Observatory on the exchange of data on passengers (PNR) with USA


EU: YET ANOTHER BAD DAY FOR CIVIL LIBERTIES: MEPs back plans to give air passenger data to US (BBC News, link). "The European Parliament has adopted a controversial bill that will give the United States access to personal information about airline passengers. MEPs agreed by 409 votes to 226 to let the US Department of Homeland Security see data on the Passenger Name Record (PNR)" The two major parties blocs - PPE (conservative group) and S&D (socialist group) were committed to voting in favour.

EU: Another bad day for civil liberties: European Parliament: Civil Liberties Committee green light for air passenger data deal with the US (pdf):

The EU-US PNR deal was approved with 31 votes in favour, 23 against and one abstention. The EPP and ECR groups voted in favour. In a debate last February, a number of MEPs said that it was better to have an agreement, albeit not entirely satisfactory, than to have no agreement at all. The ALDE, Greens/EFA and GUE/NGL groups voted against, because they consider that data protection safeguards foreseen in the agreement do not meet EU standards. S&D MEPs were split.

UPDATED: EU-USA PNR AGREEMENT: European Parliament: Draft report: Calls for the parliament to withhold its consent: DRAFT RECOMMENDATION: on the draft Council decision on the conclusion of the Agreement between the United States of America and the European Union on the use and transfer of Passenger Name Records to the United States Department of Homeland Security Rapporteur: Sophia in 't Veld (pdf), Rapporteur: Sohie in `t Veld

EU-USA-PNR: Draft report to the European Parliament's Civil Liberties Committee (LIBE): Draft report (pdf) and Comparative chart of the key provisions in the 2004, 2007 and 2011 agreements (pdf): The EU US PNR Agreement Draft report will be presented in the LIBE Committee meeting of 27 February 2012 by rapporteur Sophie In 't Veld MEP who will recommend the European Parliament to withhold its consent.

EU-USA PNR SCHEME: "the Working Party notes (modest) improvements in the draft agreement, but does not see its serious concerns removed" Article 29 Working Party on data protection: Letter to the Civil Liberties Committee of the European Parliament (pdf)

EU-USA-PNR AGREEMENT: Analysis:
A Review of the Annexes to the EU-USA PNR THE EU-USA PNR Agreement and related press release (pdf) by Chris Pounder: "the comments in the margin explain why I think this Press Release turns “misleading by omission” into an art form." And see: Commission press release (pdf)

EU-USA PNR: European Data Protection Supervisor (EDPS):
EDPS issues an opinion on the new EU-US Passenger Name Record agreement (Press release, pdf) and Opinion (pdf): The EDPS comments:

""Any legitimate agreement providing for the massive transfer of passengers' personal data to third countries must fulfil strict conditions. Unfortunately, many concerns expressed by the EDPS and the national data protection authorities of the Member States have not been met. The same applies to the conditions required by the European Parliament to provide its consent."

"- the 15-year retention period is excessive: data should be deleted immediately after its analysis or after a maximum of 6 months;
- the purpose limitation is too broad: PNR data should only be used to combat terrorism or a well defined list of transnational serious crimes;
- the list of data to be transferred to the DHS is disproportionate and contains too many open fields: it should be narrowed and exclude sensitive data;
- there are exceptions to the "push" method: these should be removed, the US authorities should not be able to access the data directly ("pull" method);
- there are limits to the exercise of data subjects' rights: every citizen should have a right to effective judicial redress;
- the DHS should not transfer the data to other US authorities or third countries unless they guarantee an equivalent level of protection."

EU-USA PNR: Council of the European Union: Council gives green light for the new EU-US agreement on Passenger Name Records (PNR) (pdf). The European Parliament has to give its "consent" before it can be formally adopted. See: Commission proposal for a: Council Decision on the signature of the Agreement between the United States of America and the European Union on the use and transfer of Passenger Name Records to the United States Department of Homeland Security (COM 805, pdf).

EU-USA-PNR: UK House of Lords' European Union Committee Newsletter (6 December 2011):

"The EU has entered into three consecutive agreements with the US on the use and transfer of Passenger Name Record (PNR) data to the US Department of Homeland Security for use in the fight against terrorism and serious crime. PNR data are a vital element in that fight, but inevitably this raises serious data protection issues. The EU has this year been negotiating a fourth agreement with the US, intended to have a higher degree of permanence. The Sub-Committee has seen it in draft and commented on it. A final text – or what is intended to be a final text – has now been agreed and deposited for scrutiny in the hope that it can be signed and concluded by the Council on 13 December. The Government has left very little time for scrutiny by national parliaments, and the consent of the European Parliament cannot be taken for granted." (emphasis added)

