VZCZCXRO8217
OO RUEHAG RUEHROV
DE RUEHBS #0253/01 0251407
ZNY CCCCC ZZH
O 251407Z JAN 07
FM USEU BRUSSELS
TO RUEATRS/DEPT OF TREASURY WASHDC IMMEDIATE
RUEHC/SECSTATE WASHDC IMMEDIATE
INFO RUCNMEM/EU MEMBER STATES COLLECTIVE IMMEDIATE

C O N F I D E N T I A L SECTION 01 OF 05 BRUSSELS 000253 
 
SIPDIS 
 
SIPDIS 
 
E.O. 12958: DECL: 01/24/2017 
TAGS: PETR KJUST EFIN KTFN PGOV EUN BE
SUBJECT: EUROPEAN COMMISSION OUTLINES PNR-STYLE APPROACH TO 
SWIFT ISSUE 
 
REF: A) 06 BRUSSELS 3662 B) 06 BRUSSELS 3301 C) 05 
 
     BRUSSELS 4443 
 
Classified By: DCM MCKINLEY FOR REASONS 1.4 (b) AND (d) 
 
¶1. (C/NF)  Summary and comment.  Treasury Deputy Assistant 
General Counsel, James Freis, and Michael Jacobson, from 
Treasury,s Terrorism Finance Office, met with the European 
Commission, the Council Secretariat and key member states in 
Brussels to discuss how to resolve the SWIFT issue January 
16-18.  In December, Commissioner Frattini told the European 
Parliament that he wanted to negotiate an agreement with the 
US within the next few months to resolve the data protection 
issues raised by the Belgian and other European data 
protection authorities.  Jonathan Faull, Director General for 
Justice, Freedom and Security outlined, for Freis a solution 
based on the original PNR agreement that would involve three 
parts: (1) greater disclosure by SWIFT and its participating 
banks on how the SWIFT system operates; (2) "undertakings" 
describing how the TFTP and its safeguards work and (3) a 
legally binding agreement, between the U.S. and the European 
Commission working on a mandate from the Council.  The 
Commission is preparing a draft for the US to review, but it 
is unclear when it will be ready.  With the exception of the 
UK and Belgium and possibly a few others, member states are 
now in a holding pattern waiting to see how the Commission 
proposes to deal with the issue.  There is a serious lack of 
leadership from the German Presidency, which had not 
anticipated having to deal with this issue.  The European 
Parliament will be questioning the Commission and the Council 
at the end of January on PNR and SWIFT issues. 
 
¶2. (C/NF)  It is clear that the EU shares our objectives of 
preserving Treasury,s Terrorist Finance Tracking Program 
(TFTP) and eliminating the legal uncertainty for SWIFT and 
the banks.  It also appears that some sort of EU-level 
solution is necessary, as dealing with 27 member states 
individually would present legal and practical problems. 
Based on this initial exchange, it seems that we are not very 
far apart from the Commission on substance but further apart 
on the method for resolving the issues.  The issue is what 
form we give to the substance and in particular whether an 
agreement is desirable or needed. While Faull joked about the 
need for &pillar talk8, the question of whether the issue 
should be dealt with under pillar 1 or pillar 3 has important 
implications that should not be underestimated.  (For 
background on the SWIFT issue in the EU see refs A and B. 
See 05 Brussels 4443 for background on the EU pillar 
structure) End summary and comment.  Septel will report on 
Freis meetings with Belgian authorities.  End summary and 
comment. 
 
Council Secretariat:  Need US-EU agreement under pillar 3 
 
¶3.  (C/NF)  An initial meeting was held with Gilles de 
Kerchove, Director for Justice and Home Affairs at the 
Council Secretariat,  who began by providing an overview of 
recent developments.  He said that at the end of last year 
the Belgians argued in an ECOFIN meeting and a European 
Council that SWIFT was a European and not just a Belgian 
issue.  The report of the Article 29 working party (which is 
made up of all the EU data protection authorities) supports 
this analysis, according to de Kerchove, but he said that not 
all member states agree.  During a meeting of EU Ambassadors 
on December 20, Frattini stated that it was a collective 
problem that requires a collective solution.  Frattini 
recommended to member states that there be negotiations with 
the US.  De Kerchove said that one member state ) the UK ) 
expressed reluctance to see the issue discussed at the EU 
level.  The Commission is now reviewing the issue and will 
put forward a proposal for the member states that would 
include various options. 
 
