Thursday, 8 April 2010

Testimony to Members of the European Parliament

Hearing in the Petra Kelly Room, European Parliament, Brussels
[Hearing in progress. MEP Jan Philipp Albrecht in the chair, center.]

Edward Hasbrouck and Peter Hustinx
[My presentation. European Data Protection Supervisor Peter Hustinx at right.]

I’m testifying Thursday afternoon in Brussels (Thursday morning in the USA) on the hotly debated proposed agreement between the EU and the U.S. Department of Homeland Security on transfers of Passenger Name Records (PNRs) from the European Union to the DHS at a public hearing on “Protection of Personal Data in Transatlantic Security Cooperation: SWIFT, PNR & Co. - which way forward?”, hosted by Jan Philipp Albrecht, Member of the European Parliament. 14:00-17:00, European Parliament, Brussels, room ASP 1G-3 (Petra Kelly Room). Open to the public, but prior arrangement required for access to the building. Note that the video is best viewed with the slides open in a separate window, since only the speakers, not the slides, are visible on the video.

Speakers at the hearing
[On the dias, left to right: Peter Hustinx (EDPS), Edward Hasbrouck, MEP Jan Philipp Albrecht, Prof. Paul de Hert, Despina Vassiliadou (European Commission), Dr. Patrick Breyer.]

Additional information:

Update: As I said at the start of my testimony, my role as an American technical expert was to inform MEP’s and other EU policy-makers about the PNR ecosystem, how PNRs are actually used in the USA and other countries, and what has happened when people have tried to obtain their own travel records — not to tell Europeans what policies they should adopt.

But at the end of the hearing, the chair (MEP Jan Albrecht) asked each of the witnesses, including me, to say what we thought would be the most important things to include in a new agreement on PNR between the EU and the USA. As it happens, I had exactly five items on my own list of prerequisites needed for a new PNR agreement to be effective (beginning at 1:16:00 of part 2 of the archived video):

  1. It must be a treaty, so that it is binding on the USA. (Under the U.S. Constitution, a treaty ratified by the Senate is the only binding form of international instrument.)

  2. It must be preceded by enforcement of existing EU data protection law as it applies to PNR data in the commercial sphere, and the necessary infrastructure changes (especially by the major CRS’s) to bring them into compliance with EU law when they handle personal data collected in the EU, or transfer it to the USA or other countries. (Many changes are required, but the most important first steps are for EU data protection authorities to place Sabre, Travelport, and Amadeus under the microscope, and for CRS’s to add access logs to PNR “histories” or change logs, using the same controls to prevent deletion or modification of access logs as are currently used to prevent alteration of PNR history data.)

  3. The US Privacy Act must be amended to extend its protections and the right of private enforcement action in US courts to all data subjects regardless of nationality or residence.

  4. The USA must withdraw its reservation that the International Covenant on Civil and Political Rights (Article 12 of which guarantees the right of freedom of movement) is not self-effectuating, and must enact effectuating legislation creating a private right of action under US Federal law for violations of the ICCPR, and giving US Federal courts jurisdiction to hear such cases.

  5. The USA must create, and allow in practice, a right of private legal action and judicial review in US Federal courts (for all people regardless of citizenship or residence) of all no-fly decisions and any other decisions made in whole or in part on the basis of PNR data.

Further update: My testimony is at the start of Part 2 of the video archive. The most detailed account of the hearing to date is in German in Heise, which also links back to their earlier report on my request to KLM for their PNR and other data about me. My similar request to Air France is still pending with the French data protection authority, CNIL. If you aren’t already familiar with the issues, my podcast interview from HAX’s blog provides a more accessible introduction.

Link | Posted by Edward on Thursday, 8 April 2010, 00:01 (12:01 AM)

The people that want to create a lawless world where there are NO rights and the government can kill anyone it wants, anytime for any reason...... Like the drone attacks on the people of Pakistan.... the targeted killings by Israel and the American Gulag in Guantanamo. They want absolute obedience or you are dead or disappeared....

No more rights in America, just lies and spin by our Neocon masters who want to rule the world....

Posted by: thomas, 10 January 2011, 06:45 ( 6:45 AM)

"The Discreet Charm of Passenger Data: Big Data Surveillance Coming Home" (by Rocco Bellanova, Peace Research Institute Oslo, 14 January 2016):

Posted by: Edward Hasbrouck, 14 January 2016, 11:18 (11:18 AM)

"Passenger Name Records,data mining & data protection: the need for strong safeguards"

Council of Europe, Directorate General Human Rights and Rule of Law, Consultative Committee of the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (T-Pd), 15 June 2015:

"'Europe' must... examine the highly credible claims by Edward Hasbrouck... that the USA has been systematically violating previous agreements, and is still systematically bypassing European data protection law, by accessing the CRSs used in global airline reservation systems hosted in the USA to obtain full PNR data on most flights, including most European flights (including even entirely intra-European ones), outside of any international agreements....

"In our opinion, plugging this massive 'hole' in the EU-US PNR arrangements should be a top priority for anyone concerned about the uses of these big datasets by the US 'intelligence' agencies. Until this is done, and strong safeguards are in place that actually in practice prevent the transfer of PNR data by European airlines to the USA – and to other countries... – the existing EU-US PNR Agreement is simply window-dressing: it is meaningless in practice."

Posted by: Edward Hasbrouck, 17 September 2018, 13:42 ( 1:42 PM)
Post a comment

Save personal info as cookie?

Bio | Blog | Blogroll | Books | Contact | Disclosures | Events | FAQs & Explainers | Home | Newsletter | Privacy | Resisters.Info | Search | Sitemap | The Amazing Race | The Identity Project | Travel Privacy & Human Rights | Twitter

"Don't believe anything just because you read it on the Internet. Anyone can say anything on the Internet, and they do. The Internet is the most effective medium in history for the rapid global propagation of rumor, myth, and false information." (From The Practical Nomad Guide to the Online Travel Marketplace, 2001)
RSS 2.0 feed of this blog
RSS 2.0 feed of this blog
RSS 1.0 feed of this blog
Powered by
Movable Type Open Source
Movable Type Open Source 5.2.13

Pegasus Mail
Pegasus Mail by David Harris