The role of the European Central Bank in the SWIFT case

The European Data Protection Supervisor (EDPS) has issued an opinion on the role of the European Central Bank (ECB) in the SWIFT case. The SWIFT case started in June 2006 when press coverage revealed a secret US terrorist financing tracking system. This raised issues of compliance with European data protection legislation, and complaints were lodged with data protection authorities all over Europe.

The ECB's position in the context of the payment system is threefold, being an overseer, a user, and a policy maker. When deciding to use SWIFT's services in its own payment operations, the ECB was placed in the position of a joint controller. As such, it is co-responsible for ensuring full compliance with data protection rules. This includes ensuring respect for the purpose limitation principle, information to data subjects, and adequate guarantees when personal data are transferred to third countries.

Peter Hustinx, EDPS, says: 'Just as other banks, the ECB can not escape some responsibilities in the SWIFT case which has breached the trust and private lives of many millions of people. Secret, routine and massive access of third country authorities to banking data is unacceptable. The financial community should therefore provide payment systems which do not violate European data protection laws'. As part of the group of central banks that oversee SWIFT's activities, the ECB has moral suasion powers. Although not binding, these should also be used to prevent data protection breaches that might hamper financial stability and to ensure that competent authorities are timely informed.

http://www.businessupdated.com/shownews.asp?news_id=2131&cat=The+role+of+the+European+Central+Bank+in+the+SWIFT+case