Support Our Work Mailing list About / Contact
  • Home /
  • News /
  • 2007 /
  • June /
  • EU-USA: European Data Protection Supervisor writes to German Council Presidency expressing "grave concern" at PNR proposals

EU-USA: European Data Protection Supervisor writes to German Council Presidency expressing "grave concern" at PNR proposals

01 June 2007

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

European Data Protection Supervisor, Peter Hustinx, letter to the German Council Presidency: Hustinx letter, 27 June 2007: full-text (pdf). The letter expresses "grave concern" at the proposals to:

- extend the time personal data is held from 3.5 years to 15 years:
- data can be passed to a "broad range of US agencies" with "no limitation" on its further processing;
- the absence of a "robust legal mechanism" for EU citizens to "challenge misuse" of their data;
- and the fact that the US "wants to avoid a binding agreement"

Previous Statewatch coverage (21 June 2007):

EU-USA-PNR (passenger name record): EU negotiators agree that PNR data will be held for 7 years, doubling the current 3.5 years, and in addition agree that data can be access for a further 8 years (so-called "dormant" data).

An "Extraordinary meeting" of the Permanent Representatives Committee (COREPER) was held in Luxembourg on 12 June 2007 during the Justice and Home Affairs Council. The sole subject on the agenda as the EU-USA PNR (passenger name record) agreement: Minutes of COREPER meeting: EU doc no: 10994/07

The current "Undertakings" state that PNR data will be held for: "3.5 years from the date the data is accessed (or received) from the air carrier's reservation system. After 3.5 years, PNR data that has not been manually accessed during that period of time, will be destroyed. PNR data that has been manually accessed during the initial 3.5 year period will be transferred by CBP to a deleted record file."

Under the proposed new agreement: "PNR data would be kept for 7 years as "active" data and 8 years as "dormant" data."

Under the existing agreement data which has not been accessed for 3.5 years is destroyed. Under the proposed agreement all data will be held for 15 years.

Moreover, the new agreement will be

"supplemented by an exchange of letters acknowledging the unilateral undertakings that the Department of Homeland Security (DHS) is ready to adopt to protect the PNR data through a Statement of Record Notice (SORN). The precise nexus between the two is not agreed yet (the US side wants to avoid that the exchange of letters amounts to an agreement)."

The EU negotiators thus intend to accept the US demand that the protection of personal data is not covered by the formal agreement.

Moreover, the Department of Homeland Security (DHS) would get access to PNR data and not only the Customs and Border Protection Department (CBP).- the DHS, under US law, has to ensure that "terrorism information" is passed promptly "to the head of each other agency that has counterterrorist functions". The EU is effectively agreeing that the USA can pass personal data to a multitude of agencies (who may further process it).

The only apparent concession is that the data fields will be reduced from 34 to 19 - though it is not known which will be deleted.

Background: EU-USA PNR agreement renegotiated to meet US demands - when the law changes in the USA so too does access to data and how it is processed: EU-USA PNR (passenger name record) agreement of 6 October 2006: Full-text plus Original agreement of 17 May 2004 (pdf) US Undertakings attached to agreement, 2004 (pdf). See: House of Lords EU Committee report: The EU/US Passenger Name Record (PNR) Agreement (139 pages, pdf) See for full historical background:

 Previous article

UK: Criminal Justice and Immigration Bill

Next article 

Spain: Call to sign Letter of protest to Spanish authorities on the gagging and killing of a Nigerian citizen Osamuyiwa Aikpitanhi during his forced deportation

 

Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error

Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: MayDay Rooms, 88 Fleet Street, London EC4Y 1DH. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.

About | Contact | Privacy Policy