[JURIST] Canadian Privacy Commissioner Jennifer Stoddart [official profile] concluded an investigation [press release; official report] Monday into the Society for Worldwide Interbank Financial Telecommunication (SWIFT) [official website], finding that the European financial cooperative did not violate Canadian privacy laws [fact sheet] by post-September 11 information-sharing with the US Department of the Treasury [official website]. SWIFT was alleged to have illegally disclosed personal information of some customers of Canadian financial institutions in violation of Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) [text]. Stoddart found that while SWIFT was subject to the terms of PIPEDA, it
did not contravene the Act when it complied with lawful subpoenas served outside the country and disclosed personal information about Canadians to foreign authorities.
Stoddart said she would petition Canadian authorities to encourage the US to rely on existing, more transparent measures such as anti-money laundering and anti-terrorism financing mechanisms rather than subpoenas. Reuters has more.
In November the European Commission's Article 29 Data Protection Working Party [official website] found that SWIFT violated European privacy laws [JURIST report] when it released similar information about cross-border wire transfers by European citizens to the US government. The New York Times and other papers revealed the once-secret program [JURIST report] in June 2006, prompting sharp criticism from the Bush administration, which defended the initiative [press briefing]. According to US government officials, the program targeted those with suspected ties to Al Qaeda.