Legal expertise: surrender of SWIFT financial data violated German and European data protection laws
After 9/11, the U.S. administration obtained massive amounts of data about financial transactions worldwide from a Belgian cooperative named SWIFT for the purpose of tracking terrorist financial flows (see a previous blog entry). Now a German data protection agency has published a legal opinion arguing that the surrender of the data to American authorities violated both German and European level data protection laws.
The agency in question is the "Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein" or ULD, an independent data protection agency in one of Germany's 16 federal states, operating under public law and acting as a promoter, protector, and auditor of data protection standards. It has long been at the forefront of the public debate on data protection issues in Germany (see its website here, in German language).
ULD argues that SWIFT (the Society for Worldwide Interbank Financial Telecommunication) acts as subcontractor to German (and other) banks who are therefore obliged to force SWIFT not to pass its data on to unauthorized others. Specifically, data concerning intra-European financial transactions must not be mirrored to SWIFT branches in the United States. ULD has asked German banks to report by the end of September about measures they have undertaken to fulfill their obligations.
The expert opinion can be found here (in German language).
In European business papers, concerns had been expressed that the data transmitted to the United States might be used for purposes of industrial espionage (see the German daily Handelsblatt report on 11 July 2006 here and the Austrian daily Die Presse on the same day here). The European Parliament on 6 July 2006 passed a resolution warning against such misuse of the data and strongly criticizing the U.S. action (see also here).