Friday, 16 January 2004

"Statewatch" on proposed USA-EU agreement on airline passenger data

From the UK, Statewatch ("monitoring the state and civil liberties in the European Union") has a detailed report and analysis of the status and possible next steps in the EU on transfers of airline passenger data to the USA.

Statewatch editor Tony Bunyan summarizes the conclusions thusly:

It is very hard to see how the Commission can come to the conclusion that the safeguards on access to PNR data are "adequate" under Article 25 of the EC Directive on Data Protection. All the evidence coming out of the USA shows that this data will be: accessed by a multitude of agencies, is intended to be integrated into the US-VISIT and CAPPS II projects, and will be used to create lifetime travel dossiers on everyone flying to and travelling within the USA.

As the Statewatch analysis shows, the more closely one looks at the record of the European Commission's proposed agreement with the USA, and its presentaiton to the European Parliament at a joint committee meeting 16 December 2003, the more problems emerge. For example:

Replies by two Commissioners to questions put by MEPs on the Committee reveal other, deeper, problems. Commissioner de Palacio made the extraordinary statement that "the United States actually have a data protection system as well as a system for the protection of privacy". The USA does not have a data protection law and its Privacy Law only protects US citizens' rights not those of foreigners.

Commissioner Bolkestein also told the Committee that "only the Department of Homeland Security, not other agencies" would get access to passenger data unless there was a court order. This statement is incorrect.

The US-VISIT Program, Increment 1, Privacy Impact Assessment (dated 18.12.03) says that the information will be accessed by "employees of DHS components - Customs and Border Protection, Immigration and Customs Enforcement, Citizenship and Immigration Services and the Transportation Security Administration." The US-VISIT report adds that access will also be given to "consular officers of the State Department. Additionally, the information may be shared with other law enforcement agencies at the federal level, state, local, foreign or tribal level, who in accordance with their responsibilities, are lawfully engaged in collecting law enforcement intelligence information (whether civil or criminal)"

Thus numerous US agencies, at all levels, will "share" the information and add their own observations. During the negotiations on data protection clauses in the EU-USA agreements on extradition and judicial cooperation the US side admitted that they had no idea how many law enforcement agencies would have access to data collected from airlines computer reservations systems (CRS) in the EU.

Statewatch also analyzes The next steps - a formal agreement has to be adopted by the Commission

The agreement signed on 16 December ... has to be adopted as a formal decision by the European Commission.... The formal decision is taken by the Commission's Article 31 Committee comprised of representatives of each EU member state which decide by majority voting. The powers of the European Parliament to intervene are very limited, it can only pass a Resolution on the grounds that the draft implementing measure "would exceed the implementing powers provided for in the basic instrument". The EU's Article 29 Working Party on Data Protection also has to be consulted for its opinion - which is unlikely to be favourable as they have: "declined to adopt or approve the text, on the grounds that the transfer of PNR to the US are in any case illegal and nothing should be done to blur that fact".

Statewatch predicts that "the Commission will produce a draft at the beginning of February." It remains unclear when the actual text of the proposed agreement will be made public, or how many more surprises -- like the "side agreement" to allow use of data from the EU in CAPPS-II testing -- it may still hold.

Link | Posted by Edward on Friday, 16 January 2004, 11:08 (11:08 AM) | TrackBack (0)
Comments
Post a comment









Save personal info as cookie?