RSSEU, US Laws Clash Once Again on Personal Privacy
By Scott M. Fulton, III | Published November 27, 2006, 3:37 PM
Last Wednesday in Brussels, a working group comprised of leading European information privacy officials concluded that a major global financial transaction processing organization based in Belgium may have violated EU law in complying with subpoenas from the US Treasury Dept. for information.
The Society for Worldwide Interbank Financial Telecommunications (SWIFT) operates one of the Internet’s principal services for transactions that take place specifically between banks, with an exclusive and secret chunk of Internet namespace devoted exclusively to its own purposes. Following the terrorist attacks of 2001, the Treasury Dept. sought information from multiple sources on international transactions of all kinds, with the stated intention of sifting through them in hopes of isolating transactions that relate to terrorist financing.
In 1995, the European Parliament established a directive explicitly detailing the duties of companies based there to protect the private information of their customers and patrons, as well as member countries to protect its citizens’ information. Directive 95/46/EC spells out the terms by which a business or government can share data with what it classifies as a “third country;” and in this case, the United States is one such entity.
To help enforce the Directive, the EU established what’s called the Article 29 Working Party, made up of the key supervisors of all member states’ ministries whose purview is information security and privacy. Though it’s not a lawmaking body but an advisory panel, its decisions are generally taken at face value.
As the Working Body concluded last week, SWIFT was negligent in its duty to comply with the Directive mainly because it failed to take adequate measures to ensure that the data it was sharing with Treasury would be kept as secret in the US as it would be in the EU.
Citing from the Directive: “The Member States shall provide that the transfer to a third country of personal data which are undergoing processing or are intended for processing after transfer may take place only if, without prejudice to compliance with the national provisions adopted pursuant to the other provisions of this Directive, the third country in question ensures an adequate level of protection.”
The Directive goes on to require a very circumspect examination of the entire intra-country transfer process, including the laws in place within the third country guaranteeing its security there. As the Working Party concluded, SWIFT didn’t take enough account of the Treasury Dept.’s computing environment to have been able to guarantee the safety of the data it was giving to the US.
“The financial institutions are responsible for having sufficient knowledge of the different payment systems and their technical and legal characteristics and risks,” wrote WP 29. “If financial institutions did not strive (sufficiently) to obtain such knowledge, they would accept substantial legal and client risks in breach of their fundamental duty of care.”
WP 29 went on to say that there didn’t actually appear to be any safety mechanisms or procedures, particularly in light of the fact that the means by which the Treasury Dept. is supposed to keep data secret...is secret.
“The Working Party is of the opinion that the lack of transparency and adequate and effective control mechanisms that surrounds the whole process of transfer of personal data first to the US, and then to the UST represents a serious breach in the light of the Directive,” reads its decision.
But if that movement was merely allegro, the Working Party’s next movement was allegro vivace: “As far as the communication of personal data to the [US Treasury Dept.] is concerned, the Working Party is of the opinion that the hidden, systematic, massive and long-term transfer of personal data by SWIFT to the UST in a confidential, non-transparent and systematic manner for years without effective legal grounds and without the possibility of independent control by public data protection supervisory authorities constitutes a violation of the fundamental European principles as regards data protection and is not in accordance with Belgian and European law. The existing international framework is already available with regard to the fight against terrorism. The possibilities already offered should be exploited while ensuring the required level of protection of fundamental rights.”
In other words, if the US had wanted to avoid the possibility of clashing with the EU, it could have followed international law in requesting this data, rather than resorting to unilateral subpoenas.
The Treasury Dept., for its part, has not commented. However, SWIFT issued a statement late last week saying it believes it actually did ensure safeguards on the US end prior to transfer. “SWIFT strongly objects to WP 29’s opinion about the communication of personal data to the US Treasury,” its statement reads. “SWIFT acted responsibly within applicable laws by complying with mandatory UST subpoenas for limited sets of data in the US for the exclusive purpose of terrorism investigations. It obtained from the UST extraordinary protections and control mechanisms that met both its obligations to protect the confidentiality of its members’ data and requirements to follow EU and US laws."
“SWIFT is clearly caught in the middle,” its statement continues, “and supports calls by national and EU officials for cooperation between Europe and the US to develop approaches for dealing with financial intelligence for counter-terrorism purposes while ensuring adequate data protection safeguards.”
SWIFT noted that negotiations between Treasury Dept. and senior EU officials have indeed commenced, though if the past is any indication, officials may not necessarily come away with an agreement on just what it was the parties discussed.
This is neither the first nor likely the last tangle that the US has encountered with regard to data sharing in the wake of terrorist investigations. Last month, a system for managing the sharing of airline passenger data was reached, after European airlines were found to be in violation of the Directive, for having shared passenger identity data with US Customs and Border Patrol.
I sense nothing but political flaming is going to happen in this article.
Score: 0
|except that comment
Score: 0
|and that one.....
etc.
i watch too much family guy...
Score: 0
|I've read this article twice, in full, and still do not see "news" here anywhere. So there was a concern raised over one nation asking another to comply with a request that (potentially) violates its jurisdictional law. That's not news. Never has been.
Score: 0
|King George has embroiled us in more problems with the rest of the countries in this world. He spies on our citizen's and intimidates others to spy on the rest of the world. This A$$ will plunge us into the next world war. He has done more damage to this nation in the area of world unity and peace than any other President in history. Yes I am angry at this egomaniacal fool. It will take us decades to undo the harm he has done to understanding and cooperation with other nations.
Score: 0
|I am now ignoring political articles at betanews--I never should have supported it in the first place.
I am also ignoring you as you do not have any ability to use reason--only hatred.
Score: 0
|His opinion is not completely unjustified, and he is, by far, not alone in it.
You can ignore the growing dissatisfaction with this administration all you want, but it isn't going away.
Sadly, while I do not believe Bush started out with the intention of destroying international unit and creating a war that frankly, will never end, he has done exactly that.
While the intentions may have been good, the methods and actions used to achieve them have been counter-effective to say the least.
As they say, the Road to Hell is paved with good intentions.
...but at least we know where we're headed. ;)
Score: 0
|"Last Wednesday in Brussels, a working group comprised of leading European information privacy officials concluded that a major global financial transaction processing organization based in Belgium may have violated EU law in complying with subpoenas from the US Treasury Dept. for information."
Say that three times fast :D
Seriously though, EU are becoming more and more open in their support for socialism, and since the goal of socialism, according to the father, is to "destroy capitalism and dethrone God", well, they hate us.
It really is that simple, and no matter how they spin it or blame it on Bush, it all comes down to the fact that they have secretly hated the US government for years. Only now is it coming out for the world to see in the name of "privacy" and "human rights".
Score: 0
|Gee, I wonder why any country around the world would hate the U.S government right now; I'm really drawing a blank. Your comments bourgeoisdude are pure hyperbole wrapped in pig headed supportive patriotism for an arrogant, ignorant and indifferent government that's done as much damage to its own people as it has to every other nation around the world and that's coming from a U.S citizen.
So challenging U.S bullying tactics around the world = a Socialistic God hating nation in the making and in your world it's as simple as that.
Please Lord save us all from the Bush and Fox news apologists!
Score: 0
|If Bush & his neocon pals didn't go around on one hand preaching democracy freedom and all that on one hand, then on the other, break every international law you can think of, they will end up making enemies out of their friends.
'who needs enemies when you have friends like Bush' comes to mind.
Score: 0
|I hear you crying... Does the little baby need a diaper change?
Score: 0
|