Europe’s banks dragged into Swift EU data scandal

All European banking institutions involved in Swift financial transactions share some responsibility for data protection “violations”, the EU’s privacy watchdog has found.

An EU committee of national data protection supervisors on Thursday ruled in a 30 page report that handovers of banking data by an industry-owned consortium had broken European law.

The watchdog also called on the Belgian based Society for Worldwide Interbank Financial Telecommunication (Swift) and all EU banking users of the service to halt data transfers.

“Swift committed violations of data protection laws by transferring data to the US,” found the EU working group.

“Swift and financial institutions must immediately take the necessary measures to end this illegality.”

There have been over two billion Swift transactions in 2006, to date, and the consortium has over 2300 members in 2007 countries across the world.

Two thirds of Swift transactions – 65.8 per cent – are in Europe, traffic, involving most banking institutions, that has been handed over to US agencies since 2001.

The European commission is set to discuss the “article 29” committee ruling, the body is set up under EU data protection law to ensure privacy rights are enforced.

“Swift is requested, along with the financial institutions, to take the necessary steps immediately to remedy the present illegal infringement,” said a commission spokeswoman.

While the data protection opinion is not binding on Brussels, officials have signalled that the commission is now set to raise the issue during EU-US security talks.

“The European commission will take a decision on this in the coming weeks,” said an official. “It is an opinion that has a lot of weight.”

“The commission wants to start a specific dialogue with the US on this issue.”

The secret handovers of financial data relating to European banking transactions only emerged following media reports .

Press coverage – despite Washington attempts to gag newspapers – revealed activities that the ECB, European central banks and at least one national government were aware of.

The finding follows a September Belgian investigation that Swift, the banking industry owned consortium is based in Brussels, had broken the law.

“It has to be seen as a gross miscalculation by Swift that it has, for years, secretly and systematically transferred massive amounts of personal data for surveillance without effective and clear legal basis and independent controls in line with Belgian and European law,” said the report.

Last week Swift chief executive Leonard Schrank attacked “irresponsible” media for revealing the secret transfers.

Schrank argues that data protection watchdogs are behind the times and that Swift should be praised for handing over information to US security agencies including the CIA.

“The real issue is how you provide financial intelligence for counterterrorism with appropriate protections,” he said on November 16.

“Rather than being criticised by data-protection organizations, actually we should be commended for setting a new standard.”

• Previous article
• Next article