Political arrangement to reinforce legal certainty
The European Union announced on 28 June that it has received guarantees from the United States Treasury that the data it receives from SWIFT is processed in a way which takes account of EU data protection principles.
SWIFT welcomes the outcome of EU-US talks that have today led to a set of unilateral commitments of the United States Treasury (UST) Department regarding its handling of EU personal data received from SWIFT in the United States under compulsion of subpoenas within the UST's 'Terrorist Finance Tracking Program'.
SWIFT is encouraged that the actions it has been taking to address privacy concerns are now recognised as relevant and appropriate. In conjunction with SWIFT joining Safe Harbor and ongoing action by financial institutions to enhance transparency with their customers, these new arrangements will contribute to reinforcing legal certainty for SWIFT and the international financial community, and ensure compliance with their respective obligations under European data protection law.
Over and above these actions, on 15 June SWIFT announced plans for a system re-architecture. The new architecture, due for Board approval in September 2007, will allow for intra-European messages to be stored only in Europe.
Read the European Union's news release.
- SWIFT has applied to join the EU-US Safe Harbor Agreement. Safe Harbor is a framework that consists of data protection principles based on EU data protection principles. By adhering to this framework, SWIFT confirms that customers' data located in the US are protected under similar data privacy principles as in Europe.
- SWIFT has set up a data privacy working group composed of data privacy and compliance experts from European and non-European banks. The group has proposed contractual solutions to further enhance compliance and transparency, where appropriate, for the processing of financial messaging data, including for the banks' customers. The group has also reviewed the implementation of the Safe Harbor principles by SWIFT.
- SWIFT has announced plans for a system re-architecture. This will lead to a more distributed data processing and storage model in the SWIFT network. The new architecture, due for final Board approval in September, is expected to take three to four years to build and will allow for intra-European messages to be stored only in Europe. The new structure responds to data privacy concerns. It also expands SWIFT's network capabilities and improves the cooperative's commercial positioning.
- SWIFT has always strongly objected to the opinion that it has failed to respect the provisions of European data protection law. In responding to US treasury subpoenas, SWIFT had ensured that its compliance was legal, limited, targeted, protected, audited and overseen. SWIFT also did its utmost to comply with the data protection principles of proportionality, purpose and oversight.