SWIFT justice? 

The non-profit Belgian international banking co-operative network Society for Worldwide Interbank Financial Telecommunication (SWIFT) has been at the centre of controversy since it was revealed that the US Treasury Department had been allowed to tap into its records. SWIFT received a subpoena ordering it to do so in the wake of  9/11, to search for evidence of terrorism-related activities, and allowed US access without informing EU authorities.

On 23 November 2006, Working Party 29 (WP29), a national data-privacy supervisors committee, ruled in Lisbon that the access to private transactions granted to the US was illegal, which follows a Belgian ruling in September 2006 citing that the action was unlawful and showed "substantial errors of judgement".

Justice and Security Commissioner Franco Frattini told reporters in Lisbon: "We need to establish common guidelines on these issues, not just renegotiate agreement by agreement. We need to exchange data with the US because if that helps to stop a terrorist attack, we're all happy. But we also need to protect innocent people’s data."

EU and US officials held talks on data privacy during Frattini's visit to Washington on November 6 and will continue at senior level, another Commission official said.

EU lawmakers called on the EU and the United States last month to negotiate a wide-ranging agreement on security and data privacy. 

Any punitive measures to be applied against SWIFT, which processes some €4,600 billion daily transactions, must come from the Belgian government. 

SWIFT CEO Leonard H. Schrank said: "While we are clearly disappointed with the opinion of the WP 29 group, we have to move on. SWIFT has always taken data privacy very seriously and will work with its user community and competent authorities to seek solutions which further increase awareness and transparency about usage of global systems like SWIFT.  It is clear however that only dialogue between the EU and US will provide the legal certainty which internationally active companies require."

Earlier in November, SWIFT submitted a comprehensive legal rebuttal to the Belgian Privacy Commission, strongly objecting to WP 29’s opinion about the communication of personal data to the US Treasury (UST). The company's official statement on the issue argued that "SWIFT acted responsibly within applicable laws by complying with mandatory UST subpoenas for limited sets of data in the US for the exclusive purpose of terrorism investigations. It obtained from the UST extraordinary protections and control mechanisms that met both its obligations to protect the confidentiality of its members’ data and requirements to follow EU and US laws. 

"SWIFT is clearly caught in the middle and supports calls by national and EU officials for co-operation between Europe and the US to develop approaches for dealing with financial intelligence for counter-terrorism purposes while ensuring adequate data protection safeguards."