28 March 2012
Support our work: become a Friend of Statewatch from as little as £1/€1 per month.
to nod through use of PNR data for use by CAPPS II
The document on the EU-US agreement on PNR says that: "it will be necessary in the near future to cover transfers of PNR data to the TSA" (US Transport Security Administration) for use by CAPPS II (ie: the screening and checking of passengers against a multitude of state and commercial databases). The Commission expects the TSA to simply issue:
"undertakings analogous to the issues by the CBP that can justify the adoption of an adequacy finding by the Commission. The international agreement should thus cover both CBP and TSA"
Put in simple terms the current state of play is that:
1) on 16 December 2003 the European Commission declared that it could make a statement of "adequacy" (under Article 25.6 of the 1995 EC Directive on data protection) on the "Undertakings" given by the USA Customs and Border Protection agency (CBP);
2) on 12 January
these "Undertakings" were submitted by the USA but
not made public (but see: Full text of:
"Undertakings of the Department of Homeland Security Bureau of Customs and Border Protection (CBP)" (pdf)
3) on 29 January the EU's Article 29 Working Party of national Data Protection Commissioners produces a highly critical report on the "Undertakings" which required substantial changes: Article 29: Opinion on Adequate Protection of Personal Data (pdf) (the European Parliament also passed critical Resolutions on 13 March 2003 and 9 October 2003);
4) on 2 February NGOs (Privacy International, European Digital Rights, Foundation for Information Policy Research and Statewatch) published a highly critical report looking especially at how the PNR would be used for surveillance purposes by US agencies: Privacy International report (pdf)
5) the Commission's Article 31 Committee has to formally adopted the Commission's statement of adequacy - the European Parliament can only intervene if it passes a Resolution saying the the Commission has exceeded its powers under Article 25.6 of the 1995 Directive
6) the Commission has to produced a "light international agreement" authorising airlines to hand over passenger data
5) Throughout the negotiations on the EU-US PNR agreement European Commissioner Bolkestein has said that the use of PNR data by CAPPS II would be the subject of separate negotiations and discussions - now it is clear that the Commission simply expect to extend the PNR agreement to CAPPS II with "analogous" undertakings of the highly unacceptable PNR agreement and to make an international agreement covering both.
6) The Commission working paper says that an international agreement is necessary because:
"access by US law enforcement authorities to PNR databases situated on Community territory ("pull") amounts to exercise of US sovereign power in Community territory"
and because "the legal obligations" are those "imposed" by a third country.
A. The EU-US agreement to give access to personal details of passengers (PNR data) to US agencies giving away the rights of EU citizens under the 1995 EC Directive on data protection and is opposed by the Article 29 Working Party - this constitutes a denial of rights under EU law
B. The further step that this personal data is then used to "screen" all passengers and through "data-mining" to gather information on them through CAPPS II from state and commercial databases (eg: details of e-mail accounts and credit card usage) that constitutes a fundamental threat to peoples' civil liberties
Tony Bunyan, Statewatch editor, comments:
ink on the 12 January agreement with the USA on PNR is hardly
dry and the Commission is intending, at a stroke, to extend the
same controversial agreement to intrusive data gathering on all
passengers. The decision to use of PNR data for CAPPS II should
be the subject of quite a separate public debate and measure.
The EU must not be allowed allowed to hand over citizens' rights
to privacy and data protection and freedom from unwarranted surveillance
to a state where there will be no control over its use or misuse"
1. Commission Staff Working Paper on "An EU-US Agreement on Passenger Name Record (PNR)" (SEC 2004/81, 21.1.04)
2. "Undertakings of the Department of Homeland Security Bureau of Customs and Border Protection (CBP)" (pdf)
3. Article 29: Opinion on Adequate Protection of Personal Data (pdf)
4. Privacy International report (pdf) - released 2 February 2004
5. See also Statewatch's Observatory on PNR & USA
6. See also Statewatch's Observatory on EU PNR scheme
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: MayDay Rooms, 88 Fleet Street, London EC4Y 1DH. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.