United States–European Union Agreement on Passenger Name Records explained

The Agreement between the United States of America and the European Union on the use and transfer of Passenger Name Records to the United States Department of Homeland Security is an international agreement between the United States of America and the European Union that was signed on 14 December 2011 for the purpose of providing passenger name records (PNR) from air carriers operating passenger flights to the United States Department of Homeland Security to "ensure security and to protect the life and safety of the public" (Article 1).

Historical development

Access and transfer of passenger name records (PNRs) fall under the purview of European Data Protection Law. Under the Organisation for Economic Co-operation and Development (OECD) 1980 Privacy Guidelines, and the 1995 European Union Directive on data protection, PNRs may only be transferred to countries with comparable data protection laws.[1] Also, law enforcement authorities are permitted to access the passenger data only on a case-by-case basis, and where there exists a particular suspicion.

In the aftermath of the 11 September 2001 attacks, the US government determined that PNRs (both archived and real-time) were invaluable tools for investigating and thwarting terrorist attacks. Accordingly, the US government has sought the collection, transfer and retention of PNRs by the US Department of Homeland Security (DHS) Bureau of Customs and Border Protection.

In May 2004, the US government negotiated the 2004 Passenger Name Record Data Transfer agreement[2] (aka. US-EU PNR agreement) – a safe harbor PNR transfer agreement with the European Commission. Specifically, the European Commission deemed that the level of protection afforded to such PNR transfers would satisfy the standard of "adequacy" required by the 1995 EU Data Directive, as long as the data would be transferred and used solely for the purposes for which it was collected. These purposes being limited to "preventing and combating: terrorism and related crimes; other serious crimes, including organized crime, that are trans-national in nature; and flight from warrants or custody for those crimes."[3] The US-EU-PNR agreement required European airlines to supply PNR data to US authorities within 15 minutes of a plane taking off. While this agreement was invalidated by the European Court of Justice on 30 May 2006 due to lack of legal authority, the European Council worked to substantively resurrect the agreement before the court-mandated deadline of 30 September 2006.[4] [5]

In July 2007, a new, controversial, PNR agreement between the US and the EU was undersigned.[6] A short time afterward, the Bush administration gave exemption for the Department of Homeland Security, for the Arrival and Departure System (ADIS) and for the Automated Target System from the 1974 Privacy Act, raising concerns from Statewatch about the protection of EU citizens' data.[7]

In February 2008, Jonathan Faull, the head of the EU's Commission of Home Affairs, complained about the US bilateral policy concerning PNR.[8] The US had signed in February 2008 a memorandum of understanding[9] with the Czech Republic in exchange for a visa waiver scheme, without consulting in advance with Brussels.[10] The tensions between Washington and Brussels are mainly caused by a lesser level of data protection in the US, especially since foreigners do not benefit from the US Privacy Act of 1974. Data privacy in the EU is regulated by the Directive 95/46/EC on the protection of personal data, and the US Safe Harbor arrangement made to converge with European norms is still being controversial for alleged lack of protection. Other countries approached for bilateral MOU included the United Kingdom, Estonia, Germany and Greece.[11]

On 28 November 2011, a new agreement on the transfer and use of PNR data between the EU and US DHS was authored.[12] The full text is available online.[13]

In April 2012, the agreement was approved and adopted by the European Parliament.[14] The agreement provides protections for PNR data, however critics express concerns that there is insufficient recourse should the data be misused. The parliament's approval of the agreement was warmly welcome by the Justice and Home Affairs Council of Ministers.[15]

Criticism

On 6 January 2011, the Article 29 Working Party responded to a request for its opinion:

Reports by the Legal Service of the European Commission as well as two professors funded by The Greens–European Free Alliance critiqued the agreement because of perceived reductions of privacy rights.[16] [17]

See also

Notes and References

  1. Organisation for Economic Co-operation and Development, Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (23 September 1980), available at http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html
  2. Web site: Justice and fundamental rights.
  3. Agreement between the European Community. and the U.S. on the processing and transfer of PNR data by air carriers to the U.S. Dep't of Homeland Sec., Bureau of Customs and Border Prot. Council Directive 2004 O.J. (L 183) 94 (EC).
  4. See BBC News: EU court annuls data deal with US
  5. http://www.curia.europa.eu/en/actu/communiques/cp06/aff/cp060046en.pdf Judgment of the Court of Justice in Joined Cases C-317/04, C-318/04 Parliament/ Council (press release)
  6. Web site: Jean-Pierre Masse . New EU-US PNR Agreement on the processing and transfer of Passenger Name Record (PNR) data . https://web.archive.org/web/20120112021643/http://www.libertysecurity.org/article1591.html . dead . 12 January 2012 . Libertysecurity.org . 20 March 2013.
  7. [Statewatch]
  8. http://euobserver.com/9/25657 Brussels attacks new US security demands
  9. Web site: MEMORANDUM OF UNDERSTANDING BETWEEN THE MINISTRY OF THE INTERIOR OF THE CZECH REPUBLIC AND THE DEPARTMENT OF HOMELAND SECURITY OF THE UNITED STATES OF AMERICA REGARDING THE UNITED STATES VISA WAIVER PROGRAM AND RELATED ENHANCED SECURITY MEASURES . 2008 . Statewatch.
  10. http://www.rue89.com/2008/03/04/a-divided-europe-wants-to-protect-its-personal-data-wanted-by-the-us A divided Europe wants to protect its personal data wanted by the US
  11. [Statewatch]
  12. Web site: Letter Ares(2012)15841. Article 29 Working Party. 19 September 2012. 6 January 2011. Since the agreement would have implications for millions of European citizens, for the Working Party, there should be no doubt as to the transparency of the discussions on the draft agreement and of the approval procedures within the relevant institutions of the European Union. It regrets that this view does not seem to be shared by all relevant stakeholders. As a general assessment, the Working Party notes (modest) improvements in the draft agreement, but does not see its serious concerns removed..
  13. Web site: Agreement between the United States of America and the European Union on the use and transfer of Passenger Name Records to the United States Department of Homeland Security . 2011/0382 (NLE . 8 December 2011 . European Council.
  14. Web site: Infosecurity – European Parliament approves the controversial EU/US PNR agreement . Infosecurity-magazine.com . 20 April 2012. 20 March 2013.
  15. Web site: The EU and the United States strengthen cooperation on counter-terrorism . eu2012.dk . 19 April 2012 . 20 March 2013.
  16. Web site: EU-US PNR agreement found incompatible with human rights.
  17. Web site: Comparative Study on the 2011 draft Agreement between the }} States of America and the European Union on the use and transfer of Passenger Name Records (PNR) to the United States Department of Homeland Security ]. 14 March 2012 . Gerrit . Hornung . Franziska . Boehm . Passau an Luxembourg . Greens–European Free Alliance.