By Mark Ballard for The Register. This
story has been reproduced with permission.
The banks have written letters to their customers, and claim
this should be enough to put them in the clear.
British Banking Association retail director Stewart Dickey said
banks wrote to their customers to warn them that the details of
their international transactions might be accessed by US
investigators.
He said this responds to the demands of the Article 29 Working
Party (A29), which has co-ordinated the action of data protection
authorities across Europe to ensure the banks' co-operation with US
agents does not violate individual liberties.
The A29 group, though it has no actual power to enforce its
demands, said in November that Europe's financial institutions, all
of which conduct their international business through the Society
for Worldwide Interbank Financial Telecommunication (Swift), must
get this "illegal state of affairs" corrected "immediately".
That order, Dickey said, had been complied with.
"We have to watch carefully what happens in Brussels (where
transatlantic agreement is being fleshed out) but, given that Swift
are working on this, for the moment that is all we need to do - to
make sure the information given to customers is correct.
"We are working very closely with the ICO and he's very much
aware - and the Working Party - of what we are doing.
"He is content with the actions the banks are taking with regard
to improving the information they give to customers."
The UK Information Commissioner's Office (ICO) has been pressing
British banks and financial institutions in accord with its
European counterparts.
A spokesman for the Information Commissioner said it had written
to "various representative bodies", though wouldn't divulge who
these were - despite Europe's privacy watchdogs' recent commitment to transparency.
Following bold European statements to correct the "illegal state
of affairs" immediately, the UK's own requests to its financial
institutions seemed a little limp.
"We asked them to look at what steps, if any, are needed to make
sure UK financial institutions comply with data protection
legislation," the spokesman said.
"We explained that, at this stage, we are not expecting to take
enforcement action against any UK financial institutions, however,
this may need to be considered if the current situation remains
unchanged," he added.
What the UK ICO is not outwardly saying is that it might have
little more recourse than polite entreaty.
As reported before, Swift operates an effective monopoly on
international financial operations. Eighty-eight British financial
institutions hold shares in Swift, while a total 457 UK
institutions are connected to its network. They can't be ordered to
stop using Swift without bringing the world's markets to a halt.
The US won't stop its terrorist finance investigation and shows no
sign of welcoming European privacy watchdogs into its little
coterie.
So the banks appear to be in the clear until the Europeans flesh
out the transatlantic agreement for which they opened negotiations
with the US last week.
"The banks are waiting to see if they can be saved by the
international agreement," a source in Brussels said.
Dickey said as far as Swift was concerned it had struck its own
deal with the US to protect the privacy of its data.
"Swift will tell you that the information given to the Americans
was very strictly controlled. The point is that the data
transferred complies with data protection laws," he said.
The data protection authorities say otherwise, but they can't
really do much about it for now. Dickey, as if to rub salt in the
wound, says the same stands for him until there's a transatlantic
agreement.
That's just what the authorities fear - that a transatlantic
agreement between Swift and the US becomes a precedent for other
agreements which subvert the broader legal principles the data
protection wonks are fighting to protect.
© The Register
2007