EU-USA PNR DEAL: Commission proposal for a: Council Decision on the signature of the Agreement between the United States of America and the European Union on the use and transfer of Passenger Name Records to the United States Department of Homeland Security (COM 805, pdf). See: Revised EU-US agreement on PNR data still protects only travel companies, not travellers (Identity Project, link)

EU-USA-PNR: NGOs letter to the European Parliament: Information on the upcoming vote on the EU-USA PNR Agreement (pdf): Signed by nineteen NGOs including Statewatch:

"the EU-US PNR agreement not provide any benefit to European citizens. The proposed Council Decision places all of the legal burdens on the EU without requiring corresponding obligations from the USA. Under the proposal, the EU is expected to provide support from both Council and the EP, but neither the US President nor Senate is bound by this agreement. Only an international treaty with strong data protection safeguards based on European standards,
which is also ratified by the US Senate, can provide improved legal security and protection of European citizens. Therefore we ask you to reject the agreement."

EU-USA-PNR AGREEMENT: Draft declarations regarding the draft Agreement on the use and transfer of Passenger Name Records by air carriers to the United States Department of Homeland Security (EU doc no: 16981-11,pdf). See also Draft Article 17 - May 2011 (pdf) and Draft Article 23 - May 2011 (pdf)

EU-USA PNR DEAL: Commission proposal for a: Council Decision on the signature of the Agreement between the United States of America and the European Union on the use and transfer of Passenger Name Records to the United States Department of Homeland Security (COM 805, pdf). See: Revised EU-US agreement on PNR data still protects only travel companies, not travellers (Identity Project, link)

EU: European Commission's Legal Service says EU-USA PNR agreement is "not compatible with fundamental rights"

- Scope covers minor crimes: "proportionality of the agreement in question"
- R
etention period goes far beyond that of the Agreement with Australia
- Agreement extended to cover US border security: "which is not linked to the purpose of preventing terrorism or serious crime"
- "no judicial redress to data subjects"
- "no guarantee of independent oversight"
-
Legal Service advice ignored

See: Note from Commission Legal Services to DG Home Affairs (18.5.11, pdf), EU-US PNR Agreement (20.5.11, pdf) and Air passenger data plans in US-EU agreement are illegal, say lawyers (Guardian, link, pdf).

EU-USA PNR (Passenger Name Record): Draft Agreement between the USA and the EU on the use and transfer of Passenger Name Record data to the US Department of Homeland Security (EU doc no: 10453-11, 20.5.11, pdf)

See also: US to store passenger data for 15 years - Draft of Washington-EU deal leaked to the Guardian shows agreement 'violates basic European principles' (Guardian, link)

EU-USA PNR AGREEMENT: Agreement between the European Union and the United States of America on the processing and transfer of passenger name record (PNR) data by air carriers to the United States Department of Homeland Security (DHS) – Declarations made in accordance with Article 24(5) TEU - State of Play (pdf). Eleven EU member states have to ratify agreement before it comes "officially" into operation. See: Statewatch's: Observatory on the exchange of data on passengers (PNR) with USA

EU-USA-PNR: US Department of Homeland Security: Privacy Office: A report concerning Passenger Name Record information derived from flights between the US and the European Union (pdf). Using a ludicrously small number of samples, ie, six to seven, the DHS Privacy Office found that:

- "requests for PNR took more than one year to process" - far exceeding the legal time limits in the US Privacy Act and Freedom on Information Act and there were "inconsistencies" as to which "information was redacted" (censored);

- individuals requesting "all data" are not given their PNR data;

- as a result of the majority of individuals who should have been sent their PNR data were not

- there was a large backlog of unanswered requests because of lack of staff.

For background see: Can you really see what records are kept about your travel? (Edward Hasbrouck's blog)

EU-US-PNR:
Letter from AFL-CIO to Chertoff (pdf) The American Federation of Labor and Congress of Industrial Organisations' letter to the Secretary of the US Homeland Security Department, Mr Chertoff, protesting at the collection and processing of "sensitive" information, including trade union membership, under the EU-US PNR (passenger name record) agreement.

In this context it is interesting to note a) that the latest draft of the EU's draft Decision on data protection in police and criminal matters (see News online) has significantly weakened the safeguards on the processing of "sensitive data" - the Decision will allow the transfer of data to the USA and other third states; and b) under the agreed EU Reform Treaty foreign policy data protection now comes under the continuing "second pillar" (defence and foreign affairs) where foreign policy-making rules will apply. This will allow the Council to conclude international agreements, like the EU-US PNR one, without any role for national and European parliaments. Also see: US demands 10 year ban on access to PNR documents

EU-US-PNR AGREEMENT: Final version of the 2007 Agreement (OJ, pdf)

EU-US-PNR: Eleven MEPs from the ALDE (LIberal group) in the European Parliament have lodged requests with the Council of the European Union and the European Commission for access to:

"to all the documents related to:

- the negotiation of the 2007 Agreement between the European Union and the United States of America on the processing and transfer of passenger name record (PNR) by air carriers to the United States Department of Homeland Security (DHS), as well as to the documents related to the confidentiality of negotiations documents;

- the works of the EU-US High Level Contact Group on Data Protection"


-
Full-text of the requests for access to PNR documents

See:
Story below.

