German presidency statement: Agreement achieved on the use of SWIFT data

29.06.2007 http://www.eu2007.de/en/News/Press_Releases/June/0629BMFswift.html 

The dispute over the disclosure of data from the Society for Worldwide Interbank Financial Telecommunication (SWIFT) to US authorities has been resolved on June 28 marking a further success while Germany holds the presidency of the EU. The Federal Ministry of Finance releases the following statement:

Within the framework of the German presidency of the Council of the European Union, the country’s Federal Ministry of Finance has been intensively involved in the negotiations between the European Commission and the US Treasury (UST) regarding the use of SWIFT data in full compliance with data protection laws. During the talks it was possible to secure a set of commitments, referred to as representations, from the UST that take account of the need for effective measures to combat terrorism, including terrorism financing, and comply with European data protection laws as well as ensure the smooth operation of financial payments.

The Member States of the European Union approved the agreement at yesterday's Council meeting. Peer Steinbrück, the Federal Minister of Finance, and Franco Frattini, the Vice President of the European Commission, have jointly signed an exchange of letters on this matter to accompany the representations.

The outcome means that the European side has been largely successful in achieving its objectives. In future, an “eminent European” will be appointed by the European Commission in consultation with the UST. This person will carry out independent, public oversight to ensure the commitments are met.

In addition, the following commitments were also secured:

· SWIFT data will only be accessed for counter terrorism purposes.

· Special internal safeguards will be put in place for the data received: Only personnel with security clearance will have access to the data, and only insofar as this is necessary; special provision will be made for the storage of data.

· Provisions on the exchange of information both within the USA and with foreign countries have also been agreed: Other US authorities will be obliged to use the data exclusively for the purposes of combating terrorism and terrorism financing.

· Agreement on data retention periods was also reached: Checks will be performed at lease once a year to identify which of the data received from SWIFT can be deleted. The other data will be deleted no later than five years after receipt. However, this regulation will only apply following the publication of the exchange of letters between the European Commission and the UST. In the case of evaluated data, the date for deletion will depend on the rules of the relevant US authority.

What this solution means in particular is legal certainty for SWIFT and international financial transactions, while also ensuring transparency. The resolution marks a further success in the work of the Germany presidency of the EU.

Background:

In June 2006, it came to light that various US authorities have requested financial transaction data from SWIFT since the terrorist attacks of September 11. SWIFT released this data upon request so that the US authorities could evaluate it for counter terrorism purposes. The European Data-Protection Supervisor considers this a breach of European data protection laws.

SWIFT – which has the legal form of a Belgian cooperative society and is headquartered in La Hulpe (Belgium) – operates a telecommunication network handling the automated exchange of financial transaction messages. SWIFT keeps two operating centres that work in parallel in Europe and the USA where all data sets are mirrored. Today, more than 8,000 users and 200 countries are connected to the SWIFT network worldwide.

European Commission statement on SWIFT at the June 28 midday briefing:

Spokesman for Justice, Liberty and Security, Friso Roscam Abbing read the following statement, on behalf of Vice-President Franco Frattini:

“I welcome the United States Treasury’s Department unilateral representations regarding their handling of EU-originating personal data received from SWIFT in the United States on the compulsion of administrative subpoenas as they take account of EU data protection concerns. The European Union and its most important strategic partner in the fight against terrorism, the United States of America, have to join forces in this fight, including the financing of terrorism. However, these activities should be done in full respect of fundamental rights, including notably, data protection rights and the rights to privacy of EU citizens. I warmly thank my services for the strong support received to find an appropriate and satisfactory approach in good cooperation with the United States’ relevant authorities which takes account of the needs of law enforcement authorities to identify, track and pursue those who provide financial support for terrorist activities, as well as providing sufficient data protection guarantees, ensuring that EU citizens’ data protection rights are not inappropriately infringed upon.

The unilateral representations from the U.S. Treasury that the Commission and the Council will take note today, in the context of the Environmental Council, in the afternoon, and that the Commission considers adequate, provide for data protection guarantees but need to be completed by other actions in order to make lawful the transfer of SWIFT data also for commercial purposes. I am therefore now looking to SWIFT and to the financial institutions that use its services to take the necessary steps so that SWIFT will be in compliance with the data protection directive and may have recourse to the so-called “Safe Harbor Mechanism” that allows limitation on its data protection principles for important public purposes, in particular to the extent necessary to meet national security, public interest or law-enforcement requirements. In particular, SWIFT should inform its customers and notify the Belgian data protection authority of the fact that personal data will be transferred to the United States for commercial purposes where it could be accessed by the United States Treasury under the so-called “Terrorist Finance Tracking Program” and to the financial institutions which use SWIFT services which should now ensure that their customers will be so informed. “