¶4.  (C/NF)  Turning to the legal questions, de Kerchove 
explained that SWIFT raises a number of data protection 
issues.  First, SWIFT violated the Belgian data protection 
directive because they did not notify the data protection 
authorities that they were &mirroring8 their European 
database in the US.  Because the US is a country that has not 
been deemed to have adequate data protection, the data 
transfer should have been notified.  De Kerchove described 
this as &a micro violation of non notification8.  Freis 
noted that the US has encouraged SWIFT to make its 
notification more transparent.  De Kerchove added as a 
footnote that &informed consent8 (which is one way of 
complying with the EU data protection directive) as a 
possible solution would not work because there is no 
alternative to SWIFT to make payments. 
 
¶5.  (C/NF)  De Kerchove said that the more serious legal 
issue was that SWIFT did not notify the data protection 
 
BRUSSELS 00000253  002 OF 005 
 
 
authorities regarding the change in purpose of the data. 
Freis said that he disagreed fundamentally with the Article 
29 working party report regarding the change of purpose. 
Freis pointed out that all financial institutions have a 
legal obligation ) including under EU law such as the third 
money laundering directive ) to screen transactions for 
counterterrorism and money laundering purposes.  Freis 
indicated that his counterparts in European finance 
ministries  agreed that the Article 29 working party report 
was incorrect with respect to the change of purpose question 
and that this conclusion was inconsistent with the working 
party's allegation of joint liability of the banks and SWIFT. 
 
¶6.  (C/NF)  In terms of resolving the problem, de Kerchove 
said that based on the European Court of Justice decision in 
the PNR case, the SWIFT case ) despite some differences -- 
falls into the &PNR basket8.  This means that the agreement 
with the US would be based the EU,s third pillar, because 
the purpose for which the data is used is not a Community 
objective.  De Kerchove said that he had discussed SWIFT with 
Jonathan Faull, Director General for Justice, Freedom and 
Security, and they had separately come to the same conclusion 
that this would require the negotiation of a US-EU agreement. 
 De Kerchove said that without an agreement the Commission 
would need to start infringement proceedings against Belgium 
and possibly 26 other member states for not properly applying 
the EU,s data protection directive. 
 
¶7.  (C/NF)  Freis responded that the facts in this case are 
completely different from PNR because the SWIFT data is in 
the US.  Freis said that to simply switch the word &SWIFT8 
for &airline8 in the PNR agreement does not work.  Freis 
said that the US could possibly make a public representation 
about how the data is treated and how it used, but that is 
very different from a treaty which raises a number of issues 
on the US side. 
 
¶8. (C/NF)  Freis also stressed that he wanted to work with 
the EU.  At the same time, Freis stated clearly that he does 
not yet know what the result of those discussions would be. 
In response to a question from de Kerchove, Freis confirmed 
that the US supported the Belgian proposal for having some 
sort of European group visit the US.  Freis said that the key 
issue would be who would participate and noted that including 
data protection authorities would be problematic. 
 
¶9.  (C/NF)  Freis asked what the EU needed to have legal 
certainty.  De Kerchove admitted that the EU &is in the 
mist8 following the European Court decision in the PNR case. 
 In the PNR case, because the data is being transferred to 
the US for a law enforcement purpose, it falls outside the 
scope of the EU data protection directive and into the EU,s 
third pillar where the member states ) and not the 
Commmission ) have competence.  Speaking frankly, de 
Kerchove said that in light of the ECJ decision it is not 
clear whether the EU,s third money laundering directive or 
the data retention directive should have been adopted under 
the EU,s first pillar, because they have a law enforcement 
objective.  He noted that in fact the Irish have challenged 
the adoption of the data retention directive because they 
believe it should have been a third and not first pillar 
instrument. 
 
Commission outlines proposal following original PNR agreement 
 
¶10.  (C/NF)  Faull opened the subsequent main meeting by 
noting that this was not a negotiation; the Commission has no 
mandate yet from member states to negotiate.  Moreover, the 
Commission was not seeking to expand its power, but rather to 
play a positive role towards a solution.  Faull stressed that 
SWIFT is an important issue with counter-terrorism 
implications as well as implications for the financial system 
and US-EU relations.  Faull said that the situation has 
created legal uncertainty for SWIFT and that as policy 
makers, the US and EU should try to help SWIFT.  Faull 
described SWIFT,s behavior as &foolish8 and made clear 
that SWIFT would have to take steps as well.  Faull said that 
the Commission has no quarrel with what the US does within 
its own jurisdiction.  Faull said that the EU shares the US 
policy objectives and benefits from the US analysis.  Later 
in the meeting, Faull said that both he and Commissioner 
Frattini are satisfied that the Treasury,s TFTP benefits the 
security of the EU. 
 
