EU lawmakers assail Swift over data sharing
By Dan Bilefsky

International Herald Tribune

Published: October 4, 2006


BRUSSELS European Union legislators lashed out at Swift and one of its key supervisors, the European Central Bank, which acknowledged Wednesday that it had known for years that the banking consortium was handing over confidential banking records to the U.S. authorities, but had decided not to take action.

Last week, the Belgian privacy commission accused Swift, the Society for Worldwide Interbank Financial Telecommunications, which is based in Belgium, of flouting European data protection rules by participating in a Bush administration program that allows analysts from the Central Intelligence Agency and officials from other United States agencies to search for possible terrorist financing activity among millions of confidential financial transactions.

An investigation by the privacy commission concluded that Swift had breached European privacy rules, calling the secret financial transfers "a gross miscalculation." A separate EU group, meanwhile, is investigating whether Swift violated European banking law and is considering whether an independent auditor should be appointed to prevent possible privacy abuses.

In a heated parliamentary hearing, European Union lawmakers said Swift and the bodies that oversee it had ignored EU privacy rules by failing to inform EU institutions or European citizens about the information transfers. Several called on Swift to move its U.S. operations to Canada to prevent the United States from breaching European civil liberties. Others demanded to know why they had learned of the transfers from a report in The New York Times rather than from the European Central Bank, which knew of the transfers as early as June 2002.

"What we have seen is a culture clash between Europe and the U.S. in which the Americans think they can do whatever they want in the fight against terror," said Sophie In 't Veld, a Dutch legislator from the Liberal grouping and leading advocate of civil liberties. "The European Central Bank and other European institutions that oversee Swift are partly responsible for failing to have informed European citizens when they learned about the transfers."

But the president of the European Central Bank, Jean-Claude Trichet, said that such powers were beyond the authority of his bank or of European national banks. "We made it clear orally and in writing to Swift that we had absolutely no competence and of course it was up to them to take their own actions and decisions," Trichet said, referring to Swift's notification to the bank that it had received subpoenas for the data from the U.S. authorities.

"We gave no blessing to Swift to comply with U.S. subpoenas," Trichet said. "But the ECB has no authority to supervise Swift with regard to compliance with data protection laws."

His view was echoed by Peter Praet, president of the National Bank of Belgium, which heads an oversight group for Belgium-based Swift that includes the ECB, the Bank of Japan and the U.S. Federal Reserve. He said the National Bank had concluded that the transfers were outside its competence because they posed no threat to financial stability, which is the bank's main responsibility.

Trichet said the Swift affair had underlined the need for common rules on how to reconcile data protection and the fight against terrorism.

Under European law, companies are forbidden from transferring confidential personal data to another country unless that country offers adequate protections. The European Union does not consider the United States to be a country that offers sufficient legal protection of individual data.

But European lawmakers said Swift, which has offices in both Belgium and the United States, had found itself in a legal quagmire because of a lack of clarity over which rules it should obey.

"There's a lot of obscurity on what rules prevail - U.S. laws, European directives, international conventions," said Kartika Liotard, a Dutch legislator from the Socialist group. "The transfer of data by Swift to the American authorities seemed to slip through all of them."

Alain Brun, head of data protection at the European Commission, the EU's executive branch, which is also examining Swift's actions, told the hearing that he believed Swift had flouted European laws. "There are a number of infringements," he said, citing a lack of transparency in the data transfers. "The aim of fighting terrorism is a viable one, but EU rules must be obeyed."

Francis Vanbever, Swift's chief financial officer, defended the transfers, saying Swift had obeyed European rules by only transmitting a limited set of data. He added that failure to comply with US subpoenas for information could have resulted in fines and a possible prison sentence. "It is not a very easy situation for a company like ours," he said. "Nobody will question that we need to fight terrorism, the question is how can you do that and reconcile data privacy."