EDRI launches campaign on air passenger data

This week, European Digital Rights (EDRI) launched a campaign against the
transfer of European air travellers’ data to the United States. The
campaign coincides with renewed talks between the European Commission and
the United States.

Since 5 March 2003, an agreement between the European Commission and United
States Customs provides US authorities online access to European
travellers’ Passenger Name Record (PNR) data for flights to the US. The PNR
data consist of all relevant information related to a passenger’s flight:
departure and return flights, connecting flights, special services required
on board the flight (meals such as Kosher or Halal) and flight payment
information such as credit card numbers.

Under EU privacy regulations the transfer of such personal data to third
countries is bound to strict guidelines. However, due to political and
economic pressures by the US government, the European Commission has
allowed the transfer of passenger data to go through.

On 6 May the parliamentary Committee on Citizens’ Freedoms and Rights
(LIBE) held a hearing on transfer of European air travellers’ data.
Representatives of the US Department of Homeland Security came to Brussels
to convince the Committee members of their intention to protect the privacy
of European air travellers. They had little to offer and presented no new
limitations on the existing practice of data transfer.

It became clear during the hearing in the European parliament that the PNR
data will be fed into the Computer Assisted Passenger Pre-screening System.
In a current test of the second generation of the system, CAPPS II, the
goal is to identify terrorists, according to Douglas Browning, a senior
official if US Customs. But the agreement between the US and the EU on the
PNR data mentions that US Customs may share the data with other US agencies
for “legitimate law enforcement purposes”. This is a very broad definition
and can be read like an assurance that all European passengers’ data could
be stored in FBI and other US agencies’ databases for many years to come,
to be used for all kinds of law enforcement purposes. Those purposes are
very different from the limited anti-terrorism objectives that, the US
government claimed, originally justified their request for more EU
passenger data from European airline companies.

In the campaign against the transfer of PNR data European Digital Rights
offers models of complaints that air travellers can send to the airline
carriers and their national data protection commissioners. With the first
letter, air travellers can request their personal data from the airlines
and get information about which of their personal data were transferred to
the US. The second letter is addressed to national data protection
commissioners to urge them to investigate the transfer of personal data.
The letters are available through the website of European Digital Rights.

Although the US Department of Homeland Security now has a Privacy Officer
and the CAPPS II program will get a Passenger Advocate (to process
complaints from passengers) it remains to be seen what influence and powers
they will have or if these officials are merely installed to keep EU
privacy officials and advocacy groups at a distance.

Campaign against the illegal transfer of European travellers’ data to the USA
http://www.edri.org/cgi-bin/index?funktion=campaigns

EPIC resource: EU-US Airline Passenger Data Disclosure
http://www.epic.org/privacy/intl/passenger_data.html

Complaints of US air passengers about the “no-fly” list (an outlook for
European travellers!)
http://www.epic.org/privacy/airtravel/foia/watchlist_foia_analysis.html