Wednesday, 7 August 2019

European Commission doesn't want to enforce its CRS rules

In May 2017 the European Commission finally agreed to investigate my longstanding complaint that the lack of adequate access controls or access logging for airline reservation data stored by computerized reservation systems (CRSs) violates the data protection provisions in Article 11 of the European Union's Code of Conduct for Computerized Reservation Systems.

More than two years later, I've finally received the first substantive response to my complaint: a letter from the European Commission proposing to deny my complaint for lack of jurisdiction, on the absurd grounds that data security is not regulated by the Code of Conduct for CRSs (even though the Code of Conduct includes an entire article on "Processing, access and storage of personal data" which requires that "technical and organizational measures shall be taken to prevent the circumvention of data protection rules through the interconnection between the databases and to ensure that personal data are only accessible for the specific purpose for which they were collected"), that the situation described in my complaint doesn't actually implicate these provisions of the Code of Conduct (?), and that complaints of violations of data protection rules must "in the first instance" be made before other authorities pursuant to the General Data Protection Regulations (notwithstanding the explicit provision of the Code of Conduct that its data protection rules "are complementary to and shall exist in addition to the data subject rights laid down by" the GDPR).

I've responded to the Commission with an explanation of why it should investigate and act on my complaint without further delay.

I don't know why the European Commission is so eager not to enforce its own regulations. I'm not alone in my puzzlement: That question was asked last year, without getting an answer, at a hearing in the European Parliament concerning the status of the Code of Conduct for CRSs. Similar questions about the lack of enforcement by the European Commission of the Code of Conduct for CRSs have been asked by European advocates for the rights of airline passengers.

In December 2018, the European Commission concluded a public consultation on whether the Code of Conduct for CRSs should be retained, repealed, or amended. (See my submission to the consultation.) But the European Commission has not yet released the results of that consultation or its recommendations for legislative action.

Link | Posted by Edward on Wednesday, 7 August 2019, 10:56 (10:56 AM)
Comments

Message from the European Commission, 3 August 2020:

Dear Mr Hasbrouck,

Please accept our apologies. As you will understand, COVID-19 pandemic has had a particular impact on the aviation sector, and the short-term regulatory response required, has resulted in some unforeseen delays.

We hope and expect to be able to revert to you as soon as possible in the autumn concerning your complaint.

Best regards,

Deputy Head of Unit

European Commission
Directorate-General for Mobility and Transport
Unit DDG2.E.1 Aviation Policy

Posted by: Edward Hasbrouck, 5 August 2020, 14:25 ( 2:25 PM)
Post a comment









Save personal info as cookie?








Bio | Blog | Blogroll | Books | Contact | Disclosures | Events | FAQs & Explainers | Home | Newsletter | Privacy | Resisters.Info | Search | The Amazing Race | The Identity Project | Travel Privacy & Human Rights | Twitter

"Don't believe anything just because you read it on the Internet. Anyone can say anything on the Internet, and they do. The Internet is the most effective medium in history for the rapid global propagation of rumor, myth, and false information." (From The Practical Nomad Guide to the Online Travel Marketplace, 2001)
RSS 2.0 feed of this blog
RSS 2.0 feed of this blog
RSS 1.0 feed of this blog
Powered by
Movable Type Open Source
Movable Type Open Source 5.2.13

Pegasus Mail
Pegasus Mail by David Harris
Notices