Cookies on Pinsent Masons website

This website uses cookies to allow us to see how the site is used. The cookies cannot identify you. If you continue to use this site we will assume that you are happy with this

If you want to use the sites without cookies or would like to know more, you can do that here.

SWIFT broke privacy rules, says Belgian commissioner

A European banking organisation broke privacy rules by allowing the transfer of citizens' transaction details to US authorities, the Belgian privacy protection commissioner has ruled. EU officials may appoint an independent auditor to investigate.03 Oct 2006

The Society for Worldwide Interbank Financial Telecommunications (SWIFT) co-ordinates payments between financial institutions and has its headquarters in Brussels and offices in the US. The New York Times revealed in June that it had been passing details of European banking transactions involving the US to the US Government since the terrorist attacks in the US of 11th September 2001.

SWIFT has maintained that it acted legally but the Belgian Data Privacy Commission has said that privacy rules were broken. "The Commission is of the opinion that SWIFT finds itself in a conflict situation between American and European law and that SWIFT at the least committed a number of errors of judgement when dealing with the American subpoenas," said an unofficial and temporary translation provided by the Commission.

"It must be considered a serious error of judgement on the part of SWIFT to subject a massive quantity of personal data to surveillance in a secret and systematic manner for years without effective grounds for justification and without independent control in accordance with Belgian and European law," says the report. "In this context SWIFT should from the beginning have been aware that, apart from the application of American law, also the fundamental principles under European law must be complied with, such as the principle of proportionality, the limited storage period, the principle of transparency, the requirement for independent control and the requirement for an appropriate level of protection."

The report makes reference to another controversial data transfer deal, that between the European Commission and the US over the handing over of inbound airline passenger details to the US and says that SWIFT should have told European authorities what it was doing.

"The Commission also refers to the international precedent in the PNR-case. The authorities competent in data protection (the Commission, its peers and the European Commission) should have been informed from the beginning, which would have made it possible to work out a solution at European level for the communication of personal data to the US, with respect for the above-mentioned principles which apply under European law. For this purpose, the Belgian government could have been asked for an initiative at European level."

A statement from SWIFT said that the behaviour of its US office was legal, due to "valid and compulsory subpoenas". As regards to Europe, it said it tried to stay legal. "SWIFT also did its utmost to comply with the European data privacy principles of proportionality, purpose and oversight," said a statement.

"The review has raised important issues about the balance between data privacy for consumer protection purposes and use of financial data for security and counter-terrorism purposes," said SWIFT chief executive Leonard Schrank.

Belgian prime minister Guy Verhofstadt said that SWIFT should have taken more account of Europeans' privacy rights. “SWIFT finds itself in a conflicting position between American and European law," he said. “But it should have received stronger guarantees of privacy protection based on European standards, not by American standards, which are not as strong.”

Last week a meeting of the 25 European Union data protection officials expressed "immediate concerns about the lack of transparency which has surrounded" the transfer deal and agreed to make a decision next month about what action could be taken. One option to be considered is the appointment of an independent auditor to review the case, according to the New York Times.

Join My Out-Law

  • See only the content that matters to you
  • Tailor Out-Law to your exact needs
  • Save the most useful content for later reading
  • Tailor our weekly eNewsletter to your interests

Join My Out-Law

Already signed up to My Out-Law? Sign in