London-based privacy, civil liberties and human rights group Privacy International has urged Malta’s Data Protection Commission to take action on revelations that the United States government has, for the last five years, been given illegal access to private citizens’ banking information held by the Society for Worldwide Interbank Financial Telecommunication (SWIFT).

In a letter of complaint sent to Malta and 32 other countries whose banking information is believed to have been compromised, Privacy International launched a campaign against “the illegal actions of SWIFT in its transfer of financial transactional data to the US government”.

The Belgium-based SWIFT runs a worldwide network that exchanges information on financial transactions among 78,000 banks and other financial institutions across 205 countries.

At the centre of the data protection storm are the recent revelations that millions of records from the SWIFT database have been passed over to US intelligence agencies – specifically the Treasury Department and the Central Intelligence Agency – since 2001.

In its complaint, Privacy International said, “The disclosures involve the mass transfer of data from the SWIFT centre in Belgium to the United States, and possibly direct access by US authorities both to data held within Belgium and data residing in SWIFT centres worldwide.

“The complaints allege that the activity was undertaken without regard to legal process under data protection law, and that the disclosures were made without any legal basis or authority whatever. The scale of the operation, involving millions of records, places this disclosure in the realm of a fishing exercise rather than legally authorised investigation.”

Concerned that the practice “substantially violates” data protection laws, Privacy International has called on Malta and 32 other countries to “intervene with a view to making a demand that the disclosure programme be suspended following legal review”.

While the US administration believes the practice is instrumental in tracking financial transactions between terrorist groups, the practice is thought to have violated several European and US financial privacy laws since individual warrants to access financial data were not obtained.

The US refers to the practice, which had been covert until a week ago, as the Terrorist Finance Tracking Program. Reacting to articles run in the New York Times and the Los Angeles Times, SWIFT stated in a press release that it had “received significant protections and assurances as to the purpose, confidentiality, oversight and control of the limited sets of data produced under the subpoenas”.

The Office of the Belgian Prime Minister has confirmed that SWIFT had received “broad administrative subpoenas” for millions of records. An administrative subpoena, however, does not carry legal weight and is essentially a letter issued without judicial authority.

Belgium’s prime minister has also asked the justice ministry to look into whether SWIFT had acted unlawfully by providing US authorities with access to information from its database without the approval of a Belgian judge. A Belgian parliamentary committee overseeing the Belgian State Security Service is expected to issue a report on the matter in three weeks.

Raising its concern that the practice raises “troubling questions” under EU and US laws, Privacy International claims the practice goes over and above the so-called “war on terror”.

The group said, “We are also concerned that this data could be used by US authorities for a range of non-terrorist related activities. As this information can amount to a profile of all financial transfers over periods of years, the additional uses could vary widely to include taxation monitoring and even espionage.”