EU-USA: SPECIAL: US demands 10 year ban on access to PNR documents

The US government has written to the Council of the European Union - seven days after it was signed - asking it to agree that all the documents regarding the negotiations leading to the controversial new EU-US PNR (passenger name record, signed on 23 July 2007) agreement be kept secret

EU-US PNR agreement: US changes the privacy rules to exemption access to personal data

- USA to give exemptions for the Department of Home Security from its Privacy Act
- USA to give exemptions for the "Arrival and Departure System" (ADIS) from its Privacy Act
- Did the EU know that the US was planning to introduce these exemptions?

EU: European Commission to propose EU PNR travel surveillance system

- why have we heard so little about the EU's API system?
- what is the difference between API, APP and PNR?
- new US PNR list the same as the old one

EU-USA-PNR: European Parliament Resolution on the new EU-USA PNR agreement: "substantially flawed" (pdf) MEPs fear that new PNR agreement fails to protect citizens' data (EP press release)

EU-USA-PNR AGREEMENT: Agreement, letter, 28 June 2007: full-text (pdf) Letter (pdf)

EU-USA-PNR: European Data Protection Supervisor, Peter Hustinx, letter to the German Council Presidency: Hustinx letter, 27 June 2007: full-text (pdf). The letter expresses "grave concern" at the proposals to:

- extend the time personal data is held from 3.5 years to 15 years:
- data can be passed to a "broad range of US agencies" with "no limitation" on its further processing;
- the absence of a "robust legal mechanism" for EU citizens to "challenge misuse" of their data;
- and the fact that the US "wants to avoid a binding agreement"

See previous Statewatch coverage (21 June 2007) below

EU-USA-PNR (passenger name record): EU negotiators agree that PNR data will be held for 7 years, doubling the current 3.5 years, and in addition agree that data can be access for a further 8 years (so-called "dormant" data).

An "Extraordinary meeting" of the Permanent Representatives Committee (COREPER) was held in Luxembourg on 12 June 2007 during the Justice and Home Affairs Council. The sole subject on the agenda as the EU-USA PNR (passenger name record) agreement: Minutes of COREPER meeting: EU doc no: 10994/07

The current "Undertakings" state that PNR data will be held for: "3.5 years from the date the data is accessed (or received) from the air carrier's reservation system. After 3.5 years, PNR data that has not been manually accessed during that period of time, will be destroyed. PNR data that has been manually accessed during the initial 3.5 year period will be transferred by CBP to a deleted record file."

Under the proposed new agreement: "PNR data would be kept for 7 years as "active" data and 8 years as "dormant" data."

Under the existing agreement data which has not been accessed for 3.5 years is destroyed. Under the proposed agreement all data will be held for 15 years.

Moreover, the new agreement will be

"supplemented by an exchange of letters acknowledging the unilateral undertakings that the Department of Homeland Security (DHS) is ready to adopt to protect the PNR data through a Statement of Record Notice (SORN). The precise nexus between the two is not agreed yet (the US side wants to avoid that the exchange of letters amounts to an agreement)."

The EU negotiators thus intend to accept the US demand that the protection of personal data is not covered by the formal agreement.

Moreover, the Department of Homeland Security (DHS) would get access to PNR data and not only the Customs and Border Protection Department (CBP).- the DHS, under US law, has to ensure that "terrorism information" is passed promptly "to the head of each other agency that has counterterrorist functions". The EU is effectively agreeing that the USA can pass personal data to a multitude of agencies (who may further process it).

The only apparent concession is that the data fields will be reduced from 34 to 19 - though it is not known which will be deleted.

The House of Lords EU Committee raises concerns over passenger name record agreement with the US (press release) Full-text of the report: The EU/US Passenger Name Record (PNR) Agreement (139 pages, pdf)

EU-PNR: Did Chertoff lie to the European Parliament? (link to: The Practical Nomad, Edward Hasbrouck's blog). Contrary to the impression given by USA Secretary of Homeland Security Michael Chertoff when he gave evidence to the European Parliament's Civil Liberties Committee (LIBE) on 14 May Edward Hasbrouck says that: "there is no mention of whether any of the suspects and allegations he uses as examples has ever been brought before a court of law. Indeed, the very idea of subjecting any of these allegations to normal judicial process appears never to have occurred to Chertoff." Moreover:

"Chertoff claimed that "PNR data is protected under the U.S. Privacy Act and the Freedom of Information Act, among other laws, as well as the robust oversight provided through ... American courts." But the Privacy Act applies only to U.S. persons, not EU citizens and residents. The DHS has exempted the Automated Targeting System (ATS), the database in which it stores PNR's, from most requirements of both FOIA and the Privacy Act. EU or other non-USA citizens and residents have no standing under these laws in any American courts. And since the PNR "agreement" has not (and apparently isn't intended to be) ratified as a treaty by the U.S. Senate, it can't be enforced in U.S. Courts or provide a cause of action even for U.S. citizens."

