European Privacy Czars Seek to Stop Terror Finance Monitoring

By Jonathan Winer

The data protection authorities of the European Union have long cast a hostile eye on counter-terrorist initiatives undertaken by the US, and previously worked to invalidate an agreement between the U.S. and the EU on data sharing of passengers bound for the United States, which in national security terms, should be a no-brainer.

Now, the body representing all of the EU's privacy czars, known as the Article 29 Committee, has unanimously reached the opinion, issued November 23, that U.S. access to the SWIFT payments system, which is based in Brussels, constitutes what the Commitee terms a "serious breach" of the EU's Data Protection Directive, which protects the privacy and security of all personal data in the EU against disclosure, except with the consent of the data subject, or unless certain other exceptions apply.

While national security and law enforcement are among the most important exceptions, and built into the fundamental framework of the Directive, the Committee found that "the hidden, systematic, massive and long-term transfer of personal data by SWIFT to the UST in a confidential, non-transparent and systematic manner for years without effective legal grounds and without the possibility of independent control by public data protection supervisory authorities constitutes a violation of the fundamental European principles as regards data protection and is not in accordance with Belgian and European law." (The EU's summary of the opinion, and a link to the full opinion is provided here.)

The privacy czars demanded that SWIFT sharing be stopped immediately, and that sanctions be imposed on SWIFT and any financial institutions that fail to take adequate precautions to stop U.S. access to SWIFT. If implemented, this ruling would end access that has until now permitted the U.S. government to engage in link analysis based on tracing financial transactions of known terrorist targets, and thereby to achieve substantial counter-terrorist intelligence successes, described here by the Treasury's Under Secretary for Terrorist Finance, Stuart Levey.

The EU's privacy czars have no institutional background on terrorism, security or law enforcement issues, and operate independently of their governments to protect the EU's privacy laws. Nevertheless, they expressed the opinion that governments could take other steps to make up for any damage to counter terrorist efforts created by shutting down SWIFT access, stating that the "existing international framework is already available with regard to the fight against terrorism. The possibilities already offered should be exploited while ensuring the required level of protection of fundamental rights."

The Privacy Czars did not suggest what "the possibilities already offered" to make up for the loss of SWIFT access might be.

TrackBack