Feeds

US violated world's privacy with secret SWIFT checks

SWIFT breaks EU law to comply with US law

Top 5 reasons to deploy VMware with Tegile

The US Treasury's Terrorist Finance Tracking programme had violated the privacy of up to 7,800 international financial institutions in its secret trawl through financial records held by the Belgian firm SWIFT.

The Belgian data protection registrar declared today that the Society for Worldwide Interbank Financial Telecommunication (SWIFT), which handles financial transactions on behalf of banks and other financial institutions in G10 countries, had violated Belgian data protection law by complying with the US Treasury's secret investigation.

"SWIFT should have complied with its obligations under Belgian data protection law," said the opinion of the Belgian Commission de la Protection de la Vie Privee today.

The firm should have informed the Belgian authorities that it was handing its clients records over the the US, and it should have complied with rules regarding the transfer of its data to a foreign country, said the opinion.

It recognised the efforts SWIFT took to comply with the US subpoenas on its data. Pressured by the US to keep the violation secret, SWIFT took its own steps to protect the privacy of its clients' data as much as it could.

But this was not enough: "SWIFT made some substantial errors of judgement in complying with the American subpoenas," said the opinion.

"From the beginning, SWIFT should have been aware that the fundamental principles of European law were to be observed, apart from the enforcement of American law," it continued.

The US Treasury had demanded to examine SWIFT's records in a hunt for terrorist financiers after 9/11.

It had unlimited access to this data for an unspecified time. The opinion said that in order to protect the privacy of its client's data, SWIFT should have ensured that the US snooping of its records was proportionate, that they were only retained for a limited examination, that the investigation was transparent to the European authorities and so on.

Yet a spokeswoman for the Belgian data protection registrar said the office would not prosecute SWIFT. She could not say why, but the opinion gave a clue.

"SWIFT finds itself in a conflict situation between American and European law," it said.

SWIFT jumped on this concession. A statement attributed to the firm's CEO, Leonard Schrank, said: "The review has raised important issues about the balance between data privacy for consumer protection purposes and use of financial data for security and counter-terrorism purposes."

He called for the US and EU authorities to formulate an agreement that "reconciled data privacy protections with today's pressing security concerns."

The Belgian opinion was going to be adopted by the European Commission's Data Protection Supervisor and form the basis of opinions formed by the registrars of all 33 countries where campaigners Privacy International filed complaints about SWIFT's co-operation with the US programme.

The Belgian registrar said it was not in the remit of today's opinion to consider whether Belgium's financial institutions had also offended its data privacy laws. Some of them at least would have been aware of the US snooping through their membership of SWIFT's co-operative board. Central banks in all G10 countries were also privy to the investigation without telling the authorities. The European Parliament is considering on Wednesday whether the ECB should be implicated. The Register found this week that it was.®

Security for virtualized datacentres

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Big Content outs piracy hotbeds: São Paulo, Beijing ... TORONTO?
MPAA calls Canadians a bunch of bootlegging movie thieves
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Verizon bankrolls tech news site, bans tech's biggest stories
No agenda here. Just don't ever mention Net neutrality or spying, ok?
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.