Feeds

Swiss banks broke privacy laws over SWIFT transfers: data chief

'Serious error of judgement'

The essential guide to IT transformation

Swiss banks broke the law by passing customer bank details to US authorities, Switzerland's top data protection official has said. The banks should have told customers that international transaction company SWIFT was passing details to the US, he said.

Hanspeter Thür, the Federal Data Protection Commissioner of Switzerland, said the banks broke data protection laws when they failed to inform customers that information was being transferred.

SWIFT (Society for Worldwide Interbank Financial Telecommunication) manages international payments between banks and has allowed US authorities to have access to transaction details since the terrorist attacks in the US of 11 September 2001.

Already the Belgian Data Privacy Commission has said that Brussels-based SWIFT broke privacy rules in allowing the information transfer. SWIFT conducts $6 trillion worth of transfers per day between 7,800 financial organisations.

A European Commission working party of data protection officials has expressed "concerns about the lack of transparency" surrounding the programme. The working party will soon decide whether or not to launch an independent audit of the situation.

News wire AP reports that Thür has said the actions of the Swiss banks broke data protection laws. He said that the problem was that data was being passed out of the country without the knowledge of the data subjects, and to a country with fewer privacy protections than Switzerland.

The massive Swiss banking industry is famed for its secrecy. Thür's report contradicts the view of Swiss finance minister Hans-Rudolf Merz, who recently said he believed the actions of Swiss banks were legal. He said they did not undermine Swiss sovereignty or break its banking secrecy rules.

The only major report to have emerged to date is the Belgian Data Privacy Commission's report. "It must be considered a serious error of judgement on the part of SWIFT to subject a massive quantity of personal data to surveillance in a secret and systematic manner for years without effective grounds for justification and without independent control in accordance with Belgian and European law," said the report.

"In this context SWIFT should from the beginning have been aware that, apart from the application of American law, also the fundamental principles under European law must be complied with, such as the principle of proportionality, the limited storage period, the principle of transparency, the requirement for independent control, and the requirement for an appropriate level of protection," it said.

At that time, a statement from SWIFT said the behaviour of its US office was legal, due to "valid and compulsory subpoenas". As regards to Europe, it said it tried to stay legal. "SWIFT also did its utmost to comply with the European data privacy principles of proportionality, purpose and oversight," said a statement.

See also: SWIFT broke privacy rules, says Belgian commissioner, OUT-LAW News, 03/10/2006

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

The essential guide to IT transformation

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
Banking apps: Handy, can grab all your money... and RIDDLED with coding flaws
Yep, that one place you'd hoped you wouldn't find 'em
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Primetime precrime? Minority Report TV series 'being developed'
I have to know. I have to find out what happened to my life
Broadband slow and expensive? Blame Telstra says CloudFlare
Won't peer, will gouge for Internet transit
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?