The EU's data protection watchdog has ruled that the Belgian firm Swift is breaking EU law by secretly passing European citizens' banking records to the US authorities.
It has also found that the financial institutions that own Swift, which include 77 Irish banks such as AIB and Bank of Ireland, share responsibility for the ongoing illegal activity.
In a statement agreed yesterday, the body noted "violations of the [ EU] data protection directive ... in the way Swift transferred data to the United States". It also noted the "shared responsibility [ as data controllers] of the member states' financial institutions as users of Swift's services", although it noted Swift was mainly responsible.
Swift, the Society for Worldwide Interbank Financial Telecommunications, provides a system linking 7,800 banks worldwide that enables them to process electronic banking transactions between each other. It has been at the centre of a controversy regarding EU citizens' privacy since it was revealed in the media earlier this year that it secretly allowed the US authorities access to people's banking records.
Under the arrangement, which was agreed after September 11th, 2001, the US authorities could sift through millions of international banking transactions to try to identify potential terrorist financing.
However, neither Swift nor the US told all EU governments about the secret arrangement; for example, Minster for Finance Brian Cowen and the Central Bank were not aware of the security programme.
Every day 64,000 financial transactions made by Irish citizens or businesses are carried by Swift and these still remain open to screening by the US authorities.
The draft text, which was agreed unanimously by all 25 EU national data protection commissioners, calls for Swift and the financial institutions that own it to "immediately take the necessary measures to remedy the current illegality".
In its statement, which is due to be formally published today, the watchdog also asks for a clarification of the European Central Bank's role in the matter. The ECB was informed about the US monitoring programme but has said it bore no responsibility to tell member states' governments or protect citizens' privacy.
The US monitoring of bank records is just one of several controversial anti-terrorist programmes that critics accuse of infringing European citizens' privacy rights.
A separate programme to collect data on all airline passengers entering the US recently caused controversy when the US insisted on toughening up an existing agreement by making it easier for the CIA to access data.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/VR3765MFOBH2NMV2QNICYDF67M.png)