EU passenger data possibly used commercially
The US Transportation Security Administration is facing a scandal involving data being swapped forth and back with a private company engaged in data brokering.
As Associated Press reported, the TSA, which is an agency of the US Department of Homeland Security, is not only storing commercial data about domestic air passengers. It has also passed this data on to EagleForce Associate, a company based in Virginia and engaged in data mining. This company matched the data to other sets of data from different sources and burnt it on CDs, which were then sent back to the TSA. The authority reportedly used the CDs for testing terrorist watchlists. This practice concerns only domestic US flights.
But, as part of a deal with the Commission, the Department of Homeland Security is also receiving in advance data of EU passengers on transatlantic flights. The US have promised to treat this data according to EU data protection standards. The Commission has taken this promise as a sufficient guarantee that the data will be treated adequately, which is a legal condition for the data transfer to take place.
But the US Congress has also banned the TSA from ever using commercial data, and the TSA even promised in a legally binding form that the testing would be done only by its contractor. The TSA’s disrespect of this promise raises doubts about an adequate treatment of EU passengers’ data, which is subject to a similar promise from the Department of Homeland Security.
When asked by journalists, the European Commission denied any comment on possible consequences from the US breach of confidence. According to the press release from the JHA Council of 13 July (see first article) the ministers of Justice and Internal Affairs “call on the Commission to bring forward the proposal on air line passenger name records by October 2005.”
EFF, Why isn’t Secure Flight grounded? (16.06.2005)
Secure Flight Hits Turbulence (15.06.2005)
Transportation Security Administration: Secure Flight Program