Will the new flawed EU-US PNR agreement be approved by the EP?

By EDRi · November 16, 2011

This article is also available in:
Deutsch: [Wird das EU-Parlament dem katastrophalen PNR-Abkommen mit den USA zustimmen? | https://www.unwatched.org/EDRigram_9.22_Wird_das_EU_Parlament_dem_katastrophalen_PNR_Abkommen_mit_den_USA_zustimmen?pk_campaign=edri&pk_kwd=20111116]

In May 2011, the European Commission’s Legal Service said the EU-USA PNR
agreement on the transfer of personal data of travellers flying from Europe
to the US was not compatible with fundamental rights. Five months later a
new, but similarly flawed version, is now presented to the European

With the US side having kept pressing the EU on finalising the PNR
agreement, a new slightly changed version is now under discussion. Although
the new text still raises privacy concerns, it seems unlikely that the
European Parliament will reject this version.

Commissioner Malmström presented details of the new EU-US agreement to the
German newspaper FAZ on 9 November 2011. While Parliamentarians
currently do not have the right to talk about details of the negotiations,
the Commission has apparently every right to go on a promotion campaign. The
text of the Agreement is available for Parliamentarians in a secret reading
room of the EU-Parliament where they can only read it, but do not have the
right to take photos or notes. It is bizarre that there has been no reaction
so far by MEPs on the fact that the German newspaper got briefed before the
official briefing for the rapporteur and shadow rapporteurs which took place
only on 15 November. This is clearly in breach of art.
218(10) TFEU, which reads “The European Parliament shall be immediately and
fully informed at all stages of the procedure.”

The retention period for the all data remains 15 years but now there are
restrictions for accesing that data after 10 years for serious crimes, such
as drug and human trafficking.

Also, under the draft deal, the data sent to US authorities would become “pseudonymous” after six months which means that some data would be masked out although still available in case of an event. Other data, including frequent flier info and payment/biling info will still be unmasked.

The data would remain in an “active” database easily accessible to US
officials for five years, and then would be transferred to a “dormant”
database which will require stricter conditions to be accessed. The US
police or intelligence officers can retrieve or black out the data only with
special permission from a superior.

“Whatever they did are just cosmetic changes, the substance of blanket data
retention has remained. And even if they say personal data will be
‘anonymised’ after six months, the US still keeps all the records for 15
years,” said German Green MEP Jan Philipp Albrecht.

In his opinion, the agreement still violates EU data privacy rules as the US
will still access and store all private data, (including telephone numbers,
email addresses and even credit card data).

MEP Sophie in’t Veld (LIBE / Netherlands), said that her group would wait
for legal advice before deciding on the vote but also expressed concern
regarding the fact that the text still allows the use of data for boarder
purposes than the fight against terrorism and organised crime. She also
showed her disappointment that after a long negotiation period, the final
version of the text is still only very little better than what MEPs have
continuously been asking for some years now.

“If this is what we are able to get out of our closest allies, what will
come out of negotiations with other countries? South Korea and Qatar are
also interested in PNR agreements, South Africa, Malaysia and Cuba are
preparing demands and it will be only a matter of time until Russia and
China will want this, too,” stated Sophie in’t Veld.

Michele Cercone, spokesman for EU Home Affairs Commissioner Cecilia
Malmstroem, stated however that, in their opinion, the new draft was a big
improvement to the last text: “The new agreement will guarantee that PNR
data will be used for restricted and well defined purposes, which are
fighting transnational crime and terrorism.”

According to the proponents of the new treaty, the EU is not in the best
position to negotiate considering that European airlines will have to pass
travellers’ information to the US authorities in order to be able to fly to
the US. By rejecting the agreement, the EU may put airlines in the position
to face potential law cases for infringing privacy regulations.

In October 2011, a PNR agreement with Australian was approved by MEPs but in
that case the retention period is only five and a half years and the data
transfer is limited to terrorism and organised crime.

Unhappy MEPs to approve passenger data deal (11.11.2011)

FAZ article with Commissioner Malmström (only in German, 10.11.2011)

EU, US pen new passenger data deal to ease privacy fears (11.11.2011)

EDRi-gram: EU-US PNR agreement found incompatible with human rights