European Data Protection Authorities investigate bank data security

​Press release, 13 November 2013
The Belgian and Dutch Data Protection Authorities (DPAs) will be conducting an investigation into the security of SWIFT's payment networks following, among others, international media reports on foreign intelligence services - possibly the NSA - allegedly having unlawful access under European law to financial messaging data at SWIFT.

​The Dutch Data Protection Authority (CBP) and the Belgian Data Protection Authority (CPP) will be conducting an investigation on whether third parties could gain unauthorized or unlawful access to European citizens' bank data. The investigation will be carried out in close cooperation and consultation between both DPAs.

Several media have recently reported that American security services have allegedly gained direct access contrary to the privacy terms in the Terrorist Finance Tracking Program II Agreement (TFTP agreement) which SWIFT is subject to. SWIFT handles international financial messaging for over 10,000 financial institutions from about 200 countries. SWIFT's headquarters are established in Belgium. The organisation also has a location in the Netherlands.

In 2010 the European Commission and the United States concluded the TFTP Agreement. This agreement on the exchange of bank data between the European Union and the United States in the context of the fight against terrorism enables the Unites States to request data on bank transactions through a special procedure. The agreement contains several terms on privacy including how this data may be used and external oversight of this use.