The United States' access to data on international bank transfers, granted by the Society for Worldwide Interbank Financial Telecommunications (SWIFT), violated the privacy laws of the European Union, stated the initial opinion of the Article 29 Working Party, a government advisory group created to study privacy issues.
In a five-page statement (PDF) released on Thursday, the Working Party stated that Belgium-based SWIFT mirrored the transaction data in the United States without taking proper precautions that the information would be handled in accordance with EU law. Moreover, SWIFT violated EU privacy law when it gave the U.S. Treasury Department repeated access to the data, which includes the names of the sender and recipient in each fund transfer, to hunt for financial links to terrorist organizations.
"The Working Party is of the opinion that the hidden, systematic, massive and long-term transfer of personal data by SWIFT to the (U.S. Treasure Department) in a confidential, non-transparent and systematic manner for years without effective legal grounds and without the possibility of independent control by public data protection supervisory authorities constitutes a violation of the fundamental European principles as regards to data protection and is not in accordance with Belgian and European law," the group said in the statement. "The existing framework is already available with regard to the fight against terrorism."
The opinion, which could form the basis for a legal complaint against SWIFT, is not the first time the Bush Administration has been taken to task for privacy violations in its War on Terror. A number of privacy and digital-rights organizations have filed lawsuits against telecommunications companies--most notably, AT&T--and the National Security Agency for surreptitious surveillance of international calls of Americans with suspected links to terrorism.
The Working Group has called for SWIFT to stop sharing data with the U.S. government and bring its data storage into compliance with European law. The group also criticized the European Central Banks for the lack of effective oversight in the matter and advised all other financial institutions that they must notify their clients of the privacy breach.
Posted by: Robert Lemos