Committee on Civil Liberties, Justice and Home Affairs, Transatlantic Dialogue, Monday May 14 2007 (unofficial record) (pdf)

EU-USA-PNR: European Parliament press release: US Secretary of Homeland Security Michael Chertoff debates data protection with MEPs - a better headline would be "US Secretary of Home Security tells the European Parliament to stop opposing US demands for personal data". According to reports the USA wants to hold personal data for longer than the three and a half years in the present agreement and to continue to have direct access ("pull system") to airline reservation computer systems in the EU (the EU side wants to change this to a "push"system whereby only relevant data/flights are sent to US agencies). During his appearance before the parliament's Civil Liberties Committee (LIBE) he was asked: "Are you willing to conclude an agreement ... that reflects the American as well as the EU legal principles and interests, instead of imposing unilaterally U.S. standards and wishes?" Dutch MEP Sofia in 't Veld asked Chertoff. "Do you recognise the extent of the damage that the US ' 'war on terror' has done to the fight against terrorism?" asked Sarah Ludford (ALDE, UK).

EU: Article 29 Working Party on data protection issues guidance on: Information to passengers about transfer of PNR data to US authorities (pdf)
EU-USA PNR formal adoption of agreement:
Press release and Report on debate in the European Parliament

EU-USA PNR: the Council of the European Union has now produced the separate texts on passenger name record (PNR) access by the USA.

1. New Council Decision on EU-USA PNR deal
This replaces the previous Decision which the EU court ruled was on the wrong legal basis.

2. New Council Agreement on EU-USA PNR deal
This replaces the previous Agreement which the EU court ruled was on the wrong legal basis

3. Text of letter from the US Department of Homeland Security on their "interpretation" of "certain provisions of the "Undertakings" of 11 May 2004
This letter from the USA re-interprets parts of the "Undertakings" agreed in 2004 and which still form part of the Agreement.

See: Statewatch critique:
EU-USA PNR agreement renegotiated to meet US demands - when the law changes in the USA so too does access to data and how it is processed

4. Council reply to the US letter
The Council's reply to the US Department of Homeland Security says that the USA's "commitments" to implement the "Undertakings" allows the EU to declare there is an "adequate level of data protection" - but is this statement based on the 2004 "Undertakings" or their new "interpretation" by the USA?

5. US Undertakings attached to agreement, 2004

6. On 11 October the European Parliament plenary session debated the new Decision and Agreement: Abstracts from speakers who intervened on behalf of their groups

EU-US PNR deal: Sophie In't Veld (D66, Netherlands, ALDE group), the EP rapporteur, has got the parliament to agree to hold a public debate on the matter tomorrow afternoon during the Brussels plenary session (11 October). Letter from Sophie In't Veld to Commissioner Frattini asking a series of questions on the agreement (pdf)

EU-USA PNR agreement renegotiated to meet US demands - when the law changes in the USA so too does access to data and how it is processed: EU-USA PNR (passenger name record) agreement of 6 October 2006: Full-text and Original agreement of 17 May 2004 (pdf) US Undertakings attached to agreement, 2004 (pdf)

EU: European Union code of conduct for computerized reservation systems (Council Regulation (EEC) No. 2299/89, 24 July 1989: Full-Text Amended by 3089/93 of 29 October 1993 and Europa summary

EU: It is reported that the EU and the USA have failed to reach a new agreement on access to PNR (passenger name records) by the the deadline of 30 September 2006 ("EU-US airline data talks collapse", BBC link).

In June we reported that: EU-US: New PNR agreement a "technicality" say EU and US officials (eupolitix.com, 31.5.06, link) Following the annulment by the European Court of Justice of the EU-US agreement on the exchange of data on air travellers ("passenger name records") officials from the European Commission and their counterparts in Washington have quickly moved to play down the significance of the ruling, suggesting that replacing the treaty with a "Third Pillar" instrument will be a mere "technicality".