¶11.  (C/NF)  Faull stated that an agreement with the US under 
the EU,s third pillar was required to resolve this problem. 
Faull argued that this is because the purpose of the data has 
changed from commercial to counter terrorism purposes.  Freis 
took exception with the analysis.  Freis noted that all banks 
have an obligation to screen transactions to prevent money 
laundering.  Likewise, Freis pointed to the recently 
 
BRUSSELS 00000253  003 OF 005 
 
 
implemented EU regulation on wire transfers to prevent the 
financing of terrorism.  Faull took Freis, points, but said 
that it did not change the Commission,s analysis that there 
has been a change in the purpose of the data. 
 
¶12. (C/NF)  Faull said that there were three possible ways 
forward, but only one realistic one.  One would be to do 
nothing and live with the uncertainty and potential legal 
action against SWIFT in 27 EU member states.  The second 
would be to attempt bilateral agreements with all 27 member 
states.  The Commission's third alternative would be an 
agreement along the lines of PNR.  The agreement, as outlined 
by Faull, would have three parts ) undertakings, an 
international agreement and notification by SWIFT to its 
customers.  Comment:  The third aspect of customer 
notification is agreed in principle by all, and SWIFT and its 
banks are working towards implementation although the 
practical obstacles should not be under-estimated. END 
COMMENT.  According to Faull, this package would end the 
legal uncertainty in the EU and data protection authorities 
would not be able to challenge SWIFT. 
 
¶13.  (C/NF)  DOJ Attache Mark Richard asked Faull how the 
SWIFT case could be distinguished from other cases where the 
US requests data located in the US from a company for law 
enforcement purposes.  Richard asked if we would need to 
negotiate with the EU in each case in which data generated by 
EU entities is retained in the US and is sought by US law 
enforcement agencies?  Richard posited that such an approach 
would be unacceptable. Faull,s response was that we cannot 
deal with every problem at once ) and mentioned credit cards 
as an example -- and that issues eed to be dealt with one at 
a time.  Faull alo referred to the broader US-EU discussions 
o data protection in the law enforcement context.  Richard 
argued that to substitute the US and the EU for the private 
party in all conflict of law situations would be a sweeping 
and revolutionary new approach. Richard suggested that it 
would be better to modify the way in which SWIFT complies 
with the US subpoenas to take into account the EU data 
protection concerns, rather than to have a US-EU agreement. 
 
¶14.  (C/NF)  Faull said that SWIFT is faced with the dilemma 
of moving to a country that has adequate data protection or a 
US-EU agreement.  Freis responded that it would be 
unfortunate and irrational for SWIFT to move out of the US in 
response solely to European data protection concerns. 
 
¶15.  (C/NF)  Faull then provided further details on how the 
agreement would work.  The US would provide undertakings that 
would reflect how the US treats the data. The undertakings 
would be based on the exchange of letters between SWIFT and 
the US Treasury.  Faull said that the undertakings would make 
clear that the data is only used for counterterrorism purpose 
and that there is no data mining.  Faull said that the 
undertakings would also need to address data retention and 
deletion issues, IT security, redress for those wrongly 
caught up in the system.  The second part of the package 
would be a US-EU agreement that would refer to the 
undertakings.  Relying on the undertakings, the EU would say 
to SWIFT you may (or possibly you must) transmit data to the 
US in the knowledge that the data are subject to US laws and 
reference Treasury,s Terrorist Finance Tracking Program. 
SWIFT would also do more to inform their customers about how 
their data is being processed. 
 
¶16. (C/NF)  Freis asked for clarification as to what the US 
would be agreeing to do under the agreement.  Freis said that 
what Faull described as the agreement only involves the 
Commission and SWIFT and not the USG.  Faull admitted that 
the analogy of the agreement to a contract does break down, 
but said that an agreement between SWIFT and the EU would not 
be the right legal instrument.  He said that the Commission 
does not have agreements with private parties.  Freis 
responded that the linking of the undertakings and the 
agreement would be restricting the US subpoena powers.  Faull 
claimed that was not the intent and that wording could be 
found to make that clear.  Faull stated that the EU has no 
right to regulate the subpoena powers of the US.  Freis said 
that he would need to consider whether such an agreement 
would create precedents in the US, that regardless of an 
intent to distinguish facts here, they were proposing to 
restrict the exercise of U.S. domestic law enforcement 
authorities.  Freis also expressed great concern over how as 
a legal matter a distinction could be made between SWIFT 
where the Commission is requesting an agreement and other 
cases involving data kept by multinationals in multiple 
countries subject to domestic law enforcement. 
 
¶17.  (C/NF)  Faull asked if it would be possible for 
Europeans to be added to the oversight mechanism.  Freis said 
that the US was open to exploring the possibility of sharing 
 
BRUSSELS 00000253  004 OF 005 
 
 
more information about how the TFTP works and benefits 
Europe, and would be open to a visit to Washington.  Freis 
made clear that the US would have problems if the 
participants were European data protection authorities; this 
was a "non-starter." Faull noted this. 
 
