« OFCOM consultation: Good news for iPod fans and CBers | Main | Don't suck, blow. Actually, that doesn't work either. »

06 October 2006

SWIFT transfers of personal data to US ruled illegal; European Central Bank criticised for failure to act

The Belgian Data Protection Commissioner ruled earlier this week that SWIFT acted illegally in transferring personal data to the US. SWIFT provides communication services between financial institutions. Since that ruling, the European Central Bank has been criticised by the European Data Protection Supervisor for failing to do anything when it became aware of these transfers.

SWIFT's data transfers

  • SWIFT processes transactions made between international banks. It stores its data at 2 data centres - one in Europe and one in the USA. Both contain the same data.
  • After 9/11, the US government issued multiple subpoenas to SWIFT. After negotiation to ensure that the US authorities would only search the data if relevant to an investigation into terrorism, SWIFT began transferring details of transactions between international banks to the US authorities.
  • This became public knowledge in June 2006. The Belgian Data Protection Commission received complaints about the transfers from numerous countries.

A story by Privacy International, which itself complained about the transfers, gives further detail.

Belgian Data Protection Commissioner ruling

Earlier this week the Belgian Data Protection Commissioner ruled that the transfers of personal data to the US authorities were illegal and that SWIFT should have complied with its data protection obligations.

Ruling (this is in French)

English translation (this has not been approved by the Belgian Data Protection Commissioner)

European Data Protection Supervisor criticises European Central Bank

Following the ruling, the European Data Protection Supervisor,the EU supervisory authority on data protection matters, issued preliminary findings on the matter. The Supervisor found that the European Central Bank should have acted when it became aware of the transfers, and should have made them public as early at 2002. In a statement Peter Hustinx, who is the current Supervisor, said:

"We have not concluded our investigation on ECB's role yet, but there are already some observations that I can share publicly. I basically challenge the fact that the ECB continued to allow confidential client banking data to pass to the US although it had become aware of the systematic access by American authorities. Moreover, I cannot help feeling that the ECB should have at least felt morally obliged to inform European governments and authorities about this scheme."

Press release by the European Data Protection Supervisor

Posted at 09:27 AM in Data Protection |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c948553ef00d8356a9d4a69e2

Listed below are links to weblogs that reference SWIFT transfers of personal data to US ruled illegal; European Central Bank criticised for failure to act:

Comments

The comments to this entry are closed.

About IMPACT

Contact IMPACT

  • Feel free to email the IMPACT team with any suggestions for new content, or if you'd like us to assist you with any legal issues.

Search


  • search the web
    search IMPACT

The legal bit

  • The news and articles on IMPACT are not legal advice and you shouldn't rely on them as if they were. Please don't act on any of the information on this blog without getting professional advice on the subject. Like most free general information blogs, we don't accept any liability in connection with your use of the information on the site.

    If you do need specific legal advice, the team behind IMPACT would be delighted to help.

    Creative Commons License

    We post the information on this blog under a Creative Commons Attribution NonCommercial ShareAlike 2.0 Licence (English law). You provide any comments and materials that you make on the same Creative Commons licence terms.

    Find out why we use a Creative Commons licence.

    We've registered our brands as trade marks. The following links will take you to the registrations for IMPACT, Freeth Cartwright and FC.

Accessibility

  • We take accessibility very seriously. We want everyone to be able to access the stuff we've put on the blog. If you've got any comments or suggestions for how to make the blog more accessible, please email the team.

    To learn more about accessibility and why it's important see our article Making websites open to all. There are more accessibility posts in the Accessibility section of IMPACT.