Feeds

US violated world's privacy with secret SWIFT checks

SWIFT breaks EU law to comply with US law

Security for virtualized datacentres

The US Treasury's Terrorist Finance Tracking programme had violated the privacy of up to 7,800 international financial institutions in its secret trawl through financial records held by the Belgian firm SWIFT.

The Belgian data protection registrar declared today that the Society for Worldwide Interbank Financial Telecommunication (SWIFT), which handles financial transactions on behalf of banks and other financial institutions in G10 countries, had violated Belgian data protection law by complying with the US Treasury's secret investigation.

"SWIFT should have complied with its obligations under Belgian data protection law," said the opinion of the Belgian Commission de la Protection de la Vie Privee today.

The firm should have informed the Belgian authorities that it was handing its clients records over the the US, and it should have complied with rules regarding the transfer of its data to a foreign country, said the opinion.

It recognised the efforts SWIFT took to comply with the US subpoenas on its data. Pressured by the US to keep the violation secret, SWIFT took its own steps to protect the privacy of its clients' data as much as it could.

But this was not enough: "SWIFT made some substantial errors of judgement in complying with the American subpoenas," said the opinion.

"From the beginning, SWIFT should have been aware that the fundamental principles of European law were to be observed, apart from the enforcement of American law," it continued.

The US Treasury had demanded to examine SWIFT's records in a hunt for terrorist financiers after 9/11.

It had unlimited access to this data for an unspecified time. The opinion said that in order to protect the privacy of its client's data, SWIFT should have ensured that the US snooping of its records was proportionate, that they were only retained for a limited examination, that the investigation was transparent to the European authorities and so on.

Yet a spokeswoman for the Belgian data protection registrar said the office would not prosecute SWIFT. She could not say why, but the opinion gave a clue.

"SWIFT finds itself in a conflict situation between American and European law," it said.

SWIFT jumped on this concession. A statement attributed to the firm's CEO, Leonard Schrank, said: "The review has raised important issues about the balance between data privacy for consumer protection purposes and use of financial data for security and counter-terrorism purposes."

He called for the US and EU authorities to formulate an agreement that "reconciled data privacy protections with today's pressing security concerns."

The Belgian opinion was going to be adopted by the European Commission's Data Protection Supervisor and form the basis of opinions formed by the registrars of all 33 countries where campaigners Privacy International filed complaints about SWIFT's co-operation with the US programme.

The Belgian registrar said it was not in the remit of today's opinion to consider whether Belgium's financial institutions had also offended its data privacy laws. Some of them at least would have been aware of the US snooping through their membership of SWIFT's co-operative board. Central banks in all G10 countries were also privy to the investigation without telling the authorities. The European Parliament is considering on Wednesday whether the ECB should be implicated. The Register found this week that it was.®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.