January 11, 2006
Garante Europeo Privacy sulle transazioni bancarie SWIFT
Garante Europeo Privacy sulle transazioni bancarie SWIFT
Inviato da Giovanni Battista Gallus
L’European Data Protection Supervisor, ad un’audizione pubblica dinnanzi il Parlamento Europeo, tenutasi il 3/10, sul tema “Le intercettazioni delle transazioni bancarie del sistema SWIFT da parte dei Servizi Segreti degli Stati Uniti”, pur precisando che le indagini sono ancora in corso, ha mosso dure critiche alla Banca Centrale, che avrebbe continuato a permettere che i dati delle transazioni bancarie venissero trasmesse agli Stati Uniti, nonostante fosse a conoscenza che alle stesse accedessero, sistematicamente, le autorità americane.
L’Autorità Garante ha soggiunto che la Banca Centrale avrebbe dovuto quantomeno avvisare i governi europei e le altre Autorità.
Si pone quindi, una volta di più, il problema della compatibilità tra la normativa europea in tema di trattamento dei dati personali, e il trasferimento di dati verso gli Stati Uniti.
SWIFT: EDPS preliminary findings on the role of the ECB
This morning, the European Data Protection Supervisor (EDPS) participated in a public hearing in the European Parliament on “The Interception of Bank Transfer Data from the SWIFT System by the US Secret Services”. The EDPS presented some preliminary observations and provisional findings on ongoing investigations into the case by European data protection authorities. Supporting the key findings of the Belgian Privacy Commission, the EDPS focused on the role of the European Central Bank (ECB).
Peter Hustinx, EDPS, said: “We have not concluded our investigation on ECB’s role yet, but there are already some observations that I can share publicly. I basically challenge the fact that the ECB continued to allow confidential client banking data to pass to the US although it had become aware of the systematic access by American authorities. Moreover, I cannot help feeling that the ECB should have at least felt morally obliged to inform European governments and authorities about this scheme.”
Serious questions have arisen on the routine sharing of financial data by SWIFT with
complete ‘mirror system’ in the US, allowing access through a ‘black box’ arrangement. These questions need further analysis and reflection on compatibility with European data protection law and on different issues of responsibility.
As to the role of the ECB as financial overseer, the EDPS would have expected more initiative to bring this arrangement – of which it was made aware in February 2002 – to the notice of relevant authorities and responsible governments.
As to the role of the ECB as a SWIFT customer, the EDPS could not avoid feeling that it had accepted an inappropriate risk by continuing to transfer financial data through SWIFT after becoming aware of the arrangement with the US authorities.
Referring to the report of the Belgian Privacy Commission, published last week, the EDPS confirmed that European data protection law applies to activities of and via SWIFT. SWIFT should be considered as a responsible controller and not only as a processor. Participating banks should be seen as responsible controllers, each for their own parts of the personal data processing.
The EDPS is available to advise on any measures needed to deal with the present situation.
