The US Treasury Department acted in accordance with EU-mandated rules to safeguard customers' privacy when it accessed international banking records, the European Commission confirmed yesterday (17 February).
The results of a review by Judge Bruguière into the Treasury Department's data handling procedures were a sequel to moves by the US to track terrorist money movements through the SWIFT international banking network after the attacks on the New York World Trade Centre on 11 September 2001.
When the Terrorist Finance Tracking Programme (TFTP) was first revealed, it outraged bank customers and civil rights agencies because of the invasion of privacy it entailed.
In March 2008, the European Commission set up a review of the department's procedures governing the handling, use, and dissemination of SWIFT records from the EU.
EC vice-president Francios Barrot, in charge of justice, liberty and security, said the department had been "vigilant from the outset" in respecting safeguards negotiated in 2007, notably the strict counter-terrorism purpose limitation.
"The TFTP has generated significant value in the fight against terrorism, notably in Europe," he said.
The judge reported that the department had put in significant and effective controls and safeguards, which ensure respect for the protection of personal data subpoenaed for the purpose of the TFTP. But he also recommended ways to strengthen them.
Under the TFTP the Treasury Department served administrative subpoenas on SWIFT. These required SWIFT in the US to transfer a subset of message data held on its US server to the department for use in counter-terrorism investigations of suspected individuals or entities.
In June 2007 the department gave commitments on the safe handling of data obtained under the subpoenas. These were published in the Official Journal of the EU in July 2007 and in the US Federal Register in October 2007.