View Full Version : EU: Brussels Warns Of Trans-Atlantic Rift Over Airline Passenger Data

Friday, September 5th, 2003, 12:33 PM
EU: Brussels Warns Of Trans-Atlantic Rift Over Airline Passenger Data

By Ahto Lobjakas

The European Commission says a trans-Atlantic rift is in the offing over the U.S. refusal to honor EU data protection rules. Airlines operating between Europe and the United States have been forced by Washington to hand over traveler records in advance or face heavy fines. Although the EU initially sanctioned the deal, it now says the U.S. has failed to honor commitments to treat the data in accordance with EU standards.

Brussels, 4 September 2003 (RFE/RL) -- The European Commission this week said it has not won any significant concessions from the United States over how the U.S. Department of Homeland Defense treats sensitive passenger information handed over by European airlines flying to U.S. airports.

The EU sanctioned the sharing of passenger data with the United States in February, and U.S. border and customs authorities have enjoyed free access to online reservation databases since 5 March. The United States says such access is vital to screen potential terrorists and criminals before they arrive in the country. It has also threatened to impose heavy fines on airlines for not complying with the request.

The commission said this week that despite "very frequent" contacts with U.S. officials the United States has not honored a commitment undertaken in February to treat the data in what it calls an "appropriate" manner -- that is, in conformity with EU data protection rules.

Jonathan Todd is a European Commission spokesman. He says a number of key EU concerns remain unaddressed by Washington.

"We have a number of concerns. For example, the directive requires data to be used for a specific purpose," Todd said. "That's one of the main principles of the directive. Another principle where we have some concerns with the Americans still is that the subject of the data -- you and I, for example -- must have a means of redress. If, for example, you or I are concerned that somebody holds data on us which is incorrect or misleading, we need to be in a position to be able to challenge that data in an independent manner."

The commission has made public a letter sent in mid-June by the EU's responsible commissioner, Frits Bolkestein, to Tom Ridge, head of the U.S. Department of Homeland Security.

In the letter, Bolkestein says the EU's concerns go beyond legal assurances and have to do with fundamental rights and liberties that are "fiercely cherished in the EU." He ends the letter by warning that what he calls a "highly charged trans-Atlantic confrontation" may be in the offing.

Yesterday, Todd said the United States -- despite promises made in February -- has not installed a filter to screen out nonessential passenger data, such as contact telephone numbers and credit-card numbers.

The EU also is worried about its lack of control over how passenger data is distributed further by U.S. customs authorities. The U.S. has said passenger data would be relayed to other U.S. authorities for purposes of "national security" or simply "law enforcement."

The decision to pass on sensitive information will be made by the U.S. deputy commissioner of customs.

Todd said the U.S. position has not changed since Bolkestein sent his letter. He warned that the present arrangement is transitional and that a legally binding and mutually satisfactory agreement must be reached by the two sides to avoid conflict.

He said that, for now, EU airlines are operating in legislative limbo: "In the meantime the [EU] data protection directive applies, and that requires that adequate protection be given to this data. Now, that means that if a national data protection authority [in the EU] considers that this data does not enjoy adequate protection, then they're obliged under the directive to intervene, to block the data, or to require certain undertakings to be given by the airlines.

Potentially, that would therefore mean that an airline or a computer reservation system could find itself fined by a national data protection authority for supplying the data, and fined by the American authorities for not supplying the data."

Todd said the EU acknowledges that the United States has legitimate security concerns but indicated the present situation is unacceptable. He said a commission meeting in early October will consider how to resolve the issue.

Todd said the deputy head of the U.S. Department of Homeland Security, William Asa Hutchinson, will travel to Brussels on 22 September for talks with EU officials.

Source (http://www.rferl.org/nca/features/2003/09/04092003174317.asp)

Friday, September 5th, 2003, 12:50 PM
Use of travellers’ data causes Atlantic divide

EUOBSERVER / STRASBOURG – Top EU officials have warned of an intractable and highly charged transatlantic confrontation, if the US does not match EU standards on handling sensitive airline passenger information.

After the 11 September attacks, the US made it mandatory for airlines to provide the US with electronic access to Passenger Name Record data (PNR) – which includes information on such things as the passenger’s meal choice, which could give away a religious affiliation.

US breaking EU data protection rules
The US authorities have had access to most European airline passenger databases since March 2003, despite this being in breach of European privacy law.

In a letter sent to Tom Ridge the head of US Homeland Security last June, Commissioner Frits Bolkestein (internal market) said that PNR data flow to the US is in breach of the EU Data Protection Directive, and said it was "urgent to establish a framework which is more legally secure".

He also talked about a "highly charged Trans-Atlantic confrontation with no obvious way out" should the US fail to meet the EU requirement over this issue.

Moreover the US has so far refused to limit the use of data to its fight against terrorism, and is arguing that to fulfil their task, it is also needed to address other types of crimes.

Seven years storage
"There are not enough assurances to be able to conclude that data protection would be adequate", Commission spokesperson Reijo Kempinnen said Tuesday afternoon in Strasbourg after the European Commissioners discussed this issue.

Another contentious issue is the length of time data can be retained - whilst the EU talks about weeks and months, the US would like to retain it for about seven years.

Mr Bolkestein is expected to address this issue in one of the European Parliament committees in the next few days.

Source (http://www.euobserver.com/index.phtml?sid=9&aid=12523)

Friday, September 5th, 2003, 12:52 PM

Campaign against the illegal transfer of European travellers' data to the USA

EDRI and its partners held successful actions on 20 May at Schiphol (Amsterdam), Zaventem (Brussels) and Vienna airport.

At all three airports EDRI members have provided airline passengers with important information about the transfer of their personal data to US authorities. Passengers were given a letter they can send to the national Data Protection Authority in their country to request an investigation of the illegal transfer of their personal data.

The action in Amsterdam was done by Bits of Freedom with Kathalijne Buitenweg (member of the European parliament) and Marijke Vos and Jan de Wit (members of the Dutch parliament). In Brussels Kathalijne Buitenweg and Marco Cappato (both members of the European parliament) informed passengers. In Vienna passengers were given information and letters by Public Netbase.

Since 5 march 2003, United States authorities have had access to most European airlines' passenger databases. An agreement between the European commission and United States Customs gives the USA online access to passenger name record (PNR) data of all Europe-based airline carriers for flights that go to, from or through the USA. The EU and US are now opening talks about the processing of the data. This is the time to come into action!

Join the campaign of European Digital Rights: download and send the complaint letters to your airline and national data protection authority.

If you do not want the European Commission to give your privacy away, write these letters today to show that you want to claim back your privacy rights.

Source (http://www.edri.org/)