EU panel asks SWIFT to stop giving banking data to U.S.

Privacy laws clashing with long-running surveillance operation

An international banking organization violated European Union and Belgian data privacy laws by turning over information to U.S. authorities for terrorism investigations, an independent panel set up by the European Commission has concluded.

The Society for Worldwide Interbank Financial Telecommunication SCRL (SWIFT) should cease violating data protection laws or face sanctions, the panel of European Union data protection officials said Thursday.

SWIFT, a cooperative owned by around 8,000 financial institutions, runs a messaging service that enables worldwide financial transactions among banks.

After the attacks on the U.S. of Sept. 11, 2001, Swift responded to court orders to hand over messaging information to the U.S. Department of the Treasury to track the financial transactions of suspected terrorists. Press reports revealed the long-running operation earlier this year.

The panel, known as the Article 29 Working Group, said Swift's actions could undermine the financial stability of the payment system.

"Any measure taken in the fight against crime and terrorism should not and must not reduce standards of protection and fundamental rights which characterize democratic societies," the panel said.

European laws forbid the transfer of personal data outside the EU to countries such as the U.S. that are considered to have weaker data protection measures.

Belgium-based SWIFT keeps the same data in two information storage facilities, in the U.S. and the Netherlands, which it says are each subject to local laws.

A spokesman for SWIFT said Friday that the organization turns over specific subsets of data to the Treasury Department based on narrow court-ordered requests and doesn't allow indiscriminate access. SWIFT negotiated with the U.S. government to monitor and audit the requests.

"People have this misunderstanding that the U.S. government has access to the totality of our traffic," the spokesman said.

The organization said it did not violate EU law in handing over the information. SWIFT said in a statement Thursday that it obtained guarantees from the Treasury Department to protect the confidentiality of the limited sets of data turned over to U.S. authorities. The company was "clearly caught in the middle," trying to help with financial intelligence for terrorism investigations and trying to ensure that data was protected, it said.

The panel also called on financial institutions within the EU to notify clients to how their personal data has been used and inform clients that U.S. authorities could have access to the data.

The panel's report will be studied by the commission, a spokesman for the Directorate-General for Justice, Freedom and Security said Friday. The report is nonbinding, however, the spokesman said.

Belgian authorities have also conducted a two-month investigation of the matter, concluding in September that SWIFT had violated EU and Belgian data privacy laws. However, the authorities stopped short of fining SWIFT.

SWIFT's spokesman said he is aware that Belgian prosecutors have an ongoing investigation.

Copyright © 2006 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon