To the displeasure of MEPs, the 27 were determined to act before 1 December – thus under the Nice Treaty (which only requires EP assent) – to avoid having to renegotiate a mandate right away.

Germany, Austria and Hungary kept their misgivings to themselves by abstaining, so as not to torpedo the unanimous vote. “Limited legal protection is better than no protection at all,” commented Austria’s Home Affairs Minister Maria Fekter, on her arrival at the Council.

The EU’s data transfers are “data from archives on financial transactions,” such as the name, address, national ID number and other personal data on the issuer or beneficiary of a financial transaction.