Remarks by the European Central Bank on a resolution passed by the European Parliament relating to the operations of SWIFT
Today the European Parliament adopted a resolution on SWIFT in view of its release of data to US Authorities based on US subpoenas. Having regard to this resolution the European Central Bank (ECB) would like to make the following points:
- The ECB understands that initiatives have been taken in this context vis-à-vis the US Government; joint action by the EU institutions and bodies competent on data protection and on payment systems legislation as well as authorities responsible for the fight against terrorism is also urgently needed. The issue at stake requires action by the EU legislator, namely to provide legal certainty in areas where data protection might conflict with legislation on the fight against terrorism, and action by the European Union’s foreign relations bodies in what relates to specific action regarding the US subpoenas.
- The ECB does not share the recommendation to bring data protection within the oversight of SWIFT and within the scope of oversight of payment and settlement system in general because (i) data protection is outside the competences of central banks and clearly allocated to data protection authorities; (ii) it would create an overlapping of competences on data protection compliance between the overseers and the national data protection authorities; and (iii) the question would be raised why oversight should encompass SWIFT’s (or any payment system’s) compliance with data protection laws and not SWIFT’s compliance with other compulsory laws (taxation, environment, etc.).
- The ECB would like to reiterate that the oversight of SWIFT is part of the tasks of central banks to ensure financial stability. A general obligation of professional secrecy is established in Article 38 of the Statute of the European System of Central Banks and the European Central Bank, stating that " Members of the governing bodies and the staff of the ECB and the national central banks shall be required, even after their duties have ceased, not to disclose information of the kind covered by the obligation of professional secrecy".
- The ECB takes note of its data protection obligations as a user of SWIFT and has already started to seek the consent of the individual users (i.e. employees and service providers) in the relevant contractual documentation, whereby information about the use of SWIFT and database storage will be contained.
- The ECB, in its capacity as policy maker in the field of payment systems, will make sure that payment systems owned and operated by the Eurosystem, including the future Target 2 system, are fully compliant with European data protection law.
The ECB also published on its website, on 1 February 2007, responses to questions raised by Mrs Pervenche Berès, the Chairwoman of the Committee on Economic and Monetary Affairs of the European Parliament and Mr Jean-Marie Cavada, the Chairman of the Committee on Civil Liberties, Justice and Home Affairs of the European Parliament, regarding the ECB’s follow-up to the Article 29 Working Party on the processing of personal data by SWIFT.