EU clears Swift to continue giving banking data to US

Financial data transfer company Swift can continue to pass details of European citizens’ transactions to U.S. authorities provided the firm signs a formal get-out clause granting it immunity from European data protection laws, the European Commission said Thursday.

The Society for Worldwide Interbank Financial Telecommunication SCRL (Swift) has been at the center of a transatlantic dispute over data protection since being ordered to share millions of pieces of information about people and companies from around the world with U.S. agencies after the terrorist attacks on Sept. 11, 2001.

The information was deemed essential in tracing the financing of terrorism and Swift complied with the order. However, European data protection laws forbid transfers of European citizens’ personal data outside the European Union, if the country receiving the data has a weaker data protection regime than Europe’s. The U.S. is considered such a country under European laws.

In June 2006, The New York Times revealed that Swift had been sharing the data with U.S. authorities for years, sparking investigations in Europe into how the European laws could so easily have been breached.

In an agreement reached between the European Commission, the German government, which currently holds the E.U.’s presidency, and the U.S. Treasury department, Swift can continue to share the information if it signs the safe harbor agreement, and as long as individuals are informed by their banks that the information will be passed over to U.S. authorities, the Commission said.

If these conditions are met, then U.S. authorities are free to keep the data for up to five years, said European Commission spokesman Friso Roscam Abbing.

The safe harbor agreement has been signed by many large multinationals including Microsoft. By signing it, companies agree to respect Europeans’ private data once it leaves the E.U.

“The E.U. will have now the necessary guarantees that the U.S. Treasury processes data it receives from Swift’s mirror server in USA in a way which takes account of E.U. data protection principles,” said Commission Vice President Franco Frattini, the commissioner responsible for justice, freedom and security.

“I welcome the United States Treasury Department’s unilateral representations and the opportunity the Treasury has given the European Union to have its views and concerns duly reflected in the representations,” Frattini added. “As well as Swift joining the Safe Harbor and its compliance with the Safe Harbor privacy principles, we now look to Swift and to the financial institutions which use its services to ensure that they fully comply with their information obligations under European data protection law. We urge them to take all the necessary steps to ensure their quick compliance with European data protection law.”

Swift has promised to sign the safe harbor agreement in the coming days, while banks that use Swift to transfer funds have agreed to set up systems that will alert their customers of data transfers to the U.S. by Sept. 1, Roscam Abbing said. However, it remains unclear what happens if customers decide that they don’t want their information shared, the Commission spokesman added.