The European Parliament looks set to reject an agreement struck by EU national governments with the US last month that would allow the banking data of European citizens to be scrutinised by American border authorities.
The agreement reached is temporary. Nevertheless, the Parliament is incensed that it was not involved in drafting it, and it is using powers granted under a new EU treaty to assert its authority.
At the heart of the political storm is the SWIFT (Society for Worldwide Interbank Financial Telecommunication) cooperative that transfers bank data across borders. US authorities tapped SWIFT's databases in the wake of the terrorist attacks on 11 September, 2001, in a bid to trace terrorist financing.
SWIFT, headquartered in Belgium, was forced to hand over the data in the US Since then it has moved its data storage facilities to the Netherlands. The temporary agreement struck between the US. and EU member states last month will allow US authorities continued access to SWIFT data for counter-terrorism purposes.
The Parliament's civil liberties committee voted Friday to reject the agreement, arguing that it breaches the EU's stringent data protection laws.
If its view is shared by a majority of members of the European Parliament (MEPs) at next Thursday's plenary vote, the agreement would have to be withdrawn, which would leave SWIFT stuck between two conflicting legal requirements on either side of the Atlantic.
SWIFT declined to comment on the political wrangling over the issue.
The company will be keeping a "close watch" on the vote in the European Parliament next week, but spokeswoman Kara Condon would not be drawn on the likely outcome of the vote and its consequences for SWIFT.
Spooked by the civil-liberties committee vote, the right-of-centre European People's Party warned that a rejection of the agreement would be dangerous.
"We are convinced that the security threat to European citizens is real and substantial," said Joseph Daul, MEP and chairman of the EPP Group in the European Parliament. He added that the agreement is needed "to ensure the security of all Europeans and to fight terrorism."
A spokesman for the civil liberties group dismissed those claims as scaremongering.
Meanwhile, the European Commission, which helped draft the agreement, tried to offer MEPs reassurances that citizens' data would be protected. It has announced an update to rules governing the transfer of personal data to processors established in non-EU countries.
The new rules are designed to take account of the expansion of processing activities and new business models for international processing of personal data. They contain specific provisions to allow, under certain conditions, the outsourcing of processing activities to sub-processors, while ensuring a constant protection of personal data.
Vice President Jacques Barrot said the updated rules "ensure a balance between global business needs and protection of EU citizens' personal data."
Separately, the Commission also launched a public consultation Friday concerning the drafting of a permanent agreement on data sharing, to replace the temporary one agreed upon last month.
Companies and civil-rights and consumer groups are expected to contribute comments. The closing date of the consultation is 12 March. The consultation document can be found on the "Your voice in Europe" website.