ECB had ‘moral responsibility’ to tell about US data transfers

The European Central Bank (ECB) had a moral responsibility to tell the EU and Belgian authorities that individuals’ financial information was being transferred to the US, the European Parliament has heard.

The European Data Protection Supervisor Peter Hustinx said that the ECB was bound by the EU treaties to respect civil liberties and human rights and should have informed the authorities that individuals’ data was not being protected in the transfers.

"I do see at least a moral responsibility and acquiescence on the question of the transfers to the US… and that they could have informed the Belgian authorities," he told a meeting of the Parliament’s economic and monetary affairs and civil liberties and justice and home affairs committees yesterday (4 October).

He added that the ECB itself was a customer of SWIFT, the Belgian-based money transfer company which sent the data to the US, and it allowed its employees’ financial information to be handed over, in violation of their rights. "The ECB has a responsibility it seems to me…not to put at risk the personal data of individuals who have contractual arrangements," added Hustinx.

But Jean-Claude Trichet, president of the ECB, said the bank had only a role of oversight of SWIFT to ensure "financial stability" and it could not go beyond that remit.

"We made it clear orally and in writing to SWIFT that we had absolutely no competence, and of course it was up to them to take their own actions and decisions," Trichet said. "The ECB has no authority to supervise SWIFT with regard to compliance with data protection laws."

The transfer of data began shortly after 11 September 2001 when the US treasury sent subpoenas to SWIFT to hand over the data for counter-terrorism purposes. SWIFT informed the ECB and the Belgian National Bank of the requests.

The data was already in the US because a European-based database simultaneously transmits information to a US-based database and therefore no data protection laws were broken in the EU, according to SWIFT.

But Alain Brun, who heads a unit on data protection in the European Commission’s department for justice, freedom and security, said the laws were violated. European citizens had a right to know if their information was being passed on to a third party. He questioned the testimony from the Belgian National Bank which said it did not inform the government of the transfers because of confidentiality. "Why was there respect for confidentiality rather than transparency?" asked Brun.

Francis Vanbever, chief financial officer at SWIFT, defended the transfers, saying that the information, which continues to be sent to the US authorities, was only made available to specific terrorist-related investigations and that the company would have faced civil and criminal sanctions if they had not complied.

MEPs were critical of this stance. "Do you think such an agreement [with the US] had greater legal value than EU legislation?" asked Dutch Liberal MEP, Sophia in ’t Veld. "The US government knew what was going on, the European Central Bank knew, SWIFT employees knew. Everyone knew except the institutions of the EU," said Greek Socialist MEP Stavros Lambrinidis.

Both Trichet and Vanbever called for an agreement between the EU and US on the transfers which would allow proper safeguards to be put in place.

The European Central Bank (ECB) had a moral responsibility to tell the EU and Belgian authorities that individuals’ financial information was being transferred to the US, the European Parliament has heard.

• Primary Source