US official makes PNR demands to the European Parliament

By EDRi · May 23, 2007

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

As the negotiations of the PNR (Passenger Name Records) issue continue
between the US Government and the European Parliament, during his visit to
Brussels on 14 May, US Homeland Security Secretary Michael Chertoff asked
for more relaxed restrictions on the personal data transfer from the
airline companies.

The interim agreement on PNR between EU and US expires in July 2007 and
unless a common agreement is reached by then, airlines are in a difficult
position, facing either being sued in Europe for providing these data in the
US or in the US for not sharing the information.

Chertoff addressed the Parliament’s Committee on Civil Liberties, Justice
and Home Affairs asking for looser privacy safeguard conditions in the
transfer of the personal data of passengers flying from Europe to US. The
European Parliament has resisted until now, being concerned on personal data
protection issues.

One of the restrictions Chertoff referred to in asking for looser conditions
was the use of the data limiting their dissemination to institutions that
have strict privacy safeguards standards as in the EU.

Chertoff considers that in order to stop terrorism, the data have to be
shared among all US government agencies. He also stated the U.S. wanted to
hold the data for 40 years but he also said this was negotiable.

While the European Commissioner for justice and home affairs Franco Frattini
said he was confident the EU and the US could reach an agreement on how to
handle personal information about European citizens flying to America, there
were voices that asked uncomfortable questions to Chertoff.

MEP Sophie in ‘t Veld, the rapporteur responsible for PNR policy asked if
PNR were used for purposes other than counter-terrorism, such as control of
infectious diseases, or private purposes of certain companies such as
insurance companies. The answer was that the use of PNR by private companies
was illegal and those infringing the law would be brought to justice.
But PNR data are first of all commercial records created and used for
commercial purposes by travel companies and Chertoff ‘s answer would imply
that these companies are forbidden to use these data and that would make
impossible for them to operate. US has generally more lax laws on privacy
and data protection and there is no law restricting them from passing part
or all of those data to a third party, or using the data for other purposes
than those for which the data had been collected.

Chertoff also claimed that “PNR data is protected under the U.S. Privacy Act
and the Freedom of Information Act, among other laws, as well as the robust
oversight provided through … American courts.” However, Privacy Act
applies only to U.S. persons, not EU citizens and residents.

Sophie in ‘t Veld also asked Chertoff if he was really interested in a
compromise “instead imposing unilaterally US standards and wishes” but she
did not get a clear answer.

“It is never justified to give unlimited and uncontrolled powers to any
government,” said in ‘t Veld.

US asks Europe to relax privacy rules for new airline deal (15.05.2007)
http://www.out-law.com//default.aspx?page=8051

U.S., EU Hopeful on Airline Data Privacy Pact (14.05.2007)
http://www.pcworld.com/article/id,131800-c,privacy/article.html/

Did Chertoff lie to the European Parliament? (15.05.2007)
http://hasbrouck.org/blog/archives/001259.html

Does the Chicago Convention authorize government demands for PNR’s? No.
(18.05.2007)
http://hasbrouck.org/blog/archives/001263.html

Video of the PNR hearing (14.05.2007)
http://media.ffii.org/Chertoff070514_PNR_hearing/