SWIFT transfer was ‘illegal’, says data watchdog

Author (Person)
Series Title
Series Details 16.11.06
Publication Date 16/11/2006
Content Type

The chairman of the group of European data protection supervisors has said he believes the transfer of personal banking information to the US authorities by SWIFT, a network owned by financial institutions, was illegal.

Peter Schaar and the group of supervisors are expected to deliver next week (21-22 November) an opinion that the transfers contravene European law.

The group, known as the Article 29 Working Party, may recommend that European banks sign contracts promising that customers’ information will be processed in line with European data protection law, Schaar said. SWIFT could also be told to separate its data-sharing systems, where information that is received in a European database automatically gets transferred to a US-based database. "The process as a whole is not complying with European law because there are no adequate safeguards at the recipient [US side]," he told European Voice.

The European Commission is awaiting the supervisors’ opinion on the legality of the transfers before making a decision on whether to take Belgium to court over the SWIFT case for not implementing EU data protection law.

SWIFT, which operates a system used by banks to make international transfers, began giving data to the US authorities for counter-terrorism purposes when it was served with subpoenas following the 11 September attacks. Since the information was held in the US database, SWIFT said it had to comply with US demands.

While he is not aware of similar cases taking place where European citizens’ data is being transferred to the US in secret and without adequate protection, Schaar said the US Patriot Act could allow similar situations to arise. "We all know the Patriot Act and this gives US authorities many powers to access personal data that is under the US legislation, so if I use credit cards of US-based companies or other services based in the US I could imagine that this would underlie the Patriot Act," he said.

Belgian Prime Minister Guy Verhofstadt has called for an EU agreement with the US on the transfer of this data, similar to the PNR agreement which allows airline passengers’ data to be transferred to the US, but Schaar said this might not necessarily ensure adequate data protection. "I am not sure about the results and how far such an agreement could come to an acceptable and appropriate level of protection of European citizens," he said.

He said there was a "watering down of the safeguards" on data in a recent deal struck between the EU and US on PNR transfers and warned against giving the US further concessions when a new deal is negotiated before the end of July.

"There should be a follow-up and from our side the follow-up must be better than the present situation but I fear that the US want more data and perhaps for more authorities and for a longer retention period," he said.

Schaar was also sceptical about a Commission proposal, expected before the end of the year, to establish a system for collecting data on airline passengers coming into the EU. "The question is what will the European authorities do with this data. I have no objections to specific requirements to specific flights but a general obligation to communicate in advance to police and other authorities, I cannot share this view."

The chairman of the group of European data protection supervisors has said he believes the transfer of personal banking information to the US authorities by SWIFT, a network owned by financial institutions, was illegal.

Source Link Link to Main Source http://www.europeanvoice.com