Feeds

SWIFT to stop processing EU banking data in the US

But not until 2009

Combat fraud and increase customer satisfaction

Payments processing body SWIFT will stop processing European banking transactions in the US in 2009. It is planning a restructuring of its network and the building of a new operations centre in Switzerland.

SWIFT has been heavily criticised for allowing US authorities access to records of banking transactions involving European citizens. It was revealed by The New York Times last year that US intelligence agencies were allowed to view Europeans' transactions.

SWIFT argued that it was obliged to comply with US orders because it carried out hosting and processing of information in the US. European data protection officials have condemned the release of the information. European, Swiss, and Belgian data protection authorities all ruled that SWIFT had broken data protection laws in supplying the information without informing bank customers of the US surveillance.

Europe's advisory committee of privacy watchdogs, the Article 29 Working Party, has revealed that SWIFT is being reorganised to lessen the risk of surveillance, but not until 2009.

"The Working Party has been informed of recent measures taken by SWIFT with regard to transparency, as well as its decision to restructure its network," said a statement from the Working Party recounting the business of its meeting last week.

"The new structure foresees by the end of 2009 the creation of a new operation centre in Switzerland. This means personal data in intra-European transactions will no longer be processed in the US operating centre," said the body.

Brussels-based SWIFT is still under investigation by the Belgian Data Protection Authority for potential breaches of data protection legislation.

The European Commission agreed a deal with the US earlier this year on how much SWIFT data US authorities could use.

"The EU will have now the necessary guarantees that US Treasury processes data it receives from Swift's mirror server in USA in a way which takes account of EU data protection principles," said EU Commissioner for justice, freedom and security Franco Frattini in June.

"I welcome the United States' Treasury Department's unilateral representations and the opportunity the Treasury has given the European Union to have its views and concerns duly reflected in the representations."

Even after the new operations centre is built, transactions with a US element will still be processed in the US, and there is uncertainty about the location of processing of other kinds of transaction, the Working Party said.

"EU-US transactions will continue to be processed in the US. With regard to other international transactions involving both EU and non-EU banks the location of their storage is still to be defined."

The group said it approved of the changes in SWIFT. "The Working Party welcomes the clear progress made by SWIFT, especially on technical aspects of compliance with data protection principles," it said.

Copyright © 2007, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

SANS - Survey on application security programs

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Singapore decides 'three strikes' laws are too intrusive
When even a prurient island nation thinks an idea is dodgy it has problems
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.