Money firm breached EU data law

http://news.bbc.co.uk/go/rss/-/1/hi/business/6177740.stm

Version 0 of 1.

A Belgian money transfer firm breached EU privacy laws by secretly giving personal financial data to the US authorities, an inquiry has concluded.

An independent panel found Swift, which handles 11 million transactions a day, had not told Belgian authorities it was providing the data to the US Treasury.

Swift denies breaking the law, saying it was subpoenaed to give limited data for use in the fight against terrorism.

It is claimed US agencies have been monitoring data transfers since 2001.

Transfer details

Media reports have alleged that law enforcement and counter-terrorism agencies, such as the FBI and CIA, have been screening data for up to five years in an effort to disrupt terrorist financing networks.

EU law makes it illegal for companies to transfer confidential personal data to other countries unless they offer sufficient protection.

Swift is expected to take the necessary steps immediately to remedy the present illegal infringement EU spokesman

In data transfers conducted by Swift, the names of the organisations transferring and receiving money, the value of transfers and details of account numbers and bank addresses are typically provided.

Set up in 1973, Swift has more than 7,500 clients, most of them global financial institutions.

The EU data protection panel said its actions broke EU and Belgian privacy laws and called on it to stop subpoenaed US data transfers.

"Swift is expected, as well as financial institutions, to take the necessary steps immediately to remedy the present illegal infringement," said a European Commission spokesman.

Belgium's own Privacy Commission had earlier criticised Swift's actions, accusing it of a "serious error of judgement".

'Strong protections'

Swift has yet to comment on the adjudication, but it has argued repeatedly that it had no choice but to comply with the US government's demand for information.

It said that since the data it provided was limited in scope and for exclusive use in terrorism investigations, it had not broken the law.

"Swift obtained from the US Treasury extraordinary protections and controls that met both its requirement to follow the law and its obligations to protect the confidentiality of its mmbers' data," it stressed earlier this month.

The EU cannot punish Swift, although it can take legal action against Belgium for failing to uphold data protection laws.

Brussels said it would study the panel's full report before deciding whether to take any action.

Mark Gregory, the BBC World Service's international business reporter, said the row would exacerbate tensions between the EU and the US over the use of personal data in the fight against terrorism.

The EU and US recently resolved a long-running dispute over access to information about passengers flying from Europe to the US.