Bank faulted over data transfers to U.S.
By Dan Bilefsky
International Herald Tribune
Published: September 28, 2006
BRUSSELS The Belgian banking consortium Swift breached European privacy
rules when it aided the U.S. anti-terrorism program by providing confidential
information about money transfers, Belgium's privacy protection commission
"It has to be seen as a gross miscalculation by Swift that it has,
for years, secretly and systematically transferred massive amounts of
personal data for surveillance without effective and clear legal basis
and independent controls in line with Belgian and European law,"
the report said.
Swift, or the Society for Worldwide Interbank Financial Telecommunications,
has come under scrutiny for participating in a Bush administration program
that allows analysts from the Central Intelligence Agency and officials
from other U.S. agencies to search for possible terrorist financing activity
among the millions of confidential financial transactions it oversees.
Washington has defended the secret program, which began after the Sept.
11, 2001, terrorist attacks in New York and Washington. But critics in
Europe argue that it placed U.S. security interests ahead of European
A European Union working group debated this week whether the program violates
European banking law and is considering whether an independent auditor
should be appointed to prevent possible privacy abuses.
Presenting the findings of the investigation, Prime Minister Guy Verhofstadt
of Belgium said he recognized that sharing data on financial transfers
was essential in the global fight against terrorism. But he took Swift
to task for passing on confidential financial information without adequate
safeguards that European privacy rules would be respected.
"Swift finds itself in a conflicting position between American and
European law," Verhofstadt said. "But it should have received
stronger guarantees of privacy protection based on European standards
- not by American standards, which are not as strong."
Such guarantees should have included stronger safeguards that the information
was being used only for terrorism investigations, Belgian officials said.
Under European law, companies are forbidden from transferring confidential
personal data to another country unless that country offers adequate protections.
The EU does not consider the United States to be a country that offers
sufficient legal protection of individual data.
The commission report said Swift had transferred confidential information
to the United States without establishing a sufficient legal basis to
do so in Belgium and the European Union.
Swift has defended the transfers on the grounds that it has offices in
the United States and was meeting its legal obligations by upholding U.S.
But the commission rejected this argument. It said Swift was still subject
to Belgian rules, regardless of whether the data transferred to U.S. authorities
came exclusively from the company's U.S. subsidiary rather than its global
headquarters in Brussels.
Referring to the broad administrative subpoenas issued to Swift by the
U.S. Treasury, the commission said "Swift should have realized that
exceptional measures based on American rules do not legitimize hidden,
systemic violations of fundamental European principles related to data
protection over a long period of time."
Verhofstadt said Belgium's privacy protection commission had not yet moved
to take legal action against Swift. Instead, he said, Belgium would push
its EU partners to open talks with the United States on a new agreement
on the transfer of financial records to be used in terror investigations.
Swift dismissed criticism that it had done anything unlawful, saying it
received strong assurances that the data would be used exclusively for
terrorism investigations. But the chief executive of Swift, Leonard Schrank,
agreed that the United States and Europe needed a common framework to
reconcile data protection with the fight against terrorism.
"We need an agreement between the EU and the U.S. that recognizes
the global threat of terrorism but has a comfort level for those seeking
to guarantee data protection," he said. "We are caught between
complying with the U.S. and European rules and it's a train wreck. But
what we have done saves lives in the U.S. and Europe and we must not lose
sight of that."
Asked why Swift had not notified European authorities about the data transfers
- a criticism made by the Belgian commission - Schrank said that Swift
had satisfied disclosure rules but had taken the decision "not to
notify broadly" out of fear of harming global security by tipping
He declined to say whether Swift was still transferring such data to the
United States, but said that the consortium was still obligated to answer
subpoenas from the U.S. authorities because it conducted substantial business
The EU and the United States are increasingly at odds over how to reconcile
civil liberties with the fight against terrorism. Recent allegations that
the United States kidnapped terrorist suspects on European soil and detained
them in secret detention centers has sparked fierce criticism from European