European action week on airline passenger surveillance

By EDRi · October 19, 2011

This article is also available in:
Deutsch: [Europäische Aktionswoche gegen Fluggastüberwachung |]

Credit card details, hotel bookings, IP addresses, mobile phone numbers, and
travel details: all this information is currently being transferred to law
enforcement agencies in third countries. The storage and automatic
processing of our data is supposed to enable law enforcement agencies to
identify “unknown” suspects and to profile citizens as possible terrorists
or people-traffickers.

On 17 October 2011, EDRi and organised a public workshop with a
keynote speech by U.S. travel expert and human rights advocate Mr Edward
Hasbrouck. The aim of the workshop was to discuss the international
agreements on the transfer, storage and processing of passenger name records
(PNR) with the USA, Canada and Australia and the plans for a European travel
surveillance system. The event launched a European action week on PNR
including activists’ workshops in Berlin and Vienna, discussions in the
European Parliament and a meeting with Germany’s Justice Minister Sabine

The agreements from 2007 on the processing and transfer of airline passenger
data, which have since then been provisionally applied, are currently being
renegotiated by the EU. The agreement between the EU and Australia has
already been signed by the Council last month and will be put to a plenary
vote in the European Parliament on 27 October 2011. If the EP decides to
give its consent to this agreement next week – despite the fact that it does
not meet the minimum guarantees demanded by the EP in its previous
resolutions – it would then be in force for seven years.

The US-EU agreement, which aims to store the personal data of millions of
transatlantic air passengers for 15 years, is still being negotiated. At the
present time, the U.S. Department of Homeland Security (DHS) is not willing
to countenance any concessions regarding the retention period or safeguards.
However, air carriers are already transmitting travel data to the DHS each
time we are taking the plane to the U.S. The information submitted by
passengers when buying a ticket is freely available to any agencies in the
U.S., where there are no data protection laws.

In his speech at EDRi’s offices (see slides below), Hasbrouck explained his
work in the U.S. which includes a legal case against the DHS to obtain
access to his own PNR data. He mainly criticised that the EU-U.S. agreement
is not a treaty and can therefore not be enforced in U.S. Courts. Hasbrouck
underlined that it does not recognize the fundamental right to freedom of
movement (ICCPR, Article 12) and criticised the fact that it does not
prohibit data mining or profiling. He also highlighted that the main reason
for the agreement was to legitimise the already existing access by the U.S.
to travel data. According to a DHS testimony to Congress, 5 Oct. 2011, an
agreement is crucial “to protect U.S. industry partners from unreasonable
lawsuits, as well as to reassure our allies, DHS has entered into these

In this context it is also worth noting that in May 2011, the DHS had
already nearly 400 employees operating at airports and sea ports within the
EU. This practice came to light after Mark Koumans, Deputy Assistant
Secretary for International Affairs of the DHS, made a statement on the
extensive range of cooperative activities between police forces in the EU
and the U.S. police.

In addition to the international agreements, the Commission made a proposal
for a European Passenger Name Record (PNR) Directive, earlier this year, to
place all travel in and out of the EU under surveillance. The Commission is
not excluding the possibility of collecting and using of passenger name
record data for rail transport in the future. This proposal is supported by
the UK who is in favour of a PNR system for passengers travelling by sea.

However, a leaked note by the Commission’s own legal service in June this
year questioned the necessity of a period of more than two years in the
EU-PNR proposal. More worrying is European Union’s own PNR system which
intends to establish a new surveillance authority in each Member State
(Passenger Information Unit), whose main purpose would be profiling of
citizens based on their travel habits.

Last year, the European Data Protection Supervisor (EDPS) also harshly
criticized the proposal for a EU-PNR system: “The EDPS considers that the
bulk transfer of data about innocent people for risk assessment purposes
raises serious proportionality issues. (…) The EDPS questions in
particular the proactive use of PNR data. While ‘re-active’ use of data does
not raise major concerns, as far as it is part of an investigation of a
crime already committed, real time and proactive use lead to a more critical

EDRi has serious concerns that storage and processing of travel data without
given suspicion infringes the European fundamental right to data protection
(Art. 8 Charter of Fundamental Rights) and argues that fundamental rights
and freedoms in the context of ‘transatlantic cooperation’ are not taken
into consideration. In a recent position paper sent to all relevant MEPs for
their vote on the EU-Australia agreement, EDRi highlighted that the minimum
standards requested by the European Parliament in two resolutions have not
been met by the Commission.

EDRi position paper on the EU-Australian agreement (27.09.2011)

Hasbrouck’s slides from EDRi-noPNR workshop (17.10.2011) campaign website

Hasbrouck’s action week in Europe (12.10.2011)

FAQ about PNR data

Opinion of the European Data Protection Supervisor (EDPS) on the EU-PNR
proposal (18.10.2010)

Commission on the possibility to use PNR for rail transport (4.03.2011)

(Contribution by Kirsten Fiedler – EDRi)