Keeping an Eye on Bank Data

Amid growing concerns that hand-overs of confidential banking data to U.S. counter-terrorism investigators may violate European privacy laws, officials from around the continent met Wednesday in Brussels to consider legal options for probing the transfers.

Representatives of European privacy commissions considered complaints that sharing data on thousands of international wire transfers with U.S. law enforcement to help track terrorist financing could open the door to inappropriate uses of information that is protected by European laws.

Opponents of the data-sharing argue that it not only violates the confidentiality of bank customers but also may allow for other uses of the information, including “large-scale forms of economic and industrial espionage.”

With many governments opening independent investigations into the transfers, analysts said the commissioners meeting in Brussels would probably demand details in the next few weeks about the information being handed over.

“Our sense is that they are all frustrated,” said Simon Davies, director of Privacy International. Davies’ group has filed complaints with governments around the world that have been involved in the sharing of data through the Society for Worldwide Interbank Financial Telecommunication, or SWIFT, a Belgium-based consortium that operates a messaging system used by 7,800 financial institutions in 200 countries and territories.

The Information Commissioner’s Office in Britain has opened an independent inquiry, in conjunction with the European investigation being coordinated by Belgium, to determine whether any British laws have been broken.

“There may or may not have been a breach, but that’s really what the intention is now -- to find out,” said James Ford, a spokesman for the commissioner’s office in London. “We’re taking a coordinated and consistent approach with our European counterparts to investigate this.”

Government officials in Britain and several of the 10 nations that oversee SWIFT were aware that the consortium was complying with a U.S. subpoena to share data on financial transactions with the U.S. Treasury Department. European Union officials at the outset took the position that sharing the data was legal under an exemption for sharing security information and not subject to EU jurisdiction.

Since then, there have been growing public concerns about sharing the information, with official complaints filed in 38 countries by Privacy International and inquiries opened by government data protection commissions in the EU, Australia and Canada.

The European Parliament passed a resolution last month demanding that the European Commission and the European Central Bank “explain fully” the extent to which they knew about SWIFT’s agreement with the U.S. and whether action should have been taken to protect European bank clients’ privacy.

The commission said it “strongly disapproves of any secret operations on EU territory that affect the privacy of EU citizens” and “is deeply concerned that such operations should be taking place without the citizens of Europe and their parliamentary representation having been informed.”

The panel that met Wednesday behind closed doors in Brussels has been trying to get specific information about what SWIFT has disclosed to U.S. agencies. But the panel has reportedly been told that much of the information is confidential, said several sources familiar with the talks.

SWIFT spokesman Euan Stellar declined to discuss details of the meeting but said the consortium had been complying with the subpoena from the U.S. government.

“The subpoena was basically compulsory. But what we did do, and we believe this is quite unique, is we negotiated with the U.S. Treasury a series of restrictions with regard to the data we were handing over, and also negotiated a series of protections and controls,” Stellar said.

U.S. officials have said that the program is not a data-mining operation and that each query must be based on evidence that the target is under investigation for possible terrorist activity.

Davies, of Privacy International, who attended part of Wednesday’s meeting, said members of the panel wanted SWIFT to provide documentation to back up that assertion.

“What they have is a set of assurances and promises and claims by SWIFT,” he said. “They have not seen any relevant documentation such as audit reports, internal documents, contracts or interagency agreements that would give them any evidence whatever that the claims of privacy protection are valid.

“SWIFT has always said all its documents are top-secret and it’s not going to turn them over, but will give verbal assurances that they’re doing the right thing,” he said.

Davies said it was clear that none of the commissioners had seen evidence to support SWIFT’s defense.

“The big problem for the commissioners appears to be whether to continue with the ‘softly, softly’ approach, or whether to use legal avenues to enforce the disclosure of information about what SWIFT is doing,” he said.

“My instinct is they’re going to use the sledgehammer. Talking to them, I don’t believe there’s any option other than to use legal force.”