Tony Bunyan, Statewatch editor, comments:

"It seems very strange that a new agreement cannot be reached if all that is required is the same text placed on a different legal basis. On the other hand if the USA is trying to change the text of the agreement that would require a series of procedures in the EU and re-open the public debate"

EU-USA PNR scheme: 1)
Legislative act withdrawing the existing agreement 2) Letter from the President of the European Parliament, Mr Borrell to Mr Barossi, President of the European Commission

EU-USA PNR (passenger name record) deal: 1) Opinion of Article 29 Data Protection Working Party 2) Commission negotiation proposal for new deal 3) Commission review on the operation of the agreement 4) Termination of present agreement 5) Current US "undertakings"

EU: Commission proposal on terminating the current agreement with the USA on PNR (passenger name records). A second proposal will invite the Council of the European Union (25 governments) to reach a new agreement based on Article 38 of Title VI of the Treaty on European Union. See for comment: MEPs to be sidelined in revived airline data deal: euobserver (link) and MEPs to be snubbed in new EU-US air data deal: eupolotix (link) PNR (passenger name record) Treaty annulled by Court of Justice in case brought by the European Parliament: Full-text of Judgment (pdf) and European Data Protection Supervisor: Comments on ECJ judgment on PNR: "seems to create a loophole in the protection of the European citizen since it is no longer assured that data collected for commercial purposes but used by police are protected by the data protection directive"

EU-USA PNR agreement: Letters sent by President Borrell of the European Parliament Mr Barroso, President of the Commission and the EU Council Presidency on the consequences of the Court case of 30 May on passenger name records (PNR)

European Data Protection Supervisor: Comments on ECJ judgment on PNR: "seems to create a loophole in the protection of the European citizen since it is no longer assured that data collected for commercial purposes but used by police are protected by the data protection directive"

EU-US PNR (passenger name record) Treaty annulled by Court of Justice in case brought by the European Parliament - but is it a "pyrrhic" victory? Full-text of Judgment (pdf) Court of Justice press release (pdf) The treaty conclusion and Commission decision have clearly been annulled because (following the opinion of the Advocate-General, see below) their subject-matter fell outside the scope of the data protection directive, as they concerned essentially the processing of data by law enforcement authorities. The other pleas by the EP, in particular the privacy plea, are therefore not considered at all (the Advocate-General had considered them for the sake of argument, but rejected them). The EP has therefore won a "pyrrhic" victory, as the agreement will now be replaced either by national agreements, or by a third pillar agreement with the US. Either way the EP has no power over approval of the treaty/treaties or even the power to bring legal proceedings against them. The press may describe this as a victory for the EP or for privacy but they will be mistaken.

Moreover, there is a risk that if an EU treaty or purely national treaties are signed with the US that the standard of privacy protection could actually be worse than in the original PNR deal. The treaty is still valid for 3 months after being denounced, so access to the airline reservation databases would only be illegal if there are no replacement measures by that point.

Opinion of the Advocate-General of the European Court of Justice (delivered on 22 November 2005)

EU-ECJ:
Opinion of the Advocate-General of the European Court of Justice (delivered on 22 November 2005) Now avaiable in English (pdf). Case C-317/04: European Parliament v Council of the European Union on the transfer of PNR (passenger name record data) to the USA.

EU-USA PNR: The European Court of Justice has refused to apply the accelerated procedure to the European Parliament's complaint on the EU-USA PNR (passenger name record) agreement, so the case will not completed for two to three years - thus probably not until after the expiry of the current agreement with the US: Court judgement (in French) (30.10.04)

EU-USA PNR DEAL: Council of the European Union (the 25 governments) get notice of case in Court of Justice brought by the European Parliament over the agreement with the USA on PNR (passenger name record): Note from Legal Service (pdf). The parliament is also asking the court to annul the Commission's finding that adequate data protection is provided in the USA "Undertakings".

PNR - EU-US deal on access to passenger name records: The "Undertakings of the Department of Homeland Security Bureau of Customs and Border Protection (CBP)" were published in the US Federal Register on 6 July. Federal Register announcement (pdf) The agreement will not come in force until (a) enacted by Congress, (b) properly promulgated as a regulation, under authority of Congress, by a Federal agency, or (c) ratified by the Senate as a treaty. On the same day, 6 July 2004, the Official Journal of the European Communities (OJ) published the Commission's Decision on "adequacy of protection" in the US "Undertakings": EU-OJ (pdf). On 28 June 2004 the President of the European Parliament, Pat Cox, formally initiated court action to annul the Decision of the Commission: Letter from President of the EP (pdf). Full background and documentation is given on Statewatch's Observatory on PNR

Breaking news, 25.6.04: European Parliament to go to court over Council and Commission decisions on PNR data agreement with USA: Press statement from EP President, Pat Cox

PNR: TransAtlantic Consumer Dialogue's Resolution on Passenger Name Records: civil society coalition to send resolution to EU-US Summit meeting in Dublin on 25 June: Resolution, background and signatories

