Wednesday, 17 December 2003
European privacy watchdogs denounce airline reservation data transfers to the USA
Leading European privacy watchdog organizations are denouncing the European Commission's acquiscence to ongoing wholesale transfers of airline reservation data to the USA, in violation of European Union laws and in defiance of a directive from the European Parliament to take action to bring airlines and computerized reservation systems operating in the EU into compliance with EU law.
Following are excerpts from some of their comments:
- Andreas Dietl, EU Affairs Director of European Digital Rights , a Brussels-based international non-profit association of NGO's:
If this is how Commissioner Bolkestein understands "enforcing European law", it is time for him to resign. The decision to transfer 34 fields of personal data to the U.S. for every single passenger crossing the Atlantic is a manifest breach of these very laws. The fact that the U.S. initially wanted even more data to be stored for a de facto unlimited period does not make this deal any more acceptable.
What remains fact is: There is no way for airline passengers to verify that their personal data is not used for any puposes other than those specified in the agreement with the EU; that it is not being transfered to any other authorities of the U.S. and deleted after 42 months.
As the U.S. have no data protection or privacy law applying to non-U.S. citizens, it is more than likely that the data will be transmitted generously to the most different U.S. government agencies, in the databases of which it may be retained for many
It would be the task of the EU Commission to prevent such an abuse of EU citizen's personal data. The Commission has failed to fulfill that task. The European Parliament should now draw the consequences and bring the Commission before the European Court of Justice for breach of the EU Data Protection Directive.
- Gus Hosein, Privacy International , a London-based global human rights organization and sponsor of the worldwide Big Brother Awards :
This is a significant victory for the U.S. Department of Homeland Security, and a loss for Europeans. The EU Commission claims that the U.S. is going to treat the data as adequate are unbelievable and offensive to Europeans who value their privacy. This move by the EU will lead every other jurisdiction to adhere to U.S. wishes even against their own sensibilities.
This is the EU privacy regime being circumvented and rewritten based on the wishes of the U.S. authorities. The U.S. law on this matter is very simple and undemanding; the expansive interpretation of the law by U.S. law enforcement authorities is the issue at stake. The EU has therefore relinquished the privacy rights of Europeans based on mere interpretations and bullying from U.S. agencies, not the will of the American people or American legal requirements.
- Tony Bunyan, editor of Statewatch , the research and education operation of a UK non-profit association monitoring the state and civil liberties in the European Union:
What is quite unforgivable is that the European Commission thinks that the EU-USA deal -- with a state which has no data protection laws and no intention of adopting them -- is a better basis for a global standard than the EU's data protection laws which have served as a model for many countries around the world.
I've also been told, by a journalist who was in attendance at the USA Department of Homeland Security press briefing yesterday in Washington, DC, that the DHS said that what it was describing as an "agreement" with the EU (actually a proposal by the European Commission to the European Parliament) would permit the use of data collected in the EU for testing of the CAPPS-II airline passenger profiling and surveillance system.
But there was no mention of CAPPS-II testing in the proposal itself, or in any press statement by the USA made in writing or disseminated outside the USA. And the proposal explicitly excludes CAPPS-II, with no exception for testing or anything else:
The Department of Homeland Security was keen to see the Transportation Security Administration's CAPPS II (Computer Assisted Passenger Pre-Screening System) scheme covered by the agreed legal framework. The Commission has successfully resisted this pressure on the grounds that it can only take a position once internal US processes have been completed and once it is clear that Congress's privacy concerns regarding CAPPS II have been met. CAPPS II will thus be addressed only in a second round of talks.
It appears that the DHS is attempting to distort the EC proposal to avoid having the lack of agreement with the EU, and the incompatibility of CAPPS-II with existing EU law, stand in the way of CAPPS-II testing.
Let's hope that Memebers of the European Parliament and the European Commission speak up promptly to correct any DHS "misunderstanding", and let the DHS and other USA agencies know that no EU agency has approved or authorized the use of EU data for any CAPPS-II purpose, including testing.
Even if approved, the EC proposal would not authorize use of EU data for CAPPS-II, which would require an entire separate agreement. Any batch of real reservations will include some data from the EU, and any airline, CRS, or other company that operates in the EU and provides or uses reservation data for CAPPS-II testing will be violating EU law.Link | Posted by Edward on Wednesday, 17 December 2003, 19:10 ( 7:10 PM)