Report: Data Agency Broke Privacy Laws
EU alleges that SWIFT violated data protection laws in transferring data to U.S. to aid in anti-terror investigations.
A report by an EU panel said the bank data
transfer agency SWIFT broke European privacy laws by handing over personal
data to U.S. authorities for use in anti-terror investigations.
The Society for Worldwide Interbank Financial Telecommunication, "committed
violations of data protection laws" by secretly transferring data
to the United States, without properly informing Belgian authorities,
the EU's data protection panel said.
The panel's report calls on SWIFT, financial institutions and EU authorities
to "take the necessary measures" to end the transfer, which
it said contradicts Belgian and EU data protection rules. SWIFT is still
transferring data under U.S. subpoenas.
EU spokeswoman Pia Ahrenkilde Hansen said the report was adopted unanimously
by the 25-member panel which also chided the role of the European Central
Bank in the affair. It demanded clarification from the ECB over its role
in the affair. ECB President Jean-Claude Trichet has acknowledged his
bank knew of the transfers but could not prevent them.
"SWIFT is expected as well as financial institutions to take the
necessary steps immediately to remedy the present illegal infringement,"
Ahrenkilde Hansen said, adding the group will monitor the implementation
of the recommendation by SWIFT and the ECB and other national banks which
sit on SWIFT's oversight board.
The data protection officers have been drafting their report since September
and their conclusions come as no surprise following a similar finding
by a Belgian commission, which was tasked by the Belgian government and
the EU panel to investigate SWIFT's secret deal with the U.S. Treasury.
The European Commission, which could eventually launch a legal case against
Belgium for failing to uphold EU data protection rules, has said it would
await the final report of the EU data protection officers before deciding
what action to take.
Ahrenkilde Hansen said the Commission would "ensure correct implementation"
of EU data protection rules.
Belgian political leaders have already called on the EU to negotiate
with the United States on fixing the apparent legal limbo SWIFT finds
The EU panel report echoes the Belgian report which said that while the
company did all it could to live up to Belgian, EU and U.S. regulations
to hand over the requested information, it finds itself in a legal black
The company routes about 11 million financial transactions daily between
7,800 banks and other financial institutions in 200 countries, recording
customer names, account numbers and other identifying information.
SWIFT and top European bankers told a European Parliament committee last
month it had no power to prevent the transfer of personal data to U.S.
The company and Trichet called for the EU to sit down with Washington
and draft a new global deal to fix the legal quagmire which now exists
over the transfer deal.
The transfer deal between the U.S. Treasury and SWIFT was launched by
Washington after the Sept. 11 attacks.
The SWIFT case compounds legal and political clashes between Europe and
the United States over anti-terror measures and highlights divisions over
what lengths governments should go to in order to prevent attacks.
SWIFT officials have argued that it had no choice but to abide by U.S.
subpoenas for bank data, saying that if it refused to hand over the information,
it would have faced fines and possible criminal penalties like jail time.
"It is disturbing that none of the involved parties is willing to
take responsibility for the failure to protect the rights of EU citizens,"
said Kathalijne Buitenweg, a Dutch Green member of the European Parliament.
She called for a clarification of ECB and national bank rules in ensuring
they report all violations of EU privacy laws.