The SWIFT saga continues. By way of background, the operations centres of SWIFT, the worldwide financial telecommunications network operator, in Belgium and the US each hold all messages processed by SWIFT, which includes information about transactions occurring entirely outside Europe. The US Treasury Department had served subpoenas on SWIFT requesting general data (the requests were not specific to particular individuals or dates). SWIFT had not informed any EU authorities, Member States or clients of this, but elected to enter into secret negotiations with the Treasury Department regarding the data it would hand over. The Belgian Privacy Commission held SWIFT to be in breach of its obligations as a data controller, specifically failing to inform regulatory authorities of its processing, and failing to comply with the rules concerning personal data transfer to countries outside the EEA.

To bring the matter up to date, following the request of the Belgian Prime Minister, the Belgian Privacy Commission in December analysed the SWIFT case in greater detail and issued a second advisory opinion, which confirmed and built further on both an earlier such opinion as well as the November 2006 opinion of the European Article 29 Working Party.

Although recognizing the existence of a situation of conflict between American and European law, and the fact that SWIFT made considerable efforts to provide certain guarantees through its negotiations with the United States Treasury Department, the Privacy Commission confirmed that SWIFT should have, but failed to, comply with several obligations contained in the Belgian Privacy legislation (i.e. the notification obligation and the obligation to comply with the rules concerning personal data transfers to countries outside the EU).
Paris, April, 2007


Source: Dechert's Data Protection and Privacy Group, Decert LLP, Paris, New York, etc.,


Email to Friend

Fill in the form below to send this news item to a friend:

Email to Friend
* Your Name:
* Your Email:
* Friend's Name:
* Friend's Email:
* Security Image:
Security Image Generate new
Copy the numbers and letters from the security image
* Message: