16 November 2006

SWIFT supports calls for debate to move beyond data privacy to security and public safety

Submits comprehensive legal rebuttal to Belgian Privacy Commission

SWIFT has submitted a comprehensive legal rebuttal to the Belgian Privacy Commission in response to its advisory opinion of 27 September 2006.

On the occasion of the report, SWIFT CEO Leonard H. Schrank stated, “SWIFT strongly supports calls by national and EU officials for urgent dialogue between Europe and the United States to develop mechanisms for dealing with financial intelligence for counter-terrorism purposes while ensuring adequate data protection safeguards.  It is vital that the international data privacy debate includes these broader concerns of security and public safety.”

The boundary between security and data privacy must be defined by governments. Private companies, like SWIFT, can play their part through upholding the law, but they cannot make policy. Ultimately they are dependent on governments and elected officials to develop the legal framework in which they operate.

The need for SWIFT’s rebuttal to the Belgian Privacy Commission is a reflection of the interpretation issues surrounding the current data privacy law. SWIFT objects to the Privacy Commission’s analysis and to its unfounded opinion that SWIFT committed a “serious error of judgement”.

The rebuttal reiterates that SWIFT acted within applicable laws by complying with the mandatory subpoenas from the US Treasury (UST) for limited sets of data in the US for the exclusive purpose of terrorism investigations. It reiterates that SWIFT obtained from the US Treasury extraordinary protections and controls that met both its requirement to follow the law and its obligations to protect the confidentiality of its members’ data.  These protections went well beyond and were even more stringent than SWIFT’s legal obligations.

Central to the Belgian Privacy Commission’s findings is its incorrect interpretation, based on existing legal definition, that SWIFT is a data “controller” rather than a data “processor”. SWIFT simply transmits financial messages on behalf of financial institutions according to their instructions. It does not know the financial institutions’ ultimate customers and it does not access any of the data contained in the financial messages. Therefore, SWIFT is clearly a data processor and not a data controller. As a data processor, SWIFT has fully complied with all current legal obligations under Belgian data privacy law.

Read a summary of the report :

SWIFT’s response to the Belgian Privacy Commission's advisory opinion

Download (116.74 KB)
Last update: 
3 December 2015

EXECUTIVE SUMMARY

  • Legal
  • Compliance
English

Previous statements and stories on compliance