Only with great reservations did the European Parliament agree last year to the SWIFT agreement with the United States. The agreement allows the transfer of data pertaining to European bank customers to US investigators in accordance with strict guidelines. But many provisions of those guidelines have been widely ignored.

One week ago, a critical report from the Europol Joint Supervisory Body (JSB) noted that the written requests received by Europol, the EU-wide law enforcement organization, from the US are too vague to decide on their validity. Yet despite the shortcomings, Europol has agreed to every request. The auditors complained this is making oversight of data privacy "impossible."

It has now emerged that a second control mechanism has likewise failed. According to Article 15 of the SWIFT agreement, every EU citizen has the right to know if American authorities had access to personal banking data and if so, which authorities received that information.

For the past six months, Alexander Alvaro, a member of European Parliament from Germany's Free Democrats, has been doing a test in an attempt to obtain the information entitled to him from German authorities.

The result: "The German authorities have not yet been able to find out whether data has been accessed at all. As such, the rights of EU citizens on correction, deletion or blockage of the data are being violated."

A Test of Frustration

In October 2010, Avaro's office contacted the German Federal Commissioner for Data Protection and Freedom of Information (BFDI) for the first time. Alvaro asked in writing for information as to whether his personal bank transfer data had been seen by or transferred to the US. Four days later, the agency answered that to work on his request, a partially blacked-out copy of his personal identity card would be necessary. After he sent the requested document, it took another five weeks, two reminder e-mails and a telephone call until the parliamentarian received an answer.

The BFDI explained that the information Avaro had provided would no longer be considered sufficient proof of identity. Then came a highly contradictory recommendation: He should wait because there was a need to clarify the situation. But the BFDI also recommended that Alvaro provide information about his personal account activity.

One month later, the BFDI requested an un-redacted ID card and asked him to once again send in the documents that he had provided at the end of October. Particularly bizarre: In the same letter, the BFDI expressed concerns about providing this personal information. The request that Alvaro provide information pertaining to his private account, however, was not repeated.

After another four weeks, The BFDI told Alvaro's office in a telephone call that the request had still not been forwarded to American authorities. There was, still no agreement between the US authorities and the BFDI. The American authorities would require still more data from the applicant. Nevertheless, Alvaro consented to have the data in question forwarded to the American authorities.

Review in the Works

At the beginning of this month, the BFDI confirmed that Alvaro's request had finally been sent to US authorities. At the same time, the agency said it had no information or authority to determine whether and who has accessed his data in the US. The agency criticized that the person requesting information about how personal data has been used must submit additional personal information in order to learn whether the US has made use of their data.

This Wednesday, the SWIFT agreement is on the agenda of the European Parliament Committee of Civil Liberties, Justice and Home Affairs. European Commissioner for Home Affairs Cecilia Malmström is to submit a report to members. Parliamentarians from the Greens and FDP have threatened to suspend the SWIFT agreement.