¶18. (C/NF)  At the end of the meeting, Faull said that work 
had already started on a draft.  He offered to provide a 
proposal for the US to consider although he was not able to 
say when the draft would be ready.  (Note:  Faull left 
January 18 for a vacation through the end of January.)  Freis 
indicated a draft would be very helpful. 
 
UK:  Cooperative but protecting sovereign prerogatives 
 
¶19.  (C/NF)  Freis met separately with the UK Finance and JHA 
attaches.  Michael Collins from HM Treasury said the UK,s 
primary objective is to maintain the flow of data and USG 
access to it.  He said that within Whitehall there is no 
consensus on the best way forward.  Collins said that when 
the Commission presented the idea of negotiations to the EU 
Ambassadors on December 20, there was no consensus among 
member states.  He said that the Danes had demanded greater 
clarity on the way forward before exploratory talks with the 
US, and warned the Commission not to move without the member 
states.  He also said that the Germans had suggested that a 
special working party be set up in the Council, but since 
then the Germans have not followed up despite UK and other 
member state requests for more detail. 
 
¶20. (C/NF)  In another meeting, Vijay Rangarajan, UK JHA 
Counselor, made a very strong pitch for resolving the issue 
under the EU,s first pillar.  He argued that the Commission 
approach that this is a third pillar issue was wrong.  Taking 
a first pillar approach would require the Commission to make 
an adequacy determination with respect to the transmission of 
SWIFT data for commercial purposes.  Once the data is 
transferred to the US legally for commercial purposes under 
the adequacy determination, then the EU cannot deny the US 
access to the data for law enforcement purposes.  He said 
that he did not think an agreement was necessary or desirable 
for either the US or the EU.  He said that trying to do this 
under the EU,s third pillar would have consequences of 
&epic proportions8 for the UK because of the sensitivities 
of having the Commission dealing with the activities of 
intelligence agencies, which fall outside even the third 
pillar. 
 
¶21.  (C/NF)  Rangarajan said that the EU has been discussing 
internally how to deal with data protection in the third 
pillar for two years.  He said that they are farther away 
from an agreement than when the discussions started.  He said 
that trying to resolve SWIFT under the third pillar would run 
straight into all of those same issues which would not lead 
to a quick or easy resolution of the matter. 
 
Sweden:  a broad practical European approach 
 
¶22. (C/NF) At the Swedish Permanent Representation, Freis met 
with Charlotta Erikson, Counsellor for Financial Affairs, and 
Henrik Kjellin, who is responsible for data protection 
issues.  Erikson said that within the Swedish government, the 
Ministry of Finance has the lead on this issue.  From the 
Ministry,s perspective, there are three important aspects 
that need to be considered:  terrorism finance, data 
protection and the general payment systems.  She said that 
Sweden did not have a solution to offer, but that the 
government supported a practical European initiative. 
Erikson noted that because it involves payment systems, 
Sweden has been advocating for DG Internal Market to be 
involved as well.  Erikson said that while some have compared 
the SWIFT case to PNR, Sweden does not see the connection 
because in the SWIFT case the data is in the US. 
 
¶23.  (C/NF)  Speaking candidly, Erikson said that the 
Commission handling of this has been &sloppy8 with Frattini 
maing remarks to the European Parliament about negotiating 
with the US that caught everyone by surprise.  The day after 
speaking at the Parliament, Frattini briefed EU Ambassadors 
and said that he would be seeking a negotiating mandate in 
June.  Erikson commented that the process was backwards going 
to Parliament first.  She also noted that the European 
Parliament would likely &raise hell8 during meetings on 
SWIFT scheduled for the end of January, despite its limited 
competence in the issue, and will continue to keep the issue 
on the agenda. 
 
¶24.  (C/NF)  Erikson said that it is unclear how the German 
Presidency wants to handle the issue.  She said that the 
Germans are unhappy to have to deal with this issue, which 
was not foreseen as part of their Presidency program.  At 
 
BRUSSELS 00000253  005 OF 005 
 
 
some point, however, the Presidency and the Commission will 
need to work together.  Member states are now waiting to hear 
what the Commission has in mind as a way of resolving this 
problem and then they will react to the Commission proposal. 
 
 
¶25.  (C/NF)  Erikson said that Sweden has answered the letter 
that Commissioner Frattini sent to all member states in 
December.  According to Erikson, the Swedish response was 
basically that the government was not aware of the issue. 
 
¶26. (U) This cable was cleared by James Freis. 
 
GRAY 
.