Jump to content

United States–European Union Agreement on Passenger Name Records

From Wikipedia, the free encyclopedia

The Agreement between the United States of America and the European Union on the use and transfer of Passenger Name Records to the United States Department of Homeland Security is an international agreement between the United States of America and the European Union that was signed on 14 December 2011 for the purpose of providing passenger name records (PNR) from air carriers operating passenger flights to the United States Department of Homeland Security to "ensure security and to protect the life and safety of the public" (Article 1).

Historical development

[edit]

Access and transfer of passenger name records (PNRs) fall under the purview of European Data Protection Law. Under the Organisation for Economic Co-operation and Development (OECD) 1980 Privacy Guidelines, and the 1995 European Union Directive on data protection, PNRs may only be transferred to countries with comparable data protection laws.[1] Also, law enforcement authorities are permitted to access the passenger data only on a case-by-case basis, and where there exists a particular suspicion.

In the aftermath of the 11 September 2001 attacks, the US government determined that PNRs (both archived and real-time) were invaluable tools for investigating and thwarting terrorist attacks. Accordingly, the US government has sought the collection, transfer and retention of PNRs by the US Department of Homeland Security (DHS) Bureau of Customs and Border Protection.

In May 2004, the US government negotiated the 2004 Passenger Name Record Data Transfer agreement[2] (aka. US-EU PNR agreement) – a safe harbor PNR transfer agreement with the European Commission. Specifically, the European Commission deemed that the level of protection afforded to such PNR transfers would satisfy the standard of "adequacy" required by the 1995 EU Data Directive, as long as the data would be transferred and used solely for the purposes for which it was collected. These purposes being limited to "preventing and combating: terrorism and related crimes; other serious crimes, including organized crime, that are trans-national in nature; and flight from warrants or custody for those crimes."[3] The US-EU-PNR agreement required European airlines to supply PNR data to US authorities within 15 minutes of a plane taking off. While this agreement was invalidated by the European Court of Justice on 30 May 2006 due to lack of legal authority, the European Council worked to substantively resurrect the agreement before the court-mandated deadline of 30 September 2006.[4][5]

In July 2007, a new, controversial,[6] PNR agreement between the US and the EU was undersigned.[7] A short time afterward, the Bush administration gave exemption for the Department of Homeland Security, for the Arrival and Departure System (ADIS) and for the Automated Target System from the 1974 Privacy Act, raising concerns from Statewatch about the protection of EU citizens' data.[8]

In February 2008, Jonathan Faull, the head of the EU's Commission of Home Affairs, complained about the US bilateral policy concerning PNR.[9] The US had signed in February 2008 a memorandum of understanding[10] with the Czech Republic in exchange for a visa waiver scheme, without consulting in advance with Brussels.[6] The tensions between Washington and Brussels are mainly caused by a lesser level of data protection in the US, especially since foreigners do not benefit from the US Privacy Act of 1974. Data privacy in the EU is regulated by the Directive 95/46/EC on the protection of personal data, and the US Safe Harbor arrangement made to converge with European norms is still being controversial for alleged lack of protection. Other countries approached for bilateral MOU included the United Kingdom, Estonia, Germany and Greece.[11]

On 28 November 2011, a new agreement on the transfer and use of PNR data between the EU and US DHS was authored.[12] The full text is available online.[13]

In April 2012, the agreement was approved and adopted by the European Parliament.[14] The agreement provides protections for PNR data, however critics express concerns that there is insufficient recourse should the data be misused. The parliament's approval of the agreement was warmly welcome by the Justice and Home Affairs Council of Ministers.[15]

Criticism

[edit]

On 6 January 2011, the Article 29 Working Party responded to a request for its opinion:

Since the agreement would have implications for millions of European citizens, for the Working Party, there should be no doubt as to the transparency of the discussions on the draft agreement and of the approval procedures within the relevant institutions of the European Union. It regrets that this view does not seem to be shared by all relevant stakeholders. As a general assessment, the Working Party notes (modest) improvements in the draft agreement, but does not see its serious concerns removed.

