The UK's Information Commissioner's Office, which is responsible for enforcing the Data Protection Act, is investigating whether the US government's scrutiny of British banking transactions passed over the Swift network breaches UK and EU laws.
According a report by UK newspaper The Guardian, the US counter-intelligence operation may breach both UK and European laws.
The classified programme, which began weeks after the 11 September terrorist attacks, is limited to tracing transactions of people suspected of having ties to terrorist networks.
A spokesman for the information commissioner told the Guardian that the privacy issue was being taken "extremely seriously" and if the US government had accessed data belonging to European individuals then this was "likely to be a breach of EU data protection legislation".
The spokesman added that UK data protection laws may also have been breached if British banking transactions had been accessed. The commissioner is requesting more information from Swift and the Belgium authorities before deciding how to proceed, says the report.
Last month the UK's Chancellor of the Exchequer Gordon Brown confirmed the government was aware of the arrangement but refused to say whether the programme was "legally reconciled" with Article 8 of the European convention on human rights.
According to the report, a Home Office spokesman has said the government had been given no reason to believe the operation was unlawful, although he declined to comment on the commissioner's assessment that the programme may be illegal.
Last month the European Parliament passed a resolution demanding that EU bodies disclose how much they knew about the operation.
Swift had no option under US law but to comply with the data requests and says it responded to compulsory subpoenas for limited sets of data from the US administration, but that it kept both Belgium's central bank and the European Central Bank informed of its actions.