Jun 28, 2007

US/EU Passenger Name Recognition Data Deal

EU and US negotiators have struck a deal on sharing information about transatlantic flight passengers.

No details are officially available*, but EU sources say data will be kept by US security agencies for 15 years.

Under agreements reached after the 9/11 attacks, European airlines must provide 34 pieces of information about passengers flying into the US.

The latest deal expires at the end of July. A replacement agreement must be approved by the EU's 27 member states.

Wednesday's deal was reached in talks between European Union Justice and Security Commissioner Franco Frattini, German Interior Minister Wolfgang Schaeuble and US Homeland Security Secretary Michael Chertoff.

  • Your history of missing flights
  • Your frequent flyer miles
  • Your seat location aboard
  • Your e-mail address
  • The US and the EU have differed on ways to balance security needs with concern for passengers' privacy.

A previous deal lapsed last October. The two sides failed to agree on terms for a full renewal and only reached an interim agreement.

Earlier, EU officials approved a separate agreement giving US counter-terrorist investigators access to details of international money transfers processed by the Brussels-based Swift network.

Washington says it needs the information to track and block terrorist funding, but EU regulators ruled that the original arrangement broke the union's privacy laws.

*"No details are officially available", but loyal SMC readers get the real scoop. According to the summary record of the relevent EU committee (pdf), these are the negotiated details:

Ministers Schauble and Secretary Chertoff have agreed on the following, which according to the Commission is fully consistent with the negotiating mandate adopted by the Council :

- Structure of the deal : an Article 24/38 TEU agreement would be concluded between the EU and the US, supplemented by an exchange of letters acknowledging the unilateral undertakings that the Department of Homeland Security (DHS) is ready to adopt to protect the PNR data through a Statement of Record Notice (SORN). The precise nexus between the two is not agreed yet (the US side wants to avoid that the exchange of letters amounts to an agreement).

- PNR data would be kept for 7 years as "active" data and 8 years as "dormant" data.

- DHS would get access to PNR data and not only the Customs and Border Protection Department (CBP).

- The number of accessible data is reduced from 34 to 19.

- There would be a clear commitment to a PUSH system.

Many elements remain open though :

- Where to install the filters to delete the sensitive data (in the EU or in the US) ?

- The oversight mechanism : the Commission suggests to use the figure of the "eminent person" as in the SWIFT file.

- Reciprocity : the US wants to redefine the safeguards if a Member State or the EU were setting up a PNR system with more lenient safeