SWIFT found in breach of Belgian laws

By EDRi · October 11, 2006

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

A report issued by the Belgian Government on the very discussed SWIFT case
of transfer of financial transaction data to the U.S. Government, concluded
that SWIFT breached the Belgian law.

The Belgian Commission responsible with the first report on the case stated:
“The Commission is of the opinion that SWIFT finds itself in a conflict
situation between American and European law and that SWIFT at the least
committed a number of errors of judgement when dealing with the American
subpoenas.”

The report says: “SWIFT should have complied with its obligations under the
Belgian privacy law, amongst which the notification of the processing, the
information, and the obligation to comply with the rules concerning personal
data transfer to countries outside the EU.”

The report also states that SWIFT, in transferring data to the US Treasury
should have observed the fundamental principles of European law such as
“the principle of proportionality, the limited retention period, the
principle of traprotection level.”

The commission reckoned SWIFT had tried to provide certain guarantees
through its negotiations with the U.S. Treasury, but considered these
attempts were inappropriate. It also stated that SWIFT should have notified
Privacy Commissioners and not only G-10 banks.

The European Data Protection Supervisor (EDPS) has also criticised the
European Central Bank (ECB) as a SWIFT customer, for not stopping the
Belgian banking company from sending European transaction details to US
authorities.

EDPS stated: “As to the role of the ECB as a SWIFT customer, the EDPS could
not avoid feeling that it had accepted an inappropriate risk by continuing
to transfer financial data through SWIFT after becoming aware of the
arrangement with the US authorities. As to the role of the ECB as financial
overseer, the EDPS would have expected more initiative to bring this
arrangement – of which it was made aware in February 2002 – to the notice of
relevant authorities and responsible governments”.

According to a set of recent non-answers provided by SWIFT to the questions
from EDRi-member quintessenz, SWIFT confirmed is still confronted with
ongoing subpoenas by US treasury and they still hand over large datasets .

Belgian Prime Minister condemns SWIFT data transfers to U.S. as ‘illegal’
(28.09.06)
http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-543789

EU privacy chief slams central bank over SWIFT claims (4.10.06)
http://www.out-law.com/page-7359

SWIFT answers to quintessenz Questions (2.10.2006)
http://quintessenz.org/doqs/000100003696/2006_10_02,SWIFT_Questions.pdf

EDRi-gram: European bodies discuss the SWIFT case (30.08.2006)
http://www.edri.org/edrigram/number4.16/swift