EU-US PNR deal: European Parliament discussing (16.6.04) new court case: Report

1.6.04: EU-US PNR deal: Signed by USA but Leaders of the groups in the European Parliament to discuss new court case on 16 June:

1. Agreed text: EU-US agreement on access to passenger data (pdf)
2. Commission's finding of adequacy and the final text of the US "Undertakings" (pdf)
3. US signs agreement (link)
4. MEPs seek challenge to EU-US air data deal (link)
5. Full history and documentation: Statewatch's: "Observatory" on EU-US PNR deal

10.5.04: EU: Johanna Boogerd-Quaak MEP, Vice-Chair of the Committee on Citizens' Freedoms and Rights and rappporteur, calls on the European Parliament President, Pat Cox, to take steps to ensure the parliament's position on EU-US PNR "deal" is maintained: Letter to Mr Gargani, 4.5.04 and response, 5.5.04 (pdf) Letter to Pat Cox (pdf)

8.5.04: EU agree US PNR deal: Report

- European Parliament by-passed in shoddy deal that undermines privacy and EU data protection rights
- leading MEPs call for the "Conference of Presidents" to discuss on 15 June

5.5.04: EU-US PNR: Council to ignore parliament and go ahead with "deal": Report

4.5.04: EP rejects EU-US PNR deal by an even bigger majority - new "enlargement" MEPs back stand against the transfer of personal data to the USA: Report   Tony Bunyan, Statewatch editor, comments:

"The Commission, the EU governments and the US Mission in Brussels were counting on the MEPs from the ten new Member States to reverse the two previous votes in the parliament - instead the majority against the "deal" increased. This is good news for civil liberties and for democracy."

30.4.04: European Parliament bounced into third vote. The Parliament has already passed a resolution opposing the agreement on the exchange of passenger data with the US (31.3.04) and voted to go to the European Court of Justice for an opinion on the legality of the Treaty (21.4.04). Fearing an ECJ ruling against the Treaty, the Council (member states) has simply demanded the that EP vote again, invoking an "urgency procedure" in an attempt to overturn a majority of just 16 in favour of legal action. MEPs will now come under tremendous pressure in advance of the vote on Tuesday morning (4 May 2004). "How many times will we vote? Until we give the right answer?", they ask. Tuesday's vote will also include unelected MEPs from new EU countries – raising fears that inexperienced and unaccountable parliamentarians will bow to government pressure. See report from eupolitix.com.

23.4.04: EU-US passenger name record (PNR) deal - where now? Report

21.4.04: European Parliament votes to go to court: 12.00 Wednesday. Plenary just voted 276 in favour, 260 against, 13 abstentions to refer the PNR agreement to the ECJ for opinion under Article 300(6): Report

20.4.04: European Parliament debate taking the Commission to court on EU-US PNR deal: Report

16.4.04: EU-US PNR (passenger name record) "deal" to go for a second vote in European Parliament: Report

6.4.04: uropean Parliament Legal Affairs Committee: Vote to go to the European Court of Justice to challenge Commission finding of "adequacy" on the proposed EU-US deal on transfering passenger data to the USA. The Committee voted in favour by 16 votes to 12 with no abstentions. The PSE (Socialist), Green/EFA, GUE (United Left), ELDR (LIberals) and Radical groups voted in favour. The PPE (Conservatives) voted against.Mme Boogerd Quaak (ELDR), Mme Paciotti (PSE) and Mr Cappato (Radicals) intervened strongly in favour of asking for the opinion of the court.

6.4.04: The European Parliament's Committee on Citizens' Freedoms and Rights today (6.4.04) rejected the proposed formal agreement, proposed by the European Commission, for the passing of passenger data (PNR) to the USA. The report by rapporteur, Mme Boogerd-Quaak was adopted: Full-text of report (link) with one amendment: Text of amendment (link). The Commission proposal, draft agreement with the USA: Full-text (pdf). The PSE (Socialist), Green/EFA, GUE (United Left), ELDR (Liberal) and Radical groups voted in favour - the PPE (Conservative group) voted against.

The parliament's Foreign Affairs Committee today voted narrowly to reject an opinion drafted by its President, Mr Brok, proposing acceptance of the international agreement with the USA on PNR.

