EU Commission heads for global travel surveillance system

By EDRi · February 11, 2004

The UK civil liberties group Privacy International, in co-operation with European Digital Rights, the Foundation for Information Policy Research and Statewatch, has published an analysis of the EU-US negotiations on the transfer on passenger information (PNR). The report titled ‘Transferring Privacy’ describes how the European Commission leaves European privacy rights at the mercy of the U.S. Department of Homeland Security.

According to the report the European Commission has ‘not assured adequate
protection requirements, clear purpose limitation, non-excessive data
collection, limited data retention time, and insurance against further
transfers beyond the Department of Homeland Security’. The report also
points to the insufficiently independent privacy officers on the US side
that will process complaints from EU passengers and a retention period of
3.5 years.

Privacy International is concerned that other countries under pressure
from the U.S. to weaken their privacy regimes will have lost an ally in
Europe, and will be forced to transfer data under similar, if not worse,
conditions. “The result will be to a race to the bottom for global privacy
protection.”

In an included commentary the American Civil Liberties Union worries about
the developments in Europe: “When it comes to privacy protections, we want
to join Europe, not have them join us.”

The report describes in detail how the Commission under the leadership of
Bolkestein has agreed in secret that the US may use the PNR data in the
Computer Assisted Passenger Pre-Screening System (CAPPS-II). This system
will profile all passengers using various sources of information including
private sector databases and intelligence information.

The report shows that the conflict over PNR transfer has supporters and
opponents on both sides of the Atlantic: “we are not witnessing a battle
between Europeans and Americans, but a battle between those in Europe and
America who would like to construct an infrastructure for the global
tracking and surveillance of individuals’ movements, and those in Europe
and America who believe that such a course is dangerous to freedom and an
unpromising means of stopping terrorists.”

The European Data Protection Authorities have published an opinion on the
latest agreements between the EU and the US. The so-called Article 29 Data
Protection Working Party calls the agreement inadequate. Any future and
final agreement should at least limit the use of PNR to fighting acts of
terrorism, the retention period should be shorter and passengers’ data
should not be used for implementing and/or testing CAPPS II or similar
systems. The Working Party also calls for a ‘truly independent redress
mechanism’ instead of the current Privacy Officer at the Department of
Homeland Security.

Transferring Privacy: The Transfer of Passenger Records and the Abdication of Privacy Protection (02.2004)
http://www.privacyinternational.org/issues/terrorism/rpt/transferringprivacy.pdf

Article 29 Data Protection Working Party: Opinion 2/2004 (29.01.2004)
http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2004/wp87_en.pdf

Commission Staff Working Paper on PNR (21.01.2004)
http://www.statewatch.org/news/2004/feb/comm-capps-5589.en04.pdf

Draft undertakings of the Department of Homeland Security Bureau of Customs and Border Protection (12.01.2004)
http://www.statewatch.org/news/2004/jan/EUUSAG2.pdf

Documents and analysis: Statewatch observatory on the exchange of data on passengers (PNR) with USA
http://www.statewatch.org/pnrobservatory.htm

News and analysis on PNR and CAPPS-II from the US: Edward Hasbrouck’s blog
http://hasbrouck.org/blog/archives/cat_privacy_and_travel.html