European Commission caves in to US demands for airline and shipping passenger lists
- data protection law by-passed
- UK first EU government to back US scheme
- Spain proposes similar scheme within the EU



See major updates on 27 February and 3 March 2003:
1.
US Customs to have direct access to EU airline reservation databases
2.
EU Working Party on data protection findings on proposal
3.
see also (3.3.03): EU data protection chair calls for US access to passenger details to be postponed: Report

Filed 20.2.02

The European Commission has caved in to US demands that all airlines flying from the EU have to provide passenger details from 5 March 2003. The "deal" was agreed between the US Deputy Customs Commissioner, Douglas Browning and Commission officials on Wednesday 19 February. A Commission official said that: "We think that assurances given by the USA are sufficient on law".

This is a so-called "transitional system" which at some point in the future will be replaced by formal legislation.



Story filed on 13.2.02

The USA has told the European Commission that that all transatlantic carriers (ships and planes) from the EU provide full passenger lists to them prior to departure or face hefty fines by the end of February. There will be a meeting between Commission officials and US Customs agents (who now come under the US Department for Homeland Security) next week. However, the collection and exchange of such data by EU companies is not possible under the EC Directive on data protection.

The USA does not have a data protection law. Moreover, as negotiations over an US-Europol agreement on mutual assistance in judicial matters has shown, the USA has no intention of introducing such a law nor does it know how many of its agencies have access to personal data. Personal details on passengers could be passed to a myriad of agencies in the USA for other surveillance purposes and further exchanged with other countries.

On 4 January the US Department of Justice, Immigration and Naturalisation Service, published a new rule on "Manifest Requirements Under Section 231 of the Enhanced Border Security and Visa Entry Act of 2002." This:

"requires the submission of arrival and departure manifests electronically in advance of an aircraft or vessel's arrival in or departure from the United States"

The penalty for failure to comply is:

"$1,000 per violation.. on a carrier for each person for whom an accurate and full manifest is not submitted"

The list must also include crew members and "any other occupants transported".

In order to put this new measure into practice the USA is extending APIS (Advance Passenger Information System) currently operated by two governments - Australia and New Zealand. The information to be supplied must cover: complete name, date of birth, citizenship, sex, passport number and country of issuance, country of residence, alien registration (where applicable), address while in the USA, and:

"other such information as the Attorney General determines is necessary for the identification of persons transported, for the enforcement of immigration laws, and to protect public safety and national security"

The US Attorney General has already decided that the data provided should include adding a "Passenger Name Record (PNR) locator or a unique identifier or reservation number".

Passenger manifests must be sent to the USA authorities:

"no later than 15 minutes after the flight departs.. this will allow the Service to check the manifest against the appropriate security databases prior to arrival"

Airlines flying out of the USA have to supply passenger manifests 15 minutes before the departure of the flight to allow vetting by security agencies - this is how the Australian APIS system works so it might expected in the future that the USA will make similar demands on EU airlines so that suspected "security" risks can be refused boarding to the plane.

Shipping companies have to submit a manifest not less than 96 hours before arrival in USA or 24 hours if the journey is short.

Personal data on passengers will be exchanged in a standard format known as: the UN Electronic Data Interchange for Administration (EDIFACT) and:

"the governments of Canada, Mexico, New Zealand, Australia and the United Kingdom all support the conversion to APIS UN EDIFACT format in an effort to establish worldwide format standard for the electronic transmission of arrival and departure manifests"

This is one of a whole series of demands that have been made on the EU by the USA in the name of their "war on terrorism." For example see: EU member state by-pass Commission to give US access to containers at ports

The UK is cited as being in favour of a world-wide APIS system but when the Home Secretary suggested it .. there were fierce objections by the airlines and civil liberties groups, see: UK government demanding that airlines collect personal data on every passenger

In the Council of the European Union's Working Party on Frontiers the Spanish delegation are pushing a proposal along similar lines should be introduced within the EU to combat "terrorism and illegal immigration". In a document dated 9 January 2003 Spain proposes that data on passengers is "conveyed immediately to the border control authorities in the Member State of destination, this would ensure that a period of time is available to perform a detailed analysis, on the basis of each specific situation or of each passenger's country of departure." (doc no: 5174/03)

Tony Bunyan, Statewatch, editor comments:

"The EU has to decide whether it is going to yet again be bounced into a hasty, unscrutinised, decision or whether it is going to ensure that such a proposal is properly considered by national and European parliaments and civil society. It is extremely difficult to see how such a proposal could comply with the EU Data Protection Directive and the European Convention on Human Rights when the USA has no data protection laws and its Attorney General has the powers to demand additional information at will.

It is extraordinary that the USA have found the legislative time to pass two extensive anti-terrorist measures - the Patriot Act and the Homeland Security Act - and is planning a third, the Domestic Security Enhancement Act of 2003, yet consistently refuses to consider a law meeting basic standards of privacy and data protection. It is time the EU stood up for peoples' rights and democratic decision-making"

Full-text: US Manifest Requirements (Word file)



Statewatch News online | Join Statewatch news e-mail list | Statewatch websites