EU: Full-text of the Resolution adopted by the European Parliament at its plenary session on 31 March 2004 opposing the transfer of passenger data (PNR) to the USA and reserving the right to take the issue to the European Court of Justice: EP Resolution (pdf)

31.3.04: European Parliament voted 229 votes to 202, with 19 abstentions to back a Resolution opposing the transfer of passenger name records (PNR, personal data) to the USA. The parliament refers back the Commission's finding that the "Undertakings" given by the USA are "adequate" and reserves the right to take the matter to the European Court of Justice. The PPE (Conservative group) opposed the Resolution. The PSE (Socialist group) backed the Resolution - but some PSE national delegations, including that from the UK Labour Party - joined the PPE in opposing the Resolution. The key points adopted are:

a. the Commission has exceeded its executive powers
b. Calls upon the Commission to withdraw the draft decision
c. reserves the right to appeal to the Court of Justice should the draft decision be adopted by the Commission; reminds the Commission of the requirement for cooperation between institutions which is laid down in Article 10 of the Treaty

1.
Resolution adopted by the European Parliment on 31.3.04 on transfer of data to USA (pdf)
2
. The draft agreement with the USA: Full-text (pdf)
3. Commission finding of "adequacy" plus US "Undertakings" (pdf)
4. For the full background see Statewatch's Observatory on PNR

European Parliament vote on PNR (passenger name record) EU-US deal: A US diplomat is quoted as saying: "We would have no problem with US airlines handing information over to the EU" - does this mean US airlines will hand over personal data on everyone, including US citizens flying to the EU? See: eu.politix.com (link) and another story saying that the parliament has "mispresented" the US case: eu.politix.com (link). At the same time COREPER (the committee of permanent representatives of the 15 EU governments in Brussels) is set to agree the draft agreement with the USA: Full-text (pdf). For the full background see Statewatch's Observatory on PNR

European Parliament: EU-US PNR agreement: Rapporteur, Johanna Boogerd-Quaak (Vice Chair of the Committee on Citizens' Freedoms and Rights) responds to Elmar Brok's letter (below), see: Full-text of letter (pdf)

European Parliament: pro-US pressure put on MEPs prior to plenary vote on 30 March on EU-US passenger name record (PNR) agreement. The chair of the parliament's "Delegation for relations with the USA" has circulated a note from the European Commission pointing out the consequences of passing a critical Resolution: Text of letter (pdf). Elmar Brok, chair of the Foreign Affairs Committee has written to the chair of the Citizens' Freedoms and Rights Committee backing the "deal" and saying - contrary to the report on the table and every report from the EU's Article 29 Data Protection working party - that there is the right "balance" between security and the protection of civil liberties: Brok letter (pdf) See: European Parliament committee adopts highly critical report on EU-US passenger name record data (PNR): Report and documentation

European Parliament committee adopts highly critical report on EU-US passenger name record data (PNR): Report and documentation

EU leads call for global agreement on the exchange of passenger data (PNR): Report

EU draft Decision on the "adequacy" of the US "Undertakings" on access to PNR: Full-text and analysis

"Privacy is one of the basic values of human life and personal data is the main gateway enabling entry into it. The citizens of countries that experienced a period of totalitarian regimes have that a hard experience - when privacy was not considered of value and was sacrificed to the interest of the state" (Hana Stepankova, Czech Office for Personal Data Protection, on handing over personal passenger data to the USA, Prague Post, 11.12.03)

EU planning to nod through use of PNR data for use by CAPPS II: Report and documentation

2.2.04: EU's data protection working party produces damning report on EU-US exchange of passenger data: Report and documentation

2.2.04: Statewatch special: Full-text of EU-US agreement on the transfer of personal data: EU-US agreement

2.2.04: Privacy International report on transfer of PNR data to USA: Press release and report

Report on Transfers of Air Passenger Data to the U.S. Department of Homeland Security
Negotiations by the European Commission described as "systematic deception and subterfuge"

EU: Belgian Privacy Committee supports MEP's complaint on illegal transfer of personal data to USA: Finding

EU-USA PNR agreement: ACLU letter to EU Commissioner Bolkestein - Northwest Airlines Privacy Violations

The US-VISIT Program, Increment 1, Privacy Impact Assessment (dated 18.12.03) (pdf)

Communication on Transfer of Air Passenger Name Record (PNR) Data: A Global EU Approach (16.12.03, pdf)

Commission did agree that PNR data can be used for CAPPS II testing, but the question is why? Report and analysis

- contrary to Mr Bolkestein's claim a whole host of US agencies will have access to the data
- lifetime travel dossiers to be created and held for 100 years on every traveller

USA to use EU PNR data for CAPPS II testing despite assurances no agreement covering it: Report

EU: Commission "compromises" and agrees on handing over passenger data to USA: Report and documentation

- EU-USA collusion heralds global imposition of the surveillance of travel
- "The EU cannot refuse its ally in the fight against terrorism" (EU Commissioner Bolkestein)
- The EU's Data Protection Article 29 Working Party:
"declined to adopt or approve the text, on the grounds that the transfer of PNR to the US are in any case illegal and nothing should be done to blur that fact"

