A report by an EU panel released Thursday said the bank data transfer agency SWIFT broke European privacy laws by handing over personal data to U.S. authorities for use in anti-terror investigations.
The Belgian-based company, the Society for Worldwide Interbank Financial Telecommunication, "committed violations of data protection laws" by secretly transferring data to the United States, without properly informing Belgian authorities, the EU's data protection panel said.
The panel's report calls on SWIFT, financial institutions and EU authorities to "take the necessary measures" to end the transfer, which it said contradicts Belgian and EU data protection rules. SWIFT is still transferring data under U.S. subpoenas.
EU spokeswoman Pia Ahrenkilde Hansen said the report was adopted unanimously by the 25-member panel which also chided the role of the European Central Bank in the affair. It demanded clarification from the ECB over its role in the affair. ECB President Jean-Claude Trichet has acknowledged his bank knew of the transfers but could not prevent them.
"SWIFT is expected as well as financial institutions to take the necessary steps immediately to remedy the present illegal infringement," Ahrenkilde Hansen said, adding the group will monitor the implementation of the recommendation by SWIFT and the ECB and other national banks which sit on SWIFT's oversight board. ...
SWIFT officials have argued that it had no choice but to abide by U.S. subpoenas for bank data, saying that if it refused to hand over the information, it would have faced fines and possible criminal penalties like jail time.
"It is disturbing that none of the involved parties is willing to take responsibility for the failure to protect the rights of EU citizens," said Kathalijne Buitenweg, a Dutch Green member of the European Parliament. She called for a clarification of ECB and national bank rules in ensuring they report all violations of EU privacy laws.