The Article 29 Working Group has told SWIFT (the worldwide electronic funds transfer network) that they are in violation of of EU and and Belgian data privacy laws. They went even further and chastised SWIFT for violating civil rights:
"Any measure taken in the fight against crime and terrorism should not and must not reduce standards of protection and fundamental rights which characterize democratic societies".
What happened exactly?
After the 9/11 terror attacks in New York, Swift provided messaging information to the US Treasury Department in order to track financial transactions by suspected terrorists after receiving a court order.
What is wrong with the EU panel chastizing SWIFT?
1. The Article 29 Panel operated outside its own charter.
Article 29 is a pre-9/11-recommendation from the ICRT (International Communications Round Table) to limit general interception and surveillance of telecommunications. (I am quoting from their Web site)
It was not general since Swift sent specific subsets of data to the Treasury based on narrow court-ordered requests to help with financial intelligence for terrorism investigations and reduce exposure of personal records.
There was no interception involved by SWIFT since they sent their own files to Treasury under a court order.
2. It is an immoral and improper ruling.
Article 29 is pre 9/11 and was never updated to strike a fair balance between the need for customer data protection and the war against global terror. During the American revolution, Thomas Jefferson never called for the destruction of England and suicide bombers never blew up thousands of civilians in London pubs.
Let's remind the EU and Belgium in particular that human life is the most fundamental right of all and that the protection of human life should ALWAYS take precedence over the protection of personal data Belgium unfortunately has a record of supporting Islamic and Palestinian terror interests - recall Belgian attempts to get Israeli Army officers on trial for war crimes.
3. The ruling disregards perfectly acceptable legal alternatives in the EU
For example, The EU data privacy directive, EU Directive 95/46/EC, took effect in 1998. The EU privacy laws include the directive itself plus the various laws enacted by EU member nations to adopt the directive in their respective states. These laws dictate the specific ways that personal data may be collected, processed, used and transferred.
The EU and the U.S. have negotiated a "safe harbor" agreement. For example, a US Corporation could agree to comply with safe harbor principles set forth by the U.S. Department of Commerce, which have been accepted by the EU. These principles cover many of the same concepts as the directive, touching on requirements for notice, choice, and onward transfer of
data, security, data integrity, access and enforcement.
I am not a lawyer and am not privy to the interchange between SWIFT and Treasury but I imagine that SWIFT could be covered under such a safe-harbor agreement or at the very least, the EU panel could have proposed such an arrangement.
It is sad that the Article 29 panel has decided to make a political statement instead of providing constructive support in the war against Islamic terror.
