Belgian PM: Data Transfer Broke Rules
BRUSSELS, Belgium -- The money transfer company SWIFT has for years secretly supplied U.S. authorities with massive amounts of personal data for use in anti-terror investigations, violating EU privacy rules, a Belgian commission said Thursday.
"SWIFT finds itself in a conflicting position between American and European law," Belgian Prime Minister Guy Verhofstadt said.
Verhofstadt spoke after Belgium's privacy protection commission presented its findings on the case, although it did not call for immediate legal action. The premier said that his government also would not take legal action to shut down the data transfers.
The report said that while SWIFT did all it could to live up to Belgian, EU and U.S. regulations to hand over the requested information, it finds itself in a legal quagmire that must be urgently corrected.
"It has to be seen as a gross miscalculation by SWIFT that it has, for years, secretly and systematically transferred massive amounts of personal data for surveillance without effective and clear legal basis and independent controls in line with Belgian and European law," the commission concluded.
The controversy surrounds a secret transfer deal between the U.S. Treasury and the Belgium-based Society for Worldwide Interbank Financial Telecommunication, or SWIFT. The company routes about 11 million financial transactions daily between 7,800 banks and other financial institutions in 200 countries, recording customer names, account numbers and other identifying information.
Verhofstadt said he did not object to the need to scour through personal data in hunting down terrorists, but it needed to be done with respect to privacy rights.
"There is no doubt that there is an absolute necessity that we can look through personal data if you want to fight against terrorism, but we have to do it in a good framework."
He said Belgium would be pushing its EU partners to open talks on a new agreement to get more privacy guarantees from the U.S. side as part of a new deal on the transfer of financial records used in terror investigations.
The SWIFT case compounds legal and political clashes between Europe and the United States about anti-terror measures and highlights divisions to what length governments should go to prevent attacks.
Washington and Brussels have already disagreed over the use of passenger data from trans-Atlantic flights, and have also faced off on the Bush administration's use of secret CIA detention centers in Europe to interrogate suspected terrorists.
The commission's report said SWIFT had breached rules on storing data and had failed to honor commitments to inform clients or Belgian authorities about what data had been transferred.
Verhofstadt spoke after Belgium's privacy protection commission presented its findings on the case, although it did not call for immediate legal action. The premier said that his government also would not take legal action to shut down the data transfers.
The report said that while SWIFT did all it could to live up to Belgian, EU and U.S. regulations to hand over the requested information, it finds itself in a legal quagmire that must be urgently corrected.
"It has to be seen as a gross miscalculation by SWIFT that it has, for years, secretly and systematically transferred massive amounts of personal data for surveillance without effective and clear legal basis and independent controls in line with Belgian and European law," the commission concluded.
The controversy surrounds a secret transfer deal between the U.S. Treasury and the Belgium-based Society for Worldwide Interbank Financial Telecommunication, or SWIFT. The company routes about 11 million financial transactions daily between 7,800 banks and other financial institutions in 200 countries, recording customer names, account numbers and other identifying information.
Verhofstadt said he did not object to the need to scour through personal data in hunting down terrorists, but it needed to be done with respect to privacy rights.
"There is no doubt that there is an absolute necessity that we can look through personal data if you want to fight against terrorism, but we have to do it in a good framework."
He said Belgium would be pushing its EU partners to open talks on a new agreement to get more privacy guarantees from the U.S. side as part of a new deal on the transfer of financial records used in terror investigations.
The SWIFT case compounds legal and political clashes between Europe and the United States about anti-terror measures and highlights divisions to what length governments should go to prevent attacks.
Washington and Brussels have already disagreed over the use of passenger data from trans-Atlantic flights, and have also faced off on the Bush administration's use of secret CIA detention centers in Europe to interrogate suspected terrorists.
The commission's report said SWIFT had breached rules on storing data and had failed to honor commitments to inform clients or Belgian authorities about what data had been transferred.
Both SWIFT and the U.S. authorities say records were subpoenaed as part of targeted investigations into suspected terrorist activity.
SWIFT CEO Leonard H. Schrank said the report "raised important issues about the balance" between data privacy and use of financial data for terrorism investigations. He said the company "wholeheartedly supports calls for U.S. and EU authorities to work together to develop an improved framework to reconcile data privacy protections."
It defended its secret deal with the U.S. Treasury, saying it only transmitted a "limited subset" of data to U.S. officials. "SWIFT did its utmost to comply with the European data privacy principles of proportionality, purpose and oversight ... and in the meantime we will continue to work with our members to resolve any data privacy concerns."
The report said it could not accept arguments from SWIFT that the data transferred to U.S. authorities came only from the company's U.S. subsidiary, and not from its global headquarters outside Brussels, and thus did not have to comply with Belgian or EU rules.
The report on the Belgian investigation was eagerly anticipated by the European Commission, which cannot launch a probe of its own under EU law or impose sanctions against those who violate the 1995 data law, but can draft new recommendations to EU governments on beefing up data protection regulations.
EU spokesman Friso Roscam Abbing said it was not known if the Commission could take any action.
European data protection officers agreed Tuesday to continue their fact-finding inquiry into SWIFT, and to meet again in November to consider recommendations.
Under current rules, each EU government is responsible for application and enforcement of the common EU data privacy law.
The U.S. Treasury has acknowledged that since the Sept. 11 attacks, it has tracked millions of confidential financial transactions handled by SWIFT.
It defended its secret deal with the U.S. Treasury, saying it only transmitted a "limited subset" of data to U.S. officials. "SWIFT did its utmost to comply with the European data privacy principles of proportionality, purpose and oversight ... and in the meantime we will continue to work with our members to resolve any data privacy concerns."
The report said it could not accept arguments from SWIFT that the data transferred to U.S. authorities came only from the company's U.S. subsidiary, and not from its global headquarters outside Brussels, and thus did not have to comply with Belgian or EU rules.
The report on the Belgian investigation was eagerly anticipated by the European Commission, which cannot launch a probe of its own under EU law or impose sanctions against those who violate the 1995 data law, but can draft new recommendations to EU governments on beefing up data protection regulations.
EU spokesman Friso Roscam Abbing said it was not known if the Commission could take any action.
European data protection officers agreed Tuesday to continue their fact-finding inquiry into SWIFT, and to meet again in November to consider recommendations.
Under current rules, each EU government is responsible for application and enforcement of the common EU data privacy law.
The U.S. Treasury has acknowledged that since the Sept. 11 attacks, it has tracked millions of confidential financial transactions handled by SWIFT.
No comments:
Post a Comment