EU lawmakers assail Swift over data sharing
By Dan Bilefsky
International Herald Tribune
Published: October 4, 2006
BRUSSELS European Union legislators lashed out at Swift and one of its
key supervisors, the European Central Bank, which acknowledged Wednesday
that it had known for years that the banking consortium was handing over
confidential banking records to the U.S. authorities, but had decided
not to take action.
Last week, the Belgian privacy commission accused Swift, the Society for
Worldwide Interbank Financial Telecommunications, which is based in Belgium,
of flouting European data protection rules by participating in a Bush
administration program that allows analysts from the Central Intelligence
Agency and officials from other United States agencies to search for possible
terrorist financing activity among millions of confidential financial
An investigation by the privacy commission concluded that Swift had breached
European privacy rules, calling the secret financial transfers "a
gross miscalculation." A separate EU group, meanwhile, is investigating
whether Swift violated European banking law and is considering whether
an independent auditor should be appointed to prevent possible privacy
In a heated parliamentary hearing, European Union lawmakers said Swift
and the bodies that oversee it had ignored EU privacy rules by failing
to inform EU institutions or European citizens about the information transfers.
Several called on Swift to move its U.S. operations to Canada to prevent
the United States from breaching European civil liberties. Others demanded
to know why they had learned of the transfers from a report in The New
York Times rather than from the European Central Bank, which knew of the
transfers as early as June 2002.
"What we have seen is a culture clash between Europe and the U.S.
in which the Americans think they can do whatever they want in the fight
against terror," said Sophie In 't Veld, a Dutch legislator from
the Liberal grouping and leading advocate of civil liberties. "The
European Central Bank and other European institutions that oversee Swift
are partly responsible for failing to have informed European citizens
when they learned about the transfers."
But the president of the European Central Bank, Jean-Claude Trichet, said
that such powers were beyond the authority of his bank or of European
national banks. "We made it clear orally and in writing to Swift
that we had absolutely no competence and of course it was up to them to
take their own actions and decisions," Trichet said, referring to
Swift's notification to the bank that it had received subpoenas for the
data from the U.S. authorities.
"We gave no blessing to Swift to comply with U.S. subpoenas,"
Trichet said. "But the ECB has no authority to supervise Swift with
regard to compliance with data protection laws."
His view was echoed by Peter Praet, president of the National Bank of
Belgium, which heads an oversight group for Belgium-based Swift that includes
the ECB, the Bank of Japan and the U.S. Federal Reserve. He said the National
Bank had concluded that the transfers were outside its competence because
they posed no threat to financial stability, which is the bank's main
Trichet said the Swift affair had underlined the need for common rules
on how to reconcile data protection and the fight against terrorism.
Under European law, companies are forbidden from transferring confidential
personal data to another country unless that country offers adequate protections.
The European Union does not consider the United States to be a country
that offers sufficient legal protection of individual data.
But European lawmakers said Swift, which has offices in both Belgium and
the United States, had found itself in a legal quagmire because of a lack
of clarity over which rules it should obey.
"There's a lot of obscurity on what rules prevail - U.S. laws, European
directives, international conventions," said Kartika Liotard, a Dutch
legislator from the Socialist group. "The transfer of data by Swift
to the American authorities seemed to slip through all of them."
Alain Brun, head of data protection at the European Commission, the EU's
executive branch, which is also examining Swift's actions, told the hearing
that he believed Swift had flouted European laws. "There are a number
of infringements," he said, citing a lack of transparency in the
data transfers. "The aim of fighting terrorism is a viable one, but
EU rules must be obeyed."
Francis Vanbever, Swift's chief financial officer, defended the transfers,
saying Swift had obeyed European rules by only transmitting a limited
set of data. He added that failure to comply with US subpoenas for information
could have resulted in fines and a possible prison sentence. "It
is not a very easy situation for a company like ours," he said. "Nobody
will question that we need to fight terrorism, the question is how can
you do that and reconcile data privacy."