Privacy commission investigates Swift

Breaking news two years ago: American intelligence had access to information about financial transfers of millions of people worldwide using a company operating from Brussels. At the request of Belgium, the European Commission and the US tried to resolve the problem of the so-called Swiftgate. But up to now not with satisfactory results.
The Belgian Privacy Commission has to inquire whether Swift itself is responsible for the processing of data, or, a subcontractor for banks, only operated as an electronic postal service to pass on financial reporting. “We are now discussing this point with Swift” says Willem Debeuckelaer, chairman of the commission. “The difference between datacontroller and dataprocessor is very important as regards to the Belgian and European privacy legislation. If a company is held responsible for the processing of data, it can also be held responsible when something goes wrong, under criminal law as well as civil law.
Swift assured messaging between 7800 financial institutes in more than 200 countries. When in 2006 news leaked that American intelligence by way of injunction gained access to Swift’s database, it came as quite a shock, not in the least in Belgium. The key question is whether the passing-on of data was in accordance with the Belgian and European legislation.
Belgium requested the case be solved on a European level. A solution in two parts was worked upon. On the one hand the US were to offer unilateral guarantees as regards to dataprotection, which the EU would acknowledge as ‘adequate protection’ according to European law. 7th March 2008 the European Commission also appointed a judge -French antiterror-specialist Jeal-Louis Bruguière- who will evaluate the data exchange yearly. On the other hand Swift must operate in accordance with the Belgian privacy-legislation. To do so, Swift endorsed Safe Harbour, an internationally recognized code of conduct regarding data management. Swift also drew up an agreement with the associated banks. From now on clients must be informed in the banks’ general terms and conditions that specific data may be transferred to the US.
Remains the question whether Swift is a data controller. The European Commission considers this question the tailpiece of the entire settlement of the Swift-affair. “The Commission continues to put pressure on the Belgian government, -even threatening to impose sanctions- to clarify the matter as soon as possible” as told to Mo* by a well-informed source. If the Privacy Commission, having complete independence, decides to start a judicial proc edure and demand justice to declare Swift a data controller, then the whole affair would get enormous publicity. Not only is our country far from keen on this kind of publicity, it would also put the global European solution at stake.” Chairman of the Privacy Commission Debeuckelaere: “We could also consider to decide it is not necessary to advise. Or we could await Mr Bruguière’s annual report, to see what it has to say about which personal data are transferred on which scale.

Maak MO* mee mogelijk.

Word proMO* net als 2938   andere lezers en maak MO* mee mogelijk. Zo blijven al onze verhalen gratis online beschikbaar voor iédereen.

Ik word proMO*    Ik doe liever een gift