An independent advisory body to the European Union has confirmed Swift (Society for Worldwide Interbank Financial Telecommunication) has violated both European and Belgium law through sharing personal information with US authorities.
The Swift network processes international fund transfers in Australia for the Commonwealth Bank, Westpac Banking Corporation and ANZ.
The Article 29 Data Protection Working Party, the independent EU advisory body on data protection and privacy, last week confirmed the organization breached European data protection laws by forwarding transaction and banking information on to the US Department of Treasury.
A statement from the working party said that even in the fight against terrorism and crime, fundamental rights must remain guaranteed, adding Swift, and financial institutions hold joint responsibility for the transfers.
"The existing international framework is already available with regard to the fight against terrorism. The possibilities already offered should be exploited while ensuring the required level of protection of fundamental rights," said the statement.
"As far as the communication of personal data to the US Treasury is concerned, the Working Party is of the opinion that the hidden, systemic, massive and long-term transfer of personal data by Swift to the US Treasury in a confidential, non-transparent and systematic manner for years without effective legal grounds and without the possibility of independent control by public data protection supervisory authorities constitutes a violation of the fundamental European principles as regards data protection and is not in accordance with Belgian and European law.
"The lack of compliance with data protection legislation may actually hamper consumers' trust in their banks and thus might also affect the financial stability of the payment system."
European data laws stipulate personal information must not be transferred out of Europe to countries with weaker data protection laws than Europe. The US is considered such a country.
A statement on the Swift Web site says that a US civil liberties panel, briefed on the issue on Tuesday November 28, said Swift had placed tight controls in place to protect data privacy. The issue, according to Swift is a "misinterpretation" of both US and EU data protection laws.
"The panel was impressed with the lengths to which Swift had gone to prevent infringement on people's civil rights," the statement said.
"Swift has reiterated numerous times that it had gone beyond its legal obligations to ensure it complied with all laws, whether in the US or EU.
"Swift, which is caught between serious interpretation issues surrounding current US and EU laws, has called repeatedly for a global solution for providing financial intelligence for counter-terrorism purposes with adequate data protection safeguards."