European Commission tells USA that demands for access to data on airline passengers breaches EU Data Protection Directive - but hints at a deal that would "fudge" the issue (1)

- Commission option to reach bilateral agreement allowing for derogation from EU laws

- access to passenger data breaks EC Regulation on computer reservation systems (CRS) as well as 1995 Data Protection Directive

- Tom Ridge, US Secretary for Homeland Security, says on visit to Italy: "Looking at this request beyond just a data protection issue but as a mutual security issue is something that can help us get closer to resolving our differences"

- correspondence reveals that USA is also asking for "Advance Passenger Information" to vet those flying

- in a democracy data protection and civil liberties are indivisible


Update 18 September 2003

Tony Bunyan, Statewatch editor, comments:

"The debate in Europe over the US demand for access to personal information on air passengers travelling from the EU has rightly centred on data protection issues.

However, the issue of how the information could be used to potentially infringe peoples' civil liberties has been missing from the discussion. Everyone flying to the USA, and flying within the USA, will automatically be "profiled" under the proposed Computer Assisted Passenger Profiling System (CAPPS II). Their "profile" will be determined after checks against a series of "watch-lists", which although said to be directed at terrorism go much wider in practice.

Data protection covers what information is passed over, who it is passed on to, how long it is kept for and whether a person can see and correct data held on them. Civil liberties deals with how that data is used against people - whether they are questioned, searched, detained or placed under surveillance. In a democratic society the two are indivisible."

In their latest "Alert" Electronic Privacy Information Center (EPIC, Washington, USA, 18 September 2003) write:

"The United States is working diligently to convince the European Union to participate in the proposed Computer Assisted Passenger Profiling System (CAPPS II), the airline passenger security system created to prevent suspected terrorists from boarding airplanes. If the EU does choose to participate in the system as proposed, all travellers entering or flying through the U.S. will be required to provide their name, address, birth date, and home telephone number when purchasing a plane ticket.

Each passenger's information would then be shared with the US government and then checked against various private databases, terrorist watch lists, and felony warrant lists. Passengers would be assigned a color code to inform screeners whether to allow them to board the flight, or question, detain or arrest them."

See EPIC's webpage on Passenger profiling


Story filed on 15 September 2003

1. The US tried to impose a new deadline of 12 September for airlines flying there from within the EU to give access to personal passenger data (Passenger Name Record data, PNR). It is reported that Air France, British Airways and Iberia have been giving the USA access to this data since 5 March 2003. Indeed some airlines do not allow passengers to book tickets online unless they agree to personal data being handed over. Alitalia on the other hand have been banned from passing over any information that is not contained on a passport by their Data Protection Authority. Under US law airlines that fail to comply could be fined up to $6,000 a passenger and a loss of landing rights - passengers would be subject to checks on arrival. The European Commission has set a deadline of Christmas for trying to resolve the issue.

Tom Ridge, US Secretary for Homeland Security, said in Italy that there was still "some time to go to reconcile our differences" but stressed that the United States was firm in its intention to move aggressivel


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error