The European Parliament has passed a resolution demanding that oversight of the bank-owned financial network Swift and European payment systems in general is brought into line with data protection laws.
Parliamentary MEPs say that recent incidents involving US monitoring of financial transactions over the Swift network and airline passenger records have led to a situation of legal uncertainty with regard to the necessary data protection guarantees for data sharing and transfer between jurisdictions.
In its non-binding resolution, Brussels is calling on the European Central Bank to take action by ensuring that European payment systems, including the updated system for wholesale payments Target2, are fully compliant with European data protection law.
MEPs point out that one consequence of such action may be for Swift to be obliged to stop its current practice of mirroring all data concerning EU citizens and enterprises in its US site or to move its alternative database site outside US jurisdiction.
Parliamentarians also called on the European Commission to analyse the potential for economic and business espionage stemming from the current design of payment systems, including, in particular, messaging providers, and to report on ways of tackling the problem.
The ECB has responded to the proposals by reiterating its belief that data protection is outside the competences of central banks and asks why oversight should encompass Swift’s or any payment system’s compliance with privacy laws and not Swift’s compliance with other compulsory laws, such as those on taxation and the environment.
In its rebuttal, the ECB states: "The issue at stake requires action by the EU legislator, namely to provide legal certainty in areas where data protection might conflict with legislation on the fight against terrorism, and action by the European Union’s foreign relations bodies in what relates to specific action regarding the US subpoenas."
Similarly, officials at Swift have been lobbying hard for a joint US-EU solution that will provide legal certainty for the Society and its member banks.
The Belgium-based co-operative has also been working behind the scenes with data privacy officials from Belgium and the European Commission to address their more immediate concerns. These include improved transparency for customers with regard to the processing of their financial transactions, and adhering to the European privacy regulations for Safe Harbor to make Swift’s US operations conform to European data privacy legislation.