Thursday, 8 April 2010

Testimony to Members of the European Parliament

Hearing in the Petra Kelly Room, European Parliament, Brussels
[Hearing in progress. MEP Jan Philipp Albrecht in the chair, center.]

Edward Hasbrouck and Peter Hustinx
[My presentation. European Data Protection Supervisor Peter Hustinx at right.]

I'm testifying Thursday afternoon in Brussels (Thursday morning in the USA) on the hotly debated proposed agreement between the EU and the U.S. Department of Homeland Security on transfers of Passenger Name Records (PNR's) from the European Union to the DHS at a public hearing on "Protection of Personal Data in Transatlantic Security Cooperation: SWIFT, PNR & Co. - which way forward?", hosted by Jan Philipp Albrecht, Member of the European Parliament. 14:00-17:00, European Parliament, Brussels, room ASP 1G-3 (Petra Kelly Room). Open to the public, but prior arrangement required for access to the building. Note that the video is best viewed with the slides open in a separate window, since only the speakers, not the slides, are visible on the video.

Speakers at the hearing
[On the dias, left to right: Peter Hustinx (EDPS), Edward Hasbrouck, MEP Jan Philipp Albrecht, Prof. Paul de Hert, Despina Vassiliadou (European Commission), Dr. Patrick Breyer.]

Additional information:

Update: As I said at the start of my testimony, my role as an American technical expert was to inform MEP's and other EU policy-makers about the PNR ecosystem, how PNR's are actually used in the USA and other countries, and what has happened when people have tried to obtain their own travel records -- not to tell Europeans what policies they should adopt.

But at the end of the hearing, the chair (MEP Jan Albrecht) asked each of the witnesses, including me, to say what we thought would be the most important things to include in a new agreement on PNR between the EU and the USA. As it happens, I had exactly five items on my own list of prerequisites needed for a new PNR agreement to be effective (beginning at 1:16:00 of part 2 of the archived video):

  1. It must be a treaty, so that it is binding on the USA. (Under the U.S. Constitution, a treaty ratified by the Senate is the only binding form of international instrument.)

  2. It must be preceded by enforcement of existing EU data protection law as it applies to PNR data in the commercial sphere, and the necessary infrastructure changes (especially by the major CRS's) to bring them into compliance with EU law when they handle personal data collected in the EU, or transfer it to the USA or other countries. (Many changes are required, but the most important first steps are for EU data protection authorities to place Sabre, Travelport, and Amadeus under the microscope, and for CRS's to add access logs to PNR "histories" or change logs, using the same controls to prevent deletion or modification of access logs as are currently used to prevent alteration of PNR history data.)

  3. The US Privacy Act must be amended to extend its protections and the right of private enforcement action in US courts to all data subjects regardless of nationality or residence.

  4. The USA must withdraw its reservation that the International Covenant on Civil and Political Rights (Article 12 of which guarantees the right of freedom of movement) is not self-effectuating, and must enact effectuating legislation creating a private right of action under US Federal law for violations of the ICCPR, and giving US Federal courts jurisdiction to hear such cases.

  5. The USA must create, and allow in practice, a right of private legal action and judicial review in US Federal courts (for all people regardless of citizenship or residence) of all no-fly decisions and any other decisions made in whole or in part on the basis of PNR data.

Further update: My testimony is at the start of Part 2 of the video archive. The most detailed account of the hearing to date is in German in Heise, which also links back to their earlier report on my request to KLM for their PNR and other data about me. My similar request to Air France is still pending with the French data protection authority, CNIL. If you aren't already familiar with the issues, my podcast interview from HAX's blog provides a more accessible introduction.

Link | Posted by Edward on Thursday, 8 April 2010, 00:01 (12:01 AM) | TrackBack (0)
Comments

The people that want to create a lawless world where there are NO rights and the government can kill anyone it wants, anytime for any reason...... Like the drone attacks on the people of Pakistan.... the targeted killings by Israel and the American Gulag in Guantanamo. They want absolute obedience or you are dead or disappeared....

No more rights in America, just lies and spin by our Neocon masters who want to rule the world....

Posted by: thomas, 10 January 2011, 06:45 ( 6:45 AM)
Post a comment









Save personal info as cookie?