The Swift network, which processes international funds transfers is used by the Commonwealth Bank Group, Westpac Banking Corp. and ANZ National Bank Ltd., has been accused of breaking European data protection laws by sharing personal information with US authorities.
Anna Johnston, chair of the Australian Privacy Foundation said the privacy of Australian's banking records has been put at risk by a third party, namely Swift, passing on records to the U.S. Government.
The US government ordered Swift to share a host of information about people and companies around the world following the September 11, 2001 terrorist attacks as the data was deemed essential in tracing how terrorism was financed.
However, European data protection laws outlaw the transfer of personal data outside the European Union if the country receiving the information has weaker privacy protection laws.
Both Swift and the European Central Bank (ECB) have been accused of breaking Belgian and European data protection laws by sharing data deemed private and personal with U.S. authorities.
Johnston said the foundation is concerned Australian banks and other financial institutions using the Swift service may be in breach of the Australian Privacy Act.
"As if the practice of banks offshoring customer records wasn't bad enough, now we discover that Swift, the organization that processes international fund transfers for Australian banks, has been giving banking records to the U.S. administration for several years," Johnston said.
"Our banking records have already been compromised by the actions of Swift in allowing the U.S. government to gain access to Australian banking records without independent judicial oversight.
"If Australian privacy laws cannot be enforced in this case, then all this talk by the Treasurer and Attorney-General about how Australia's tough privacy laws prevent our banking records leaving this country is completely meaningless."
The foundation has submitted a complaint to the privacy commissioner to investigate whether customer records are leaving the country.
Under local privacy laws, records cannot leave Australia unless safeguards are attached.
While the Australian Banking Association (ABA) was unwilling to comment, the Swift 2005 Annual Report shows 11 banks and 88 financial institutions in Australia sent more than three million messages over the SWIFTNet FIN service last year.
However, the privacy commissioner cannot investigate Swift itself because the organization is based in Belgium, which is outside the commissioner's jurisdiction.
Swift and the ECB has not been fined for breaching European privacy laws, but ECB chief Jean-Claude Trichet admits a global framework is required to deal with this problem.
"The problem is ongoing. The system we have in place is imperfect," Trichet said.
"It is very important to clarify the situation and work out what to do about such data transfers across the Atlantic.
"Any agreement between the EU and the U.S. should then form the basis for a global situation because the problem is worldwide."
European parliamentarians drew a parallel between the Swift data sharing case and ongoing attempts to forge an agreement allowing U.S. authorities access to airline passenger information.
In June this year the European Court of Justice branded a US mandate requiring passenger information to be sent to US authorities prior to travellers arriving in the country as illegal because the data may not be adequately protected.
Australian airlines fully comply with the U.S. mandate and the federal government claims passenger data is secure.
However, Qantas has confirmed that local passenger data is held in Germany and is subject to the strict European data laws. "Our customer data is held in an offshore facility with Amadeus," the spokesperson said.
"The data is held in Germany and subject to the EEC data laws which if anything are more stringent than Australian data protection laws." - With Paul Meller