We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Swift rapped for terrorism data violation

Investigation into terror transactions

An international banking organisation violated European Union and Belgian data privacy laws by turning over information to US authorities for terrorism investigations, an independent panel set up by the European Commission has concluded.

Swift (the Society for Worldwide Interbank Financial Telecommunication SCRL) should cease violating data protection laws or face sanctions, the panel of European Union data-protection officials said.

Swift, a cooperative owned by around 8,000 financial institutions, runs a messaging service that enables worldwide financial transactions between banks.

After the attacks on the US on 11 September 2001, Swift responded to court orders to hand over messaging information to the US Treasury Department to track financial transactions by suspected terrorists. Press reports revealed the long-running operation earlier this year.

The panel, known as the Article 29 Working Group, said Swift's actions could undermine the financial stability of the payment system.

"Any measure taken in the fight against crime and terrorism should not and must not reduce standards of protection and fundamental rights which characterise democratic societies," the panel said.

European data protection laws forbid the transfer of personal data outside the EU to countries such as the US that are considered to have weaker data protection measures.

Swift, based in Belgium, keeps the same data in two information storage facilities, in the US and the Netherlands, which it says are each subject to local laws.

A spokesman for Swift said the organisation turns over specific subsets of data to the Treasury based on narrow court-ordered requests and doesn't allow indiscriminate access. Swift negotiated with the US government to monitor and audit the requests.

"People have this misunderstanding that the US government has access to the totality of our traffic," the spokesman said.

The company said it did not violate EU law in handing over the information. It obtained guarantees from the Treasury Department to protect the confidentiality of the limited sets of data turned over to US authorities, it said. The company was "clearly caught in the middle" trying to help with financial intelligence for terrorism investigations and trying to ensure data was protected, it said.

The panel also called on financial institutions within the EU to notify clients to how their personal data has been used and inform clients that US authorities could potentially have access to the data.


IDG UK Sites

Amazon Kindle Voyage release date, price and specs UK: a high-end eReader with Amazon’s best-ever...

IDG UK Sites

Why local multiplayer gaming is rapidly vanishing: we look at the demise of split-screen and LAN...

IDG UK Sites

How to successfully bridge the gap between clients and creatives

IDG UK Sites

How to update your iPhone or iPad to iOS 8: including how to install iOS 8 if you don't have room