European Investigation of SWIFT to Get Under Way Today
Data protection officials in several European countries are starting investigations about transfers to the CIA and FBI of information on financial transactions processed by the Society for Worldwide Interbank Financial Telecom (SWIFT). Today (Mon.), the Article 29 Group of European Data Protection Officers is expected to announce their next steps in what some members see as the worst violation ever of EU data protection laws. Separately, the data protection officer of the European Union, Peter Hustinx, has been asked by the EU parliament to investigate the role of the European Central Bank.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
SWIFT maintains the telecom network that processes up to 12 million financial transactions of 7,800 banking, brokerage and stock exchange organizations around the world. In June, the L.A. Times and N.Y. Times reported that SWIFT hq in Belgium had handed customer data to U.S. authorities after 9/11.
“These are in most cases highly [private] personal data, and we see the transfers of these data from European organizations to another country that does not have the same data protection standards as a new quality,” said Thilo Weichert of the Independent Center for Privacy Protection of Schleswig-Holstein (ULD) in Germany. Weichert said his organization had started investigations of all financial institutions under its jurisdiction and set a deadline for them to declare their organizational, technical and legal standards to protect customer data in international transactions. Data protection offices in other German states may follow suit.
What must be clarified in coming weeks is SWIFT’s legal nature, the ULD wrote in a background paper. That SWIFT isn’t a banking institution itself but only a “transaction provider,” allowed the U.S. Dept. of the Treasury to neglect mandatory banking confidentiality. This also was cited by the Belgian Banking Oversight Authority in saying it had no authority over SWIFT as a mere data processing agent. Many financial institutes weren’t aware of the data transfers, the ULD said.
SWIFT published a compliance statement saying it “cooperates with authorities to prevent illegal uses of the international financial system. Where required, SWIFT has to comply with valid subpoenas.”
After the Sep. 11 attacks, SWIFT “responded to compulsory subpoenas for limited sets of data from the Office of Foreign Assets Control of the United States Department of the Treasury,” the organization wrote. The main goal in negotiations with Treasury was “to preserve the confidentiality of our users’ data while complying with the lawful obligations in countries where we operate,” it said. SWIFT CEO Leonard Schrank, Chmn. Yawar Shah, and Deputy Chmn. Stephan Zimmermann, in their joint statement, said SWIFT’s efforts resulted in “significant protections and assurances as to the purpose, confidentiality, oversight and control of the limited sets of data produced under the subpoenas.”
Independent audit controls were introduced after SWIFT became convinced that the transfers would be permanent, wrote the ULD.