Friday, June 29, 2007

Data privacy back on the agenda

Last year, revelations that SWIFT had allowed US intelligence agencies access to data pertaining to financial transactions on it network, created a furore with data privacy groups.

SWIFT's assurances at the time that it had only shared limited sets of data with US Treasury failed to assuage the concerns of data privacy groups and led to calls for clearer guidelines on privacy laws and counter-terrorism procedures. Privacy groups expressed concerns that the SWIFT data could be used for non-terrorism related purposes such as taxation monitoring and espionage.

Well, this week the EU and the US reached an agreement on sharing of bank data with the US. That agreement says that SWIFT data can only be used for "counter-terrorism purposes" and kept for a maximum of five years. A European representative will be appointed to monitor how that data is used.

Vice President Frattini, Commissioner responsible for Justice, Freedom and Security, stated: "The EU will have now the necessary guarantees that US Treasury processes data it receives from Swift's mirror server in the USA in a way which takes account of EU data protection principles."

But what does "counter-terrorism purposes" actually mean as when the initial use of SWIFT data was revealed in US newspapers last year, US agencies maintained that they needed to monitor this data to combat terrorist financing.

However, one has to ask, how effective has monitoring of SWIFT data been in combating terrorist financing given that such financing has tended to use non-bank channels such as mobile phones? Furthermore, why does the US even require access to SWIFT data given that banks are meant to have by law, rigorous anti-money laundering measures in place?

In order to bring its own operations in line with EU data protection laws, SWIFT has joined the EU-US Safe Harbor Agreement, which provides a framework for ensuring that customers' data located in the US is protected under similar data privacy principles as those in Europe.

SWIFT has established a data privacy group and also announced a "system re-architecture" yet to be approved by its Board, which means "intra-European messages" will be stored only in Europe and the US. Currently, messages are processed simultaneously at SWIFT's European and US operations centres to prevent data loss.

No comments: