European privacy watchdogs started a probe into whether consumers’ personal data on the global Swift money-transfer network can be accessed by the U.S. National Security Agency or other intelligence services.
The Dutch and Belgian data protection authorities are leading the investigation into whether the payment network is safe, Jacob Kohnstamm, the European Union’s top privacy watchdog said today. Swift relays money-transfer orders among more than 10,000 banks and other financial institutions in over 200 countries and territories.
The probe by Kohnstamm and his Belgian counterpart Willem Debeuckelaere follows media reports that foreign intelligence services allegedly had unlawful access to Swift data concerning international bank transfers. Global spy agencies have come under scrutiny in recent months after former U.S. intelligence contractor Edward Snowden revealed the scale of NSA surveillance activities, including allegations it had tapped German Chancellor Angela Merkel’s mobile phone.
“Swift is the center of nearly all of the financial transactions of nearly all of Europe,” Kohnstamm, who also heads the Dutch data protection regulator, said in an interview in Brussels today. “We generally see clients who say there’s nothing wrong with them, but from time to time we need to go and look for ourselves.”
Swift last month said it conducted an audit which showed that nothing wrong had happened, said Kohnstamm. The European Parliament last month demanded a halt to bank-data transfers to U.S. counter-terrorism investigators because of possible violations of privacy.
“We will investigate if the security of the networks and databases of Swift containing huge quantities of personal data related to bank transactions, of among others, European citizens, allow for or have allowed for unlawful access,” Kohnstamm told reporters at a press conference today.
Swift said in a statement that there is no evidence that suggests there have been any confidentiality breaches on its network and would cooperate with the probe.
European data protection regulators from the 28-nation EU decided that because Swift is based in Belgium and has an important data processing center in the Netherlands, the respective national privacy regulators should lead the probe, Kohnstamm said.