The secret release of information on millions of private banking transactions to US anti-terrorism investigators breached privacy rules in Europe, according to an official inquiry report released yesterday.
The findings emerged from a report into the transfer of information by Swift, a Belgian-based organisation which processes money transfers on behalf of the world's banks, including the largest UK financial institutions.
After the release of the document, Belgium's Prime Minister, Guy Verhofstadt, said that the company had broken his country's privacy rules by making the information available to the US authorities for more than five years.
However, he acknowledged that Swift had found itself in a legal no-man's land, caught between European and US law, and that some anti-terror investigation was legitimate.
Under American law the company believes it was obliged to co-operate with the scheme set up by the US Treasury Department after the 11 September attacks.
The Belgian premier said that his government would not take legal action to shut down the data transfers, but appealed to EU and US authorities to open talks on a new agreement on the transfer of financial records. This could provide more privacy guarantees.
The Belgian commission investigating the episode said that Swift had made a "serious error of judgement" in transferring "a massive quantity of information of a personal nature, secretly and systematically, without sufficient and clear justification and without independent scrutiny in accordance with Belgian and European law".
Swift, or the Society for Worldwide Interbank Financial Telecommunication, routes about 11 million transactions daily in 200 countries, recording customer names, account numbers and other identifying information.
Swift's chief executive officer, Leonard Schrank, said that the company "wholeheartedly" supported calls for American and EU authorities to work together on an improved framework to reconcile data privacy protections.
He defended the secret deal with the US Treasury, saying it only transmitted a "limited subset" of data, adding: "Swift did its utmost to comply with the European data privacy principles of proportionality, purpose and oversight."
The row compounds a series of clashes between Europe and the US over anti-terror measures, highlighting divisions over the length to which governments should go.
But EU and US officials are poised to reach an agreement over a separate dispute involving the transfer of data on airline passengers travelling to the US.Reuse content