Canadian banks and SWIFT (July 2006)

Together with Privacy International, CIPPIC filed a formal complaint with the Privacy Commissioner of Canada against the "Big Six" Canadian banks, regarding allegedly unlawful disclosures of personal banking information to the U.S. government by SWIFT, a Belgium-based clearinghouse for international bank transfers. Under federal data protection law, banks are responsible for personal information that they outsource for processing purposes. The federal Privacy Commissioner subsequently launched an investigation of SWIFT itself.

In a report released September 28, 2006, the Belgian Privacy Commissioner found that SWIFT had violated Belgian law in systematically transferring "massive amounts of personal data [to the US Treasury] for surveillance without effective and clear legal basis and independent controls in line with Belgian and European law".

The Privacy Commissioner released a summary of her findings on CIPPIC's complaints, as well as her finding on SWIFT's own liability under PIPEDA, on April 2nd, 2007. In brief, she found that neither SWIFT nor Canadian banks are violating PIPEDA when they disclose personal information about Canadians to foreign authorities in response to subpoenas by those authorities, even if such subpoenas would not be valid under Canadian law. Detailed letter findings below:


CIPPIC' s complaint letter, july 27,2006.


Privacy Commissioner launches investigation of Swift.

Privacy International.