The European Commission has told the Swift financial messaging cooperative it can continue to pass details of transactions to US authorities if it signs a “safe harbour” agreement on data privacy between the EU and the US.
US agencies demanded Swift supply millions of pieces of information about people and companies from around the world as part of anti-terrorist measures introduced after the 11 September 2001 attacks.
But in November, a panel of EU data protection officials warned EU data protection laws and could face sanctions.
The laws are aimed at protecting European citizens’ data if it is transferred outside the EU to countries such as the US that are considered to have weaker data protection regimes.
Under an agreement reached between the European Commission, the German government – which currently holds the EU presidency – and the US Treasury department, Swift can continue to share the information if it signs the safe harbour agreement, and as long as individuals are informed by their banks that the data will be passed to the US authorities.
If these conditions are met, the US authorities will then be free to keep the data for up to five years, European Commission spokesman Friso Roscam Abbing said.
Earlier this month, Swift agreed a four-year overhaul of its global architecture to meet the data privacy requirements. The new architecture will ringfence the storage of European messaging data to allow intra-European data to be stored only in Europe.
The safe harbour agreement has been signed by many large multinationals including Microsoft. Signatories agree to respect EU citizens' private data once it leaves the Europe.
Franco Frattini, the European Commissioner for justice, freedom and security, said: “The EU will have now the necessary guarantees that the US Treasury processes data it receives from Swift's mirror server in the US in a way which takes account of EU data protection principles."
He added: “We now look to Swift and to the financial institutions which use its services to ensure that they fully comply with their information obligations under European data protection law.”
Swift is expected to sign the safe harbour agreement in the next few days, while banks that use Swift to transfer funds have agreed to set up systems by September that will alert customers to the fact that their data may be transferred to the US.
It remains unclear what would happen if a bank customer decided that they did not want their information shared, Roscam Abbing added.