EU knew about the US's system profiling all visitors

By EDRi · January 17, 2007

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

New controversial issues appear in the case of Passanger Name Record (PNR)
deal with US that show the level of privacy from the US authorities is very
far from the European standards. As Statewatch revealed, the EU Council
Presidency admitted that the Council of the European Union and the European
Commission had known about the US’s “Automated Targeting System” (ATS)
profiling all visitors.

The issue has become critical after the Homeland Security Department (DHS)
posted a Notice on the Federal Register in November 2006 showing that PNR
data on travellers from the EU are included in the ATS used by DHS Customs
and Border Protection (CBP) branch.

ATS is a system that U.S. has used for some years to assess risks to
transport. Until August 2006 the system was believed to target cargo
shipments. However the DHS notice of November revealed the fact that CBP was
using this system to target passengers as well, using, collecting and
storing PNR data received from airlines databases.

The system creates a risk assessment score and it is not limited to fighting
terrorism and crime. Moreover the data is preserved for a 40 year period and
can be shared with other US Government organizations and foreign governments
or organizations.

ATS system not only violates US Congressional prohibitions on passenger
risk-assessment schemes ignoring the privacy rights of the US citizens but
also the right of citizens all over the world.

According to the agreement reached between EU and the US Government in 2004
the transfer of data was allowed with some safeguards, including 3.5 year
period of retention and some rights of access by European citizens to
correct their data. The US Government promised to use the data only to fight
terrorism and organised crime and not to share these data with other
agencies or for risk-assessment scoring.

The concerns of data protection organisations and bodies come from the fact
that US has shown to have constantly broken the agreement. As ATS uses PNR
received from EU carriers, CBP uses the data for the profiling of risk
assessments although the agreement was only for the verification of the data
people on a watch-list. The data are preserved for 40 years for risk
assessment profiling purposes which obviously exceeds by far the 3.5 year
period established in the agreement or the case-to-case provision for a
person suspected of terrorism.

The data is not only used to combat terrorism or organized crime as agreed
but also for general law enforcement purposes and the safeguards imposed by
the agreement, including the right to correct data by the European citizens,
are not observed.

Although the Finnish Presidency of EU claims to have made all the efforts in
reaching a political consensus on the promotion of the Framework Decision on
data protection and in increasing the safeguards for data protection, it has
also come out that the Council of Europe and the European Commission had
been aware of the existence of ATS since 2005. The Finnish Presidency stated
it had sent an official enquiry to the US authorities to clarify the ATS
relation to the PNR agreement but data protection advocates show strong
reserves to whether the EU will be able to negotiate efficiently in this

“The EU Presidency statement that the Council and Commission have known
about the ATS for over a year is quite extraordinary. During this period
they renegotiated the EU-USA PNR agreement claiming it was on the same terms
as that agreed in 2004 when they clearly knew it was not. The Council and
the Commission knew about it but did nothing until the existence of the ATS
was made public and now they have asked for clarification” stated Tony
Bunyan, Statewatch editor.

The past history on this issue has shown that the US Government has not
observed the agreement and that EU has continuously weakened its demands
related to data protection safeguards.

Privacy International and the American Civil Liberties Union have called for
the repeal of the EU-US agreement on PNR data transfers by appealing to the
Council of the European Union, the European Commission, the European
Parliament, and privacy commissioners in 31 countries across Europe.

Address to the European Parliament by Minister for European Affairs Paula
Lehtomaki on Data Protection (12.12.2006)

PI and ACLU call for repeal of EU-US agreement on data transfers