- EU law enforcement agencies want complete exemption from data protection

"What is quite unforgivable is that the European Commission thinks that the EU-USA deal - with a state which has no data protection laws and no intention of adopting them - is a better basis for a global demand than the EU's data protection laws which have served as a model for for many countries around the world." (Tony Bunyan, Statewatch editor)

EU: Form of deal on handing over passenger data to USA in doubt: Report

Further evidence from Statewatch on proposed Directive on aircraft passenger data: October 2003

Evidence on proposed Directive on aircraft passenger data: Evidence to the Select Committee on the European Union, sub-committee "F": Proposed Directive on aircraft passenger data: September 2003

(10.11.03) EU: MEP tables formal complaint on transfer of personal data to USA: Report

(10.10.03): EU Parliament wants to halt air passenger data transfer to USA: Report and Resolution
but EU Commissioner, Mr Bolkestein hoping for "deal" derogating from EU data protection standards to allow USA access

European airlines are handing PNR data over to US Customs - Evidence from Spain:
See: Spanish: www.ugr.es/~aquiran/cripto/novuelan.htm See: English: http://www.ugr.es/~aquiran/cripto/nofly.htm

A. List of 43 categories of PNR (personal data) wanted by US on every passenger: List of categories

B. Data recorded by Iberia, data sent to Amadeus, PNR data and ticketing data held on Arturo Quirantes Sierra:

1: data in Iberia.com (profile 1)
2: data in Iberia.com (profile 2)
3: data in Amadeus (profile 1)
4: data in Amadeus (profile 2)
5: PNR - Reservation Record (legend)
6: PNR - Booking Record (legend)
7: PNR data - Madrid-New York flight
8: PNR data - Granada/Madrid flight
9: ticketing data

EU tells USA to stop making new requests to airlines for personal passenger data (Statewatch: filed 4.10.03) Includes letter from Bolkstein to Tom Ridge.

European Parliament report opposes giving passenger data to USA without strict data protection safeguards - and says if these are not met by 1 December all data transfers should stop: Statewatch report

European Commission tells USA that demands for access to data on airline passengers breaches EU Data Protection Directive - but hints at a deal that would "fudge" the issue: Statewatch report

Full-text of Mr Bolkstein's speech in the European Parliament on 9 September 2003: Speech (pdf)

Text of Commissioner Bolkstein's letter to the USA (thanks to Edward Hasbrouck): Text

EU airlines allowing access to all personal details on passengers by US authorities: Report

EU working party on data protection highly critical of proposed deal on US access to passenger data: Report

EU: Major commercial associations express strong concerns about plans for data retention: Report

EU: Campaign launched against the illegal transfer of European travellers' data to the USA: Report

Massive majority in European Parliament against deal with US on access to passenger data: Full report, resolution and amendments and verbatim debate

European Parliament resolution on airline passenger data gains wide support: Report

European Parliament committee to hold emergency session on the transfer of personal data to USA: Report

Direct access to personal details of EU passengers: How US Customs bounced the European Commission into a quick decision: Report

EU data protection chair calls for US access to passenger details to be postponed: Report

EU Working Party on data protection report on passenger data access by USA: Report

"it does not seem acceptable that a unilateral decision taken by a third country for reasons of its own public interest should lead to the routine and wholesale transfer of data protected under the directive"

US Customs to have direct access to EU airlines reservations databases: Report

European Commission caves in to US demands for airline and shipping passenger lists: Report

EU-US: US demands EU airlines and ships provide passengers list - UK is first EU government to back US scheme: Report

Google search for Statewatch's coverage of: Data protection and PNR (Passenger Name Record) (link)

Official documents


EU

a. European Union code of conduct for computerized reservation systems (Council Regulation (EEC) No. 2299/89, 24 July 1989:
Full-Text

b. European Parliament adopted strong resolution on exchange of passenger data (PNR) with USA: EP-PNR (pdf)

USA

a. USA Department of Transportation regulations governing computerized reservations systems (Note that although Notices of Proposed Rulemaking are pending under all four docket numbers below, neither the current regulations nor any of the proposed revisions include any consumer privacy
protection provisions):
http://www.access.gpo.gov/nara/cfr/waisidx_03/14cfr255_03.html - Current regulations, "Carrier-Owned Computer Reservations Systems", 14 C.F.R. 255

b. Notice of Proposed Rulemaking, Docket No. OST-1999-5888  c. Notice of Proposed Rulemaking, Docket No. OST-1998-4775

d. Notice of Proposed Rulemaking, Docket No. OST-1997-3014 e. Notice of Proposed Rulemaking, Docket No. OST-1997-2881

US information thanks to: Edward Hasbrouck edward@hasbrouck.org website: http://hasbrouck.org


Statewatch News online | Join Statewatch news e-mail list | Download a free sample issue of Statewatch bulletin

© Statewatch ISSN 1756-851X. Personal usage as private individuals/"fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.