The  agreement contains guarantees that ensure protection of EU citizens' data, while enabling US and EU law enforcement authorities to make use of a paramount tool in the fight against terrorism, said the EU's executive statement.

"The European Commission has negotiated on behalf of the European Union an agreement that will increase the security of European citizens while at the same time fully respecting their rights to privacy and data.

"It will now depend on the EU Council of ministers to approve the agreement which will require the consent of the European Parliament before it can enter into force," said (right) Cecilia Malmstrom, EU Commissioner for Home Affairs.

Under the new agreement, the European police body, Europol, will assess whether the data requested in any given case in the so-called Terrorism Finance Tracking Programme are necessary for the fight against terrorism and its financing. If a request for data does not meet the conditions, no data can be transferred under the agreement.

The Programme was set up after the 9/11 attacks. In 2006 it emerged that the US authorities were tapping the US-based database of the Society for Worldwide Interbank Financial Telecommunication (SWIFT).

The Belgium-based SWIFT which handles 80% of the world's electronic financial transfers from 208 countries moved its data base to Europe after the scandal. The European Parliament rejected the last SWIFT agreement in February, due to data privacy concerns, which is why a new agreement has to be renegotiated.

'Profoundly' unbalanced powers of data transfer
Privacy expert, Dr Chris Pounder is urging MEPs to continue to reject the deal. The European Parliament has rejected subsequent attempts as recently as February, insisting that the European Commission win more protection for Europeans' personal information.

The new proposeal does includes the stipulation that Interpol officers must approve requests for information, but it is still granting US authorities more power over EU records than EU authorities have over US data.

Chris Pounder, (right) director of Amberhawk Training (formerly of law firm Pinsent Masons) says In Hawktalk that that request requirement is no barrier to excessive information transfer.

"The Agreement," he points out, "partly through failing to define terrorism," and then defining a range of activities but failing to label them 'terrorist' effectively "has the potential to transform law-abiding fire-fighters pursuing an industrial dispute into “terrorists.”

"The Draft Agreement appears to be wholly unbalanced," he adds. "Article 4 allows the US Treasury to obtain 'Data' on request. All the Treasury need do is specify the categories of data it wants as being necessary in connection with terrorism, get the formal approval of fellow security officers in Europol, and the personal data can be transferred.

"Note there is no judicial warrant needed in relation to requests which could involve considerable amounts of personal data. However, when the EU wants data from the USA, Article 10 requires them to identify 'a person or entity that there is reason to believe has a nexus to terrorism or its financing'.

"The difference between the two approaches is profound," Pounder says.