Monday, 20 October 2003
European Parliament resolution on travel data transfers to the USA
On 9 October 2003 the full European Parliament adopted a resolution finding that "it is currently not possible to consider the data protection [for travel reservation records] provided by the US authorities to be adequate" and calling for enforcement action if adequate privacy safeguards for travel records aren't put in place by 1 December 2003.
The crux of the EU complaint is not per se the transfer of data to the USA. Huge volumes of personal data (including travel data) are transferred across international boundaries between EU countries every day. But EU laws require that personal data can only be transferred to countries that provide minimally adequate privacy prootections for that data once it leaves the EU -- which the USA does not.
All that the EU has asked is that, before demanding data from Europe and about European citizens, the USA put in place a framework of privacy protection -- consistent with international norms -- comparable to that which is already in place in the EU, Canada, and many other countries. Once that is done, data can be transferred freely, with privacy protection assured.
It's common, although mistaken, to assume that more security inevitably requires less privacy. But there is no conflict on this issue between privacy and security. Both can be protected, just as they are in Europe (which has long had much more airline and airport security systems than the USA) and Canada.
If the DHS, and especially its Chief Privacy Officer, were sincere about being committed to privacy as well as secuirty, they'd be taking the lead in pressuring Congress to enact a travel privacy law, so that they could move forward with any security measures that require access to reservation data. Instead, the DHS is leading the oppostion to the privacy legislation that is the prerequisite to cooperation with the EU and Canada on aviation security. It's hard to escape the conclusion that the real interest of the DHS is in surveillance, not security.
Statewatch (UK) has the full text of the resolution as well as a a new Observatory on the exchange of PNR data on passengers with the USA with lots of background information and links to their previous coverage of the issue.
Following passage of this resolution, European Commissioner Fritz Bolkestein met in Washington last week with Secretary of Homeland Security Tom Ridge. According to this report in the Financial Times, Ridge agreed to postpone enforcement action against airlines that don't turn over their passenger records to the USA until 14 October 2003. But by all accounts Ridge and the DHS remained unwilling either to scale back their demands for data, or to agree to enact meaningful privacy protection for travel data in the USA. (And the desire of the DHS for huge amounts of irrelevant data has become the butt of jokes like this in the European press.)Link | Posted by Edward on Monday, 20 October 2003, 20:41 ( 8:41 PM)