Saturday, 1 November 2003

Europe and U.S. (Still) at Odds on Airlines and Privacy

In an article in the travel section of tomorrow's New York Times , Europe and U.S. at Odds on Airlines and Privacy (already available on the Times Web site; free registration and cookie acceptance required), Times correspondent John Tagliabue reports from Paris that, "The trans-Atlantic differences [over travel data privacy] have put Europe's airlines in a bind. If they comply with American requirements, they violate European law; if they don't, they may be penalized by the United States."

In reality, EU data privacy laws apply to all data collected in the European Union, so the dispute affects USA-based airlines that sell tickets in the EU (i.e. all significant USA-based airlines, even ones that fly only domestic routes) just as much as EU-based airlines.

Tagliabue writes, "Last March the European Union gave airlines permission to comply temporarily with the requests [for travel data] from the United States even though they violate European privacy laws." Presumably, Tagliabue based this statement on what he was told by USA officials in the Department of Homeland Security. But in reality, the European Union never gave any such permsission, as the DHS knows full well. But if the DHS is still putting out that line, they are trying to defraud the Times , and its readers.

The "joint statements" on the USA-EU talks of 19 January 2003, 18 February 2003 , and 4 March 2003 , in their diplomatic langauge, were careful to avoid any staement of "agreement" or "approval"; they merely "noted" what the USA had said it would do.

To make EU non-approval of travel data transfers from the EU to the USA even more clear, the European Parliament voted 414 to 44 on 12 March 2003 to adopt a resolution that it, "Regrets the joint declaration ... by EU and US officials, which lacks any legal basis and could be interpreted as an indirect invitation to the national authorities to disregard Community law; calls on the President of Parliament to activate the procedure provided for in Rule 91 of the Rules of Procedure with a view to determining whether an action may be brought before the European Court of Justice."

In effect, Parliament, the higher authority, voted to threaten legal action against its administrative agency, the Commission, for issuing a statement that even might have been interpreted as "approval" of data transfers to the USA without first ensuring that EU privacy law would be complied with.

On 9 October 2003, the European Parliament adopted an even more strongly-worded resolution noting "the fact that it is currently not possible to consider the data protection provided by the US authorities to be adequate" and ordering the Commission, within at most 2 months, to take action "to deny airlines and computerised information systems any access and/or transfer [of personal data on passengers] which is not in accordance with the principles" of EU law.

The problem is that the DHS is refusing to negotiate in good faith with the EU, a concern explicitly raised in the European Parliament resolutions. In particular, the DHS has refused even to consider the simplest and most obvious way out of the impasse: the enactment by the USA of adequate protections for travel data.

As I've discussed previously , the EU has never objected to international passenger data transfers per se , which occur constantly within the EU and with other countries. The only EU objection has been to personal data transfers to countries like the USA without adequate privacy laws for travel data. And the easy way out -- for everyone except those with other, sub rosa agendas to use travel data for surveillance or other nefarious purposes that such a law wouldn't permit -- is for the USA to enact an adequate travel data privacy law. (At present we have none at all, adequate or otherwise.)

The failure of the so-called Chief Privacy Officer for the DHS to do her job and propose such a travel privacy law, as well as the propagation by the DHS of misstatements about the USA-EU negotiation such as those that were fed to Mr. Tagliabue of the Times , makes it increasingly questionable whether she and the DHS are functioning as privacy advocates or as privacy invasion apologists.

Link | Posted by Edward on Saturday, 1 November 2003, 16:49 ( 4:49 PM) | TrackBack (0)
Comments
Post a comment









Save personal info as cookie?