Saturday

29th Apr 2017

Privacy campaigner: EU-US passenger data deal 'meaningless'

  • All persons travelling to the US are considered potential criminals (Photo: afagen)

A secretive agreement allowing Washington access to all personal information of air travellers to the US, seen by EUobserver, is "meaningless" and "deceptive" from a data privacy point of view, say experts.

The agreement, sealed last week between the European Commission and the US government, is now pending approval by member states and the European Parliament.

Dear EUobserver reader

Subscribe now for unrestricted access to EUobserver.

Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.

  1. Unlimited access on desktop and mobile
  2. All premium articles, analysis, commentary and investigations
  3. EUobserver archives

EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.

♡ We value your support.

If you already have an account click here to login.

It provides a legal basis for what started as an anti-terrorism data sifting programme in the US following the attacks on 11 September 2001: the transfer of data such as private email address, credit card number, travel itinerary, but also "general remarks" made by airline officials on the behaviour of the passenger.

EU commissioner Cecilia Malmstrom on Thursday (17 November) said the agreement "contains robust safeguards for European citizens' privacy," and is legally binding on the US.

But the full text remains secret - despite being of public interest as it deals with mass private data transfers, circumventing EU law on data privacy. MEPs dealing with the dossier have been allowed to look at the agreement only in a sealed room.

US campaigners like Edward Hasbrouck, who has filed several legal complaints in the US against the extensive use and storage of Passenger Name Records (PNR) by authorities, disagrees with Malmstrom's confident assessment of the deal.

"This is theoretically true: It is 'binding', but there is no enforcement mechanism. According to the terms of the agreement, the only remedy for non-compliance is to terminate the agreement for future data transfers," he told this website.

Even in this instance, the US government would still have access to the data, as airlines do not store the PNR information in their own servers, but in US-based "computer reservation systems" to which the Department of homeland security (DHS) has access.

According to the text, "the collection and analysis of PNR is necessary for DHS to carry out its border security mission."

Based on the personal data transferred to the American authorities 92 hours prior to departure, people can be subject to close inspection and interrogation or banned from flying, if they turn out to be on a no-fly list. But such lists are secret and access to them forbidden.

Claiming that personal data collection and analysis is "necessary" for border controls is false, says Hasbrouck. According to the UN Human Rights Committee, measures that hamper freedom of movement have to be proven to be effective and it must be clear that less restrictive alternative would not achieve the same purpose.

"There has been no showing as to why existing legal means - warrants or court orders - would not be sufficient as a means to obtain PNR data in specific investigations," Hasbrouck says.

The wide scope of the potential crimes targeted by the data analysis is also a reason for concern. Apart from suspects of terrorist acts, funding, being a facilitator or "contributing in any other way" to something that may look like a terrorist act, the agreement also applies to "other crimes that are punishable by a sentence of imprisonment of three years or more and that are transnational in nature," the text reads.

This may apply, for instance, to someone suspected of having illegally downloaded American movies or music and distributed them abroad.

Overall, the personal data will be retained for 15 years - five years in an active database and ten in a "dormant" state - where access is more limited and names blackened. "Re-personalisation" can be done, however, "in connection with law enforcement operations and then only in connection with an identifiable case, threat or risk."

The data for cases concerning other crimes than terrorism "may only be re-personalised for a period of up to five years," the agreement says.

Again, Hasbrouck points out that these retention limits "only apply to the DHS copy of the PNR."

The computer reservation systems can keep the original copy forever and there is nothing to stop the US authorities from getting a new copy from the reservation system, something not covered by the PNR agreement.

There are other potential issues too.

Anyone is entitled to access, correct or delete personal data but they are unlikely to be able to get hold of it, as most PNR data is exempt from the Freedom of Information Act.

Unhappy MEPs to approve passenger data deal

The freshly re-negotiated agreement on the transfer of personal data of air passengers flying from Europe to the US still raises privacy concerns, MEPs familiar with the text have said. But a veto by the Parliament is unlikely, however.

Member states to clash with EU parliament on passenger data

The European Parliament is likely to clash with member states over the use of EU air travellers' personal data in the search for suspected terrorists, as the UK is pushing to change a draft bill initially designed for passengers coming from non-EU countries.

Focus

EU to tighten privacy rules on air passenger data

The EU commission wants to strengthen privacy rules for sharing personal data of air travellers to the US, Australia and Canada and limit the use of this data strictly to fighting terrorism and serious organised crime.

Agenda

This WEEK in the European Union

Last week's EU summit deal on creating a fiscal compact is set to be dissected in Brussels and beyond with markets already responding with scepticism. MEPs travel to Strasbourg for an end-of-the-Polish-presidency roundup.

US scores victory on EU air passenger screening

A permanent treaty forcing EU companies to tell US authorities what air passengers email addresses and credit card numbers are or if they ever yelled at a travel agent is one step closer to reality.

News in Brief

  1. Vote of no confidence prepared against Spanish PM
  2. Syria to buy Russian anti-missile system
  3. Germany seeks partial burka ban
  4. Libya has no plan to stop migration flows
  5. EU has no evidence of NGO-smuggler collusion in Libya
  6. Poland gets 'final warning' on logging in ancient forest
  7. Commission gives Italy final warning on air pollution
  8. Romania and Slovenia taken to court over environment policies

Stakeholders' Highlights

  1. European Healthy Lifestyle AllianceCharlotte Hornets' Nicolas Batum Tells Kids to "Eat Well, Drink Well, Move!"
  2. ECR GroupSyed Kamall: We Need a New, More Honest Relationship With Turkey
  3. Counter BalanceParliament Sends Strong Signal to the EIB: Time to Act on Climate Change
  4. ACCARisks and Opportunities of Blockchain and Shared Ledgers Technologies in Financial Services
  5. UNICEFRace Against Time to Save Millions of Lives in Yemen
  6. Nordic Council of MinistersDeveloping Independent Russian-Language Media in the Baltic Countries
  7. Swedish EnterprisesReform of the European Electricity Market: Lessons from the Nordics, Brussels 2 May
  8. Malta EU 2017Green Light Given for New EU Regulation to Bolster External Border Checks
  9. Counter BalanceCall for EU Commission to Withdraw Support of Trans-Adriatic Pipeline
  10. ACCAEconomic Confidence at Highest Since 2015
  11. European Federation of Allergy and Airways60%-90% of Your Life Is Spent Indoors. How Does Poor Indoor Air Quality Affect You?
  12. European Gaming and Betting AssociationCJEU Confirms Obligation for a Transparent Licensing Process