The European parliament has called for European Central Bank to step in to ensure that banking industry messaging service Swift complies with data protection laws.
But the MEPs’ call met with a tough response from the ECB, which said data protection compliance was not within its remit.
The call was sparked by US requests for Swift data as part of anti-terrorist activity. MEPs complained that over the past few years US monitoring requirements had “led to a situation of legal uncertainty with regard to the necessary data protection guarantees” over the transfer of Swift financial data between the EU and the US.
In a resolution, the parliament said it was “very worrying” that the ECB and the Group of 10 central banks that oversee Swift had not “strongly criticised” the lack of protection for data shared in this way.
The MEPs called on the ECB “to explore solutions in order to ensure compliance with data protection rules and to ensure that rules on confidentiality do not prevent information from being supplied in good time to the relevant authorities”.
But the ECB hit back, saying that as Swift is a messaging provider and not a payment system, central bank oversight “focuses on its technical security, operational reliability, resilience, appropriate governance arrangements, and its having in place risk management procedures and controls”.
The monitoring of Swift activities that did not affect financial stability was not a matter for central bank oversight, and US Treasury subpoenas for Swift data were “outside the purview of central bank oversight”.
It added: “The Oversight Group has no authority to oversee Swift with regard to compliance with data protection laws.”
The issue required action by the EU legislator “to provide legal certainty in areas where data protection might conflict with legislation on the fight against terrorism”, it said.