Commission did agree that PNR data can be used for CAPPS II testing, but the question is why?


- contrary to Mr Bolkestein's claim a whole host of US agencies will have access to the data
- lifetime travel dossiers to be created and held for 100 years on every traveller


Tony Bunyan, Statewatch editor, comments:

"It is very hard to see how the Commission can come to the conclusion that the safeguards on access to PNR data are "adequate" under Article 25 of the EC Directive on Data Protection. All the evidence coming out of the USA shows that this data will be: accessed by a multitude of agencies, is intended to be integrated into the US-VISIT and CAPPS II projects, and will be used to create lifetime travel dossiers on everyone flying to and travelling within the USA."

The record of the meeting of the European Parliament's Committee on Citizens Freedoms and Rights on 16 December 2003 shows that EU Commissioner Bolkestein told the parliament that:

"We have agreed to run a trial, to make a trial run on CAPPS II, but this data will be immediately destroyed and any further exercise involving CAPPS II will be subject to a new and separate agreement"

CAPPS II is the Computer Assisted Passenger Pre-Screening System. This corrects our earlier story (USA to use EU PNR data for CAPPS II testing despite assurances the agreement would not cover it). The confusion arose because until 16 December - the day the agreement was signed - Bolkestein had said that the agreement on the transfer of PNR data to the US was, in part, on the understanding that: "The arrangement will not cover the US Computer Assisted Passenger Pre-Screening System (CAPPS II)." Although the data collected during the "trials" may not be retained by the CAPPS II project or the US Department of Homeland Security it will be retained by the airline computer reservation systems indefinitely. The question remains as to why did the Commissioner agree to this and is a matter that the European Parliament may choose to raise when the formal agreement is put before it in February.

However, replies by two Commissioners to questions put by MEPs on the Committee reveal other, deeper, problems. Commissioner de Palacio made the extraordinary statement that "the United States actually have a data protection system as well as a system for the protection of privacy". The USA does not have a data protection law and its Privacy Law only protects US citizens' rights not those of foreigners.

Commissioner Bolkestein also told the Committee that:

"only the Department of Homeland Security, not other agencies"

would get access to passenger data unless there was a court order. This statement is incorrect. The US-VISIT Program, Increment 1, Privacy Impact Assessment (dated 18.12.03) says that the information will be accessed by:

"employees of DHS components - Customs and Border Protection, Immigration and Customs Enforcement, Citizenship and Immigration Services and the Transportation Security Administration"

The US-VISIT report adds that access will also be given to:

"consular officers of the State Department. Additionally, the information may be shared with other law enforcement agencies at the federal level, state, local, foreign or tribal level, who in accordance with their responsibilities, are lawfully engaged in collecting law enforcement intelligence information (whether civil or criminal)"

Thus numerous US agencies, at all levels, will "share" the information and add their own observations. During the negotiations on data protection clauses in the EU-USA agreements on extradition and judicial cooperation the US side admitted that they had no idea how many law enforcement agencies would have access to data collected from airlines computer reservations systems (CRS) in the EU.

The data to be collected under the US-VISIT programme is wider than

 

Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error