The money transfer company Swift has violated EU privacy rules when it secretly supplied the US authorities with millions of private bank transactions for use in anti-terror investigations, a Belgian commission has said.
"It has to be seen as a gross miscalculation by Swift that it has, for years, secretly and systematically transferred massive amounts of personal data for surveillance without effective and clear legal basis and independent controls in line with Belgian and European law," the Belgian privacy protection commission concluded, according to the Associated Press.
After the release of the report on Thursday (28 September), Belgian prime minister Guy Verhofstadt, said that the company - based in Belgium - had broken his country's privacy rules for more than five years.
But he acknowledged that Swift had found itself in a legal no-man's land, caught between European and US law, and recognised that sharing data on financial transfers was essential in the global fight against terrorism.
"Swift finds itself in a conflicting position between American and European law," Mr Verhofstadt said according to press reports.
Under EU law, it is illegal for companies to transfer confidential personal data to another country unless that country offers adequate protections.
LEGAL LIMBO. Swift has long defended its actions saying that having offices in the US made the transfers meet its legal obligations in the US.
The argument was rejected by the report on the grounds that Swift was still subject to Belgian rules, regardless of whether the data transferred to the US authorities came only from the company's US subsidiary instead of its headquarters in Brussels.
Swift, which stands for the "Society for Worldwide Inter-bank Financial Telecommunications" based just outside Brussels, routes about 11 million money transactions per day in more than 200 countries.
The standardised Swift transfer format contains the names of the transferral and the receiver, the account number and bank address, as well as the amount and the intended purpose.
Swift's chief executive officer, Leonard Schrank, defended the secret deal with the US, saying it only transmitted a "limited subset" of data. "Swift did its utmost to comply with the European data privacy principles of proportionality, purpose and oversight," he told the Independent.
Mr Verhofstadt said his government would not take legal action to shut down the data transfers, but called on the EU and US authorities to start talks on a new agreement on the transfer of financial records.
Mr Schrank stated that the Swift company "wholeheartedly" supported calls for US and EU authorities to work together on an improved framework to bring together the two regions' data privacy protections.