In June 2006 the media revealed startling information according to which the US administration had obtained access to SWIFT transaction data within the context of its efforts to combat terrorism. As SWIFT is headquartered in Belgium, the investigation by the country’s Commission de la protection de la vie privée is of particular importance. The Privacy Commission published the result of its work on 27 September 2006.
Access to SWIFT Transaction Data
Transfer of international payment transaction data to foreign governments for the purpose of complying with their sanctions regime
Within the context of their international business activities, Swiss financial institutions may find themselves having to provide evidence to foreign governments (especially the USA) that they respect the sanctions imposed by those countries. Failure to do so may in certain circumstances result in a curtailment of their activities in the country in question. One Swiss credit institution, which acted as a transfer bank for international payments, considered voluntarily handing over the transfer data to the US authorities. After examining the case as well as the legal situation, we reached the conclusion that to prove that the bank had respected US laws, a voluntary disclosure of the transfer data could only be authorised if it was anonymized.
Transfer of payment data to the US authorities
The transfer of personal data by Postfinance to a banking institute in the territory of the United States must have a legal justification and the person concerned must be informed in an appropriate manner. Following our intervention, Postfinance changed its practice and proposed measures that take account of our comments.