back to article Banks unleash paper tigers over terror data probe

British banks have responded to European privacy watchdogs, who claim they broke the law by letting US anti-terror investigators have access to the details of their customers' international financial transactions. The banks have written letters to their customers, and claim this should be enough to put them in the clear. …


This topic is closed for new posts.
  1. Andy S

    data protection

    I know its been a few years since i studied data protection law, but back then it was illegal to transfer data about a person to America without that persons express permission, as their data protection laws did not meet the required level for the EU. One of the case studies i had was even Amazon, as they have fallen foul of this one in the past.

  2. Anonymous Coward
    Anonymous Coward

    Lock up SWIFT's CEO

    If I was given access to all the bank transfer details, the first thing I would do is take a look at every politicians & family members, every journalists and ever civil servants bank transfers.

    Imagine how much leverage you could have if you found anything on politicians around the world. I don't doubt for a second that Bush'es lot did exactly that when SWIFT opened up it's records to his CIA cronies.

    The EU Commission is toothless and hasn't stopped it happening, the Belgies need to grab control of the matter and lock the CEO of SWIFT up. He broke Belgium banking secrecy law, it was a clear crime, yet he gets away with it.

  3. SImon Hobson Bronze badge

    Seems a simple solution to me ...

    It could be done all so simply ...

    There is no way whatsoever that SWIFT can protect data stored on servers in the US, no matter what any agreement might say. Therefore, it cannot be legal to transfer our data over there without our fairly obtained permission.

    Obtaining permission by extortion, as would be the case if the banks respond that "if you don't agree then we can't do international transfers" is not acceptable.

    The answer then would seem for the authorities not to ban the use of SWIFT, but simply to fine any entity failing to abide by the rules. I can imagine that once they find themselves on the end of financial penalties rather than the horror of a strongly worded letter, then the banks will quickly find a way to keep data out fo the US - either by setting up an alternative to SWIFT, or by getting SWIFT to change it's operating methods.

    There is NO reasonable explanation or excuse for transferring data that does not involve US banks to a data centre in the US - to claim otherwise would be employing the spin tactics of our current government !

  4. Nikolaus Heger

    Banks Have Lost Trust

    Regardless of privacy laws, I would expect my bank which handles my account to not hand any data over to anyone, be it the CIA, George Bush, or Mother Teresa. Unless they have a court order to do so.

    I would expect this to be standard practice and I am shocked that Banks and SWIFT just roll over for american intelligence agencies.

    SWIFT's excuse that it made the NSA swear to not abuse the data is a total joke. What are they gonna do if the NSA abuses the data anyway? Even if they find out (unlikely) they can hardly sue them now, can they? It's ridiculous.

    This institution needs to be put out of existence, or at the very least everyone who approved of this needs to be fired. Seriously.

    Trust is a hard thing to win back. Bankers of all people should know that.

  5. Anonymous Coward
    Anonymous Coward

    Illigal in the first place

    Shawly the handing over of the data was not illigal (as it was data held in the US), but moving data from the EU to the US in the first place was. Under Data pro law you cannot transfer data to a county that dose not have equivelant protection. How many othere companys are doing this because it is easyer than seting up a new Data center in the UK.

    Makes me worry about all the call centers in Asia. Dose India have comparable data pro laws?

  6. Anonymous Coward
    Anonymous Coward

    No it's illegal, + Citibank new terms

    "the handing over of the data was not illigal"

    No, it was illegal. SWIFT are trying to retroactively get a the data declared as covered by 'Safe harbor'. The EU Safe Harbor treaty with the US, lets companies keep data in the US as long as its protected to the same extent as in the EU. It doesn't let them hand stuff over without warrants of even auditing or control which is what they did.

    It won't even be legal in the USA, since SWIFT handed over US citizens data to the NSA too which is also illegal (FISA exception excluded).

    "How many othere companys are doing this"

    I read that Citibank UK are changing their account terms and buried in those new terms is a clause 'you consent to have your data sent abroad where is may be subject to disclosure to foreign governments'. It looks like this problem is all the way through the EU banking system, and they're retroactively covering their ass.

    If China demanded details from HSBC, would they comply and not tell anyone? I don't see the difference, if the banks are able to do this with the USA, then a legal precedent has been set that works for China, Russian, and anyone else who wants EU data.

    If you don't prosecute the first infringement, prosecuting the second, third, fourth becomes damn near impossible.

  7. Anonymous Coward
    Anonymous Coward

    Here's Citibanks new "you have no privacy" terms

    Read it an weep Citibank customers, here's Citibank UK's new terms which mean they can hand your account information to anyone for any reason, and specifically to the USA for business or other purposes.

    43. Transfer of Data abroad

    43.1 Data may be transferred to, and stored and processed in, other countries including countries WHICH DO NOT offer “adequate protection” for the purposes of Directive 95/46/EC of the European Union for any purpose related to the operation of Your account.

    43.2 Such purposes include but are not limited to processing of instructions and generation of confirmations, advices and statements; maintenance of accurate “know your customer” information; the operation of control systems; the operation of management information systems and allowing Citigroup’s Organisation staff who share responsibility for managing Your relationship from other offices to view information about You.

    43.3 Data may also become subject to the legal disclosure requirements of other countries.

    Section 30.1. The bank may disclose:

    30.1.6. To countries or territories outside the European Economic Area including the United States of America and India for account management and other business purposes. You understand that this information may then become subject to disclosure under the laws of other countries.

This topic is closed for new posts.