You know what happens when your elected representatives fight for your privacy? Counterterrorism investigators actually grant you some!

At issue is SWIFT–the database that tracked most international money transfers which the Bush Administration mined in its counterterrorism fight. When SWIFT’s server moved to the EU, the US tried to demand the same access as it had had previously. But the EU Parliament–strengthened by the Lisbon treaty–rejected the terms the US initially demanded. And as negotiations went on, the EU insisted on safeguards for its citizens.

Well, the EU finally signed an agreement with the US, and here are the protections the EU won for its citizens (h/t LES):

Elimination of bulk data transfers

The key to the deal for Parliament was the eventual elimination of “bulk” data transfers. In exchange for backing the agreement, MEPs won an undertaking that work on setting up an EU equivalent to the US “Terrorism Finance Tracking Program” (TFTP), which would preclude the need for bulk data transfers, will start within 12 months. Once Europe has a system enabling it to analyse data on its own territory, it need only transfer data relating to a specific terrorist track.

A new role for Europol

Another innovation of the new agreement is that it empowers “Europol”, the EU’s criminal intelligence agency based in The Hague, to block data transfers to the USA. Europol will have to check that every data transfer request by the US Treasury is justified by counter-terrorism needs and that the volume of data requested is as small as possible.

An EU representative in the USA to monitor data processing

The new version of the agreement also provides that the use of data by the Americans, which must be exclusively for counter-terrorism purposes, is to be supervised by a group of independent inspectors, including someone appointed by the European Commission and the European Parliament. This person will be entitled to request justification before any data is used and to block any searches he or she considers illegitimate.

The agreement prohibits the US TFTP from engaging in “data mining” or any other type of algorithmic or automated profiling or computer filtering. Any searches of SWIFT data will have to be based on existing information showing that the object of the search relates to terrorism or terrorism finance.

Right of redress for European citizens

In February 2010, MEPs demanded that under any new version of the agreement European citizens should be guaranteed the same judicial redress procedures as those applied to data held on the territory of the European Union. The new proposal says this time that US law must provide a right of redress, regardless of nationality.

Data retention and deletion

Extracted data may be retained only for the duration of the specific procedures and investigations for which they are used. Each year, the US Treasury must take stock of any data that have not been extracted, and hence individualised, which will no longer be of use for counter-terrorism purposes, and delete them.  Such data must be deleted after five years at the latest.

There will be two checks–at the Europol level and via an EU representative working in the US–to make sure the data is being accessed appropriately. Within a year, Europe will assume the role the US is now playing. And the agreement at least grants redress in court and limits on data retention (though like those in Europe who opposed this deal, I’m skeptical of the efficacy of these requirements).

That’s more than we American citizens get under some of the provisions of the PATRIOT Act.

Then again, some of our representatives tried to win greater protections for US persons last year. But short of doing what the EU did–withdrawing US access to the data–Congress was unable to win concessions from the Administration.