The data contained in international credit transfer payments is forwarded to the beneficiary’s bank via the Belgium-based Society for Worldwide Interbank Financial Telecommunication (SWIFT). Irish banks have no alternative but to use SWIFT’s services to execute international payments as there is no other organisation at present providing such services worldwide. If Irish banks did not avail of SWIFT’s services, they would not be able to offer customers global payment services. Thus any customer, instructing his/her bank to execute a payment order is giving implicitly his/her consent that those data elements necessary for the correct processing of the transaction may be sent outside of Ireland.
The SWIFT network used by Irish banks meets the highest security standards from a technical and organisational standpoint. SWIFT has operating centres in both Europe and the US where the transaction data is stored temporarily. Thanks to continuous data mirroring, the data stored on the operating centre servers is always identical. This mirroring is carried out for security reasons so that if one operating centre malfunctions, international payments can continue to be processed by the other operating centre. Maintaining a geographically separated back-up infrastructure to ensure continued operation is in line with international standards and supervisory requirements.
In the aftermath of September 11, 2001, the US Treasury, acting on the strength of official subpoenas, requested transaction data from SWIFT’s operating centre in the US and evaluated it for anti-terrorism purposes. Both SWIFT and the US Treasury maintain that a memorandum of agreement was reached to reduce the amount of data covered by the subpoenas as much as possible and ensure its evaluation for anti-terrorism purposes only. In November 2006, European and Irish data protection supervisors voiced concerns about the mirroring of payment transaction data at the SWIFT operating centre in the US and access by US authorities to this data. The Irish banking industry is currently seeking to find an international solution to the data protection law issues involved. To this end, it is continuing the constructive dialogue with all the parties concerned, particularly with data protection supervisors and SWIFT.