(Dieser Artikel ist auch in deutscher Sprache verfügbar)
SWIFT has recently confirmed that it had succeeded in putting some restrictions to the US Treasury's programme of transferring transactional data from them. However, the activities of the company since 2001 are still under investigation by several European bodies.
The US Treasury's programme has been operating, without oversight, by subpoenas, after 11 September 2001 terrorist attacks in view of tracking down terrorist funding. US Government has thus gained access to records stored in SWIFT data centres all around the world of financial transactions performed in more than 200 countries. Concerns were expressed as to the extent and amount of data transferred.
SWIFT has announced during August 2006 that the US Treasury agreed they could only take limited sets of data that could then be searched only for specific transactions proven to have links to terrorism. The searches will be audited by SWIFT as well as an external auditor.
But this is not considered enough by Privacy International (PI) who launched on 28 June 2006 an international campaign against the SWIFT activities and filed simultaneous complaints with Data Protection and Privacy regulators in 33 countries. PI still wants a proof that "the Treasury was only able to see records that it knew contained details of terrorist financial transactions."
The SWIFT case is also under discussion in several data protection regulators. On 23 August, European data protection regulators met within the Article 29 Data Protection Working Party to discuss the case of SWIFT, hoping they could direct the case into the jurisdiction of EU data protection law. As security matters are not covered by EU regulators jurisdiction, they cannot intervene in the case of the US subpoenas on European firms if their purpose is national security.
As most EU member countries extended the EU Data Protection directive implementation in order to include security matters, the national Belgian law has competence over Swift in this case. However, Article 29 Data Protection Working Party would not like to rely only on the Belgian law as in the absence of a EU law, member countries may individually enter bi-lateral agreements with US for an unrestricted transfer of data.
The Independent State Center for Data Protection of the German federal state of Schleswig-Holstein (ULD) has already performed an analysis of the SWIFT transfer of sensitive data to the US Government.
The conclusion of the analysis was that for intra-European transactions, the transfers of records to the US Government violated a substantial number of provisions of German and European privacy legislation and should be stopped immediately.
SWIFT is seen as a data processor for German banks, thus giving the Commission of Schleswig-Holstein jurisdiction over the case. As regards the transactions between EU and US banks, the analysis also states there was no legal basis because of the lack of data protection safeguards in the U.S.
Thilo Weichert, the head of the ULD, said they expected "banks to create in the very near future the legal and technical conditions for processing transfer order data in a permissible fashion." He stated that proper data protection regulations were required as well as clear procedures to establish authority and technical safeguards.
ULD has given the banks in question a deadline until the end of September to report back to it on the measures adopted.
US authorities had free rein over world's bank data (22.08.06)
http://www.theregister.co.uk/2006/08/22/terrorist_finance_snoop/
EU may be powerless to stop US snooping (25.08.06)
http://www.theregister.co.uk/2006/08/25/eu_vs_us_snooping/
German Lander Commissioner legal analysis condemns SWIFT transfers to U.S.
(25.08.06)
http://www.privacyinternational.org/article.shtml?cmd³³0³=x-347-542162
ULD Opinion on the Swift Case (only in German, 23.08.2006)
http://www.datenschutzzentrum.de/wirtschaft/swift/060825_swift.pdf
Privacy watchdogs: US authorities' access to SWIFT data must be stopped
(26.08.06)
http://www.heise.de/english/newsticker/news/77305
Update and Q&A to SWIFT's 23 June 2006 statement on compliance
http://www.swift.com/index.cfm?item_id=60275
EDRI-gram: Terrorist Finance Tracking Program raises privacy questions
(5.07.2006)
http://www.edri.org/edrigram/number4.13/swift