...

When assessing any new PNR agreement between the European Union and any third country, it remains important to reflect upon one fundamental concern implied in all these agreements. By concluding them, the legislators oblige carriers and computer reservation systems to make PNR data of all their passengers – nearly all of them being innocent and unsuspected citizens – available to foreign law enforcement agencies. This, in itself, remains quite an unusual phenomenon and requires very careful consideration. If acceptable at all, it requires not only a legal base, which the agreement is meant to be, but also irrefutable proof that the agreement is necessary and proportionate and that safeguards are sufficiently elaborated, all in the meaning of and in full compliance with the EU Charter on Fundamental Rights.[12]

Reports by the Legal Service of the European Commission as well as two professors funded by The Greens–European Free Alliance critiqued the agreement because of perceived reductions of privacy rights.[16][17]

See also

[edit]
[edit]

References

[edit]
  1. ^ Organisation for Economic Co-operation and Development, Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (23 September 1980), available at http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html
  2. ^ "Justice and fundamental rights" (PDF).
  3. ^ Agreement between the European Community. and the U.S. on the processing and transfer of PNR data by air carriers to the U.S. Dep't of Homeland Sec., Bureau of Customs and Border Prot. Council Directive 2004 O.J. (L 183) 94 (EC).
  4. ^ See BBC News: EU court annuls data deal with US
  5. ^ Judgment of the Court of Justice in Joined Cases C-317/04, C-318/04 Parliament/ Council (press release).
  6. ^ a b A divided Europe wants to protect its personal data wanted by the US, Rue 89, 4 March 2008 (in English)
  7. ^ Jean-Pierre Masse. "New EU-US PNR Agreement on the processing and transfer of Passenger Name Record (PNR) data". Libertysecurity.org. Archived from the original on 12 January 2012. Retrieved 20 March 2013.
  8. ^ Statewatch, US changes the privacy rules to exemption access to personal data September 2007
  9. ^ Brussels attacks new US security demands, European Observer. See also Statewatch newsletter February 2008
  10. ^ "Memorandum Of Understanding Between The Ministry Of The Interior Of The Czech Republic And The Department Of Homeland Security Of The United States Of America Regarding The United States Visa Waiver Program And Related Enhanced Security Measures" (PDF). 2008 – via Statewatch.
  11. ^ Statewatch, March 2008
  12. ^ a b "Letter Ares(2012)15841" (PDF). Article 29 Working Party. 6 January 2011. Retrieved 19 September 2012. Since the agreement would have implications for millions of European citizens, for the Working Party, there should be no doubt as to the transparency of the discussions on the draft agreement and of the approval procedures within the relevant institutions of the European Union. It regrets that this view does not seem to be shared by all relevant stakeholders. As a general assessment, the Working Party notes (modest) improvements in the draft agreement, but does not see its serious concerns removed.
  13. ^ "Agreement between the United States of America and the European Union on the use and transfer of Passenger Name Records to the United States Department of Homeland Security" (PDF). European Council. 8 December 2011. 2011/0382 (NLE.
  14. ^ "Infosecurity – European Parliament approves the controversial EU/US PNR agreement". Infosecurity-magazine.com. 20 April 2012. Retrieved 20 March 2013.
  15. ^ "The EU and the United States strengthen cooperation on counter-terrorism". eu2012.dk. 19 April 2012. Retrieved 20 March 2013.
  16. ^ "EU-US PNR agreement found incompatible with human rights".
  17. ^ Hornung, Gerrit; Boehm, Franziska (14 March 2012). "Comparative Study on the 2011 draft Agreement between the Unites [sic] States of America and the European Union on the use and transfer of Passenger Name Records (PNR) to the United States Department of Homeland Security" (PDF). Greens–European Free Alliance. Passau an Luxembourg.