The Swift network processes international fund transfers in Australia for the Commonwealth Bank, Westpac Banking Corp. and ANZ National Bank Ltd.
The Article 29 Data Protection Working Party, the independent EU advisory body on data protection and privacy, last week confirmed the organization breached European data protection laws by forwarding transaction and banking information on to the US Department of Treasury.
A statement from the working party said that even in the fight against terrorism and crime, fundamental rights must remain guaranteed, adding Swift, and financial institutions hold joint responsibility for the transfers.
"The existing international framework is already available with regard to the fight against terrorism. The possibilities already offered should be exploited while ensuring the required level of protection of fundamental rights," said the statement.
"As far as the communication of personal data to the U.S. Treasury is concerned, the Working Party is of the opinion that the hidden, systemic, massive and long-term transfer of personal data by Swift to the U.S. Treasury in a confidential, non-transparent and systematic manner for years without effective legal grounds and without the possibility of independent control by public data protection supervisory authorities constitutes a violation of the fundamental European principles as regards data protection and is not in accordance with Belgian and European law.
"The lack of compliance with data protection legislation may actually hamper consumers' trust in their banks and thus might also affect the financial stability of the payment system."
European data laws stipulate personal information must not be transferred out of Europe to countries with weaker data protection laws than Europe. The U.S. is considered such a country.
A statement on the Swift Web site says that a U.S. civil liberties panel, briefed on the issue on Tuesday November 28, said Swift had placed tight controls in place to protect data privacy. The issue, according to Swift is a "misinterpretation" of both U.S. and EU data protection laws.
"The panel was impressed with the lengths to which Swift had gone to prevent infringement on people's civil rights," the statement said.
"Swift has reiterated numerous times that it had gone beyond its legal obligations to ensure it complied with all laws, whether in the U.S. or EU.
"Swift, which is caught between serious interpretation issues surrounding current U.S. and EU laws, has called repeatedly for a global solution for providing financial intelligence for counter-terrorism purposes with adequate data protection safeguards."