EU plan for wholesale security checking of every traveller
01 December 2003
In February 2003 the Spanish government put forward a proposal for an EU Directive requiring all airlines to collect and pass over passenger data for vetting. The purpose of the proposal was to combat "illegal immigration" and the first draft said data should be gathered on all "people" arriving in the EU. On 25 June the Permanent Representative of the UK government in Brussels wrote to the Council of the European Union formally stating that the UK intended to participate in the proposal as it then stood. On 9 July a number of other EU governments successfully argued that the term "people" should be replaced by "foreign nationals" thus excluding checks on EU citizens (Draft of 11.7.03). The UK government had no such concerns.
All EU Member States were asked for their views on the draft text and their responses are in a document dated 15 October 2003. The Netherlands government said that the proposal has "no added value" in "combatting illegal immigration" but "the proposal to include terrorism holds promise". The Portuguese want data to be held for six months but says it should not cover terrorism (and this could not be legal under Title IV TEC). Sweden was "not convinced that a routine-like collection of data of foreign nationals... can be considered not to be excessive" (under data protection law). Greece too saw no added value in the proposal as foreign nationals are checked anyway on arrival, that the further processing of data (checks against security and intelligence databases) would be contrary to its data protection law and said that: "it will not be possible to delete information" from the databases of the security agencies consulted.
The draft of 27 October (doc: 11406/1/03) was:
1) limited to air travel and combatting "illegal immigration";
2) limited to "foreign nationals";
3) provided for data to be passed over on boarding and checks to be made at "the airport of arrival" (not the airport of departure);
4) weak on "data processing" (no rights of data subject are set out) and said data "shall immediately" be deleted after "passengers have entered"
On 5 November the UK Home Office sent an Explanatory Memorandum (EM) to parliament. This starts by saying that the government supported the proposed Council Directive but had a number of reservations.
First, that data on passengers should to be handed over "at the time of boarding" not at the "time of check-in" (essential for the UK's proposed "board/not board" policy, see: UK takes lead on surveillance of passengers).
Second, and as fundamental, the UK government objects to the scope of the Directive being limited to immigration controls. The UK government comments that API (Advanced Passenger Information):
"should be used to support the work not only of the Immigration Service but also the other border agencies (Customs and police). The UK will suggest amendments that will allow data transmitted by the carrier to be used by Member States for other border control purposes and that there will not be a time limit for deletion of data" (emphasis added)
Thus the UK wants to use the passenger data handed over both for checking against all the immigration, customs, police and internal security agency databases for all purposes - immigration, crime and terrorism - and to keep data for future reference without a time limit. Third, the UK wants the Directive to apply to travel by air, sea and rail, not just to that by plane.
There are substantial changes to the proposed Directive in the 12 November draft. The new Article 1 is still apparently limited to tackling immigration. But: "the transmission of data on third country nationals" has been changed to:
"the transmission of advance passenger data" (emphasis added).
The draft has therefore reverted to covering all passengers rather than third country nationals and the word "advance" has been inserted - appearing to meet the UK demand - instead of data being handed over at "the end of boarding<