On 7 July 2010, the European Parliament (EP) approved the new SWIFT agreement on bank data transfers to the US for counter-terrorist purposes (SWIFT Agreement).

The political debate in the run-up to the adoption of the SWIFT Agreement was highly controversial. The first version of the agreement was rejected by the EP in February 2010 for data protection reasons. Major concerns were the limitation of the data amount that could be transferred to the US and the prevention of abuse of data transfer. The EP has, however, since then negotiated certain safeguards for Europe's citizens and while it did not succeed in fully eliminating bulk data transfers, it has won an undertaking that work on setting up an EU equivalent to the US "Terrorism Finance Tracking Program" (TFTP), which would preclude the need for bulk data transfers, will start by July 2011.

The SWIFT Agreement now empowers Europol, the EU's criminal intelligence agency, to block data transfers to the US; hence, Europol will be tasked to check that every data transfer request by the US Treasury is justified by counter-terrorism needs and that the volume of the data is as small as possible.

Moreover, the SWIFT Agreement provides that the use of data by the Americans, which must be exclusively for counter-terrorism purposes, will be supervised by a group of independent inspectors, including someone appointed by the European Commission and the EP. This person will be entitled to request justification before any data is used and to block any searches he or she considers illegitimate. The SWIFT Agreement additionally prohibits the US TFTP from engaging in "data mining" or any other type of algorithmic or automated profiling or computer filtering. Any searches of SWIFT data will have to be based on existing information showing that the object of the search relates to terrorism or terrorism finance.

Extracted data may be retained only for the duration of the specific procedures and investigations for which they are used and the US Treasury is obligated to monitor that any data that has not been individualised within one year is deleted.

Finally, the US is obligated to guarantee European citizens the same judicial redress procedures as those applied to data held in the territory of the European Union.

The SWIFT Agreement is due to take effect on 1 August 2010 with an initial term of five years and year-by-year renewable options after that. However, Europeans and Americans will have to assess how the agreement's safeguards and control systems are functioning, at the latest within six months of its entry into force.