Global solution needed to balance data privacy concerns with security and public safety
SWIFT strongly objects to the opinion of the EU’s Article 29 Working Party (WP 29) as outlined in their press release that SWIFT has failed to respect the provisions of EU Data Protection Directive 95/46/EC. SWIFT regrets that repeated requests to meet with WP 29 were turned down and therefore, SWIFT was not given the opportunity to explain its position. SWIFT is also concerned that WP 29’s opinion could have far-reaching consequences for SWIFT and other companies providing global information and financial services.
Leonard H. Schrank, CEO, SWIFT commented, “While we are clearly disappointed with the opinion of the WP 29 group, we have to move on. SWIFT has always taken data privacy very seriously and will work with its user community and competent authorities to seek solutions which further increase awareness and transparency about usage of global systems like SWIFT. It is clear however that only dialogue between the EU and US will provide the legal certainty which internationally active companies require.”
Earlier this month, SWIFT submitted a comprehensive legal rebuttal to a similar opinion from the Belgian Privacy Commission. Both opinions reflect serious interpretation issues surrounding current data privacy laws.
SWIFT strongly objects to WP 29’s opinion about the communication of personal data to the US Treasury (UST). SWIFT acted responsibly within applicable laws by complying with mandatory UST subpoenas for limited sets of data in the US for the exclusive purpose of terrorism investigations. It obtained from the UST extraordinary protections and control mechanisms that met both its obligations to protect the confidentiality of its members’ data and requirements to follow EU and US laws.
SWIFT is clearly caught in the middle and supports calls by national and EU officials for cooperation between Europe and the US to develop approaches for dealing with financial intelligence for counter-terrorism purposes while ensuring adequate data protection safeguards. It is encouraged by recent comments made by Stuart Levey, Under Secretary Terrorism and Financial Intelligence, U.S. Department of the Treasury, that discussions with senior EU officials, including Vice President Frattini, are underway.
Only governments can define the boundary between security and data privacy. Private companies, like SWIFT, can play their part by upholding the law, but they cannot make policy and cannot enforce compliance by others. Ultimately they are dependent on governments and elected officials to develop the legal framework in which they operate.
Media representatives can contact SWIFT’s press office at +32-2-655-3740 and +32-2-655-3243.
Previous statements and stories on compliance
- 16 Nov 2006: SWIFT supports calls for debate to move beyond data privacy to security and public safety
- 24 Oct 2006: New York Times public editor reverses himself on 23 June article
- 8 Oct 2006: Commentary: SWIFT defends compliance at EU Parliament hearing
- 4 Oct 2006: EU Parliament hearing: SWIFT statement and press release on compliance
- 28 Sep 2006: SWIFT supports calls for EU-US talks on security and data privacy
- 25 Aug 2006: Update and Q&A to SWIFT’s 23 June 2006 statement on compliance: Compliance with subpoenas is legal, limited, targeted, protected, audited and overseen
- 23 Jun 2006: SWIFT statement on compliance policy: Following recent press coverage, Chairman, Deputy Chairman and CEO provide statement to SWIFT community