The Dutch Data Protection Authority (CBP) and the Belgian Data Protection Authority (CPP) will be conducting an investigation on whether third parties could gain unauthorized or unlawful access to European citizens' bank data. The investigation will be carried out in close cooperation and consultation between both DPAs.
Several media have recently reported that American security services have allegedly gained direct access contrary to the privacy terms in the Terrorist Finance Tracking Program II Agreement (TFTP agreement) which SWIFT is subject to. SWIFT handles international financial messaging for over 10,000 financial institutions from about 200 countries. SWIFT's headquarters are established in Belgium. The organisation also has a location in the Netherlands.
In 2010 the European Commission and the United States concluded the TFTP Agreement. This agreement on the exchange of bank data between the European Union and the United States in the context of the fight against terrorism enables the Unites States to request data on bank transactions through a special procedure. The agreement contains several terms on privacy including how this data may be used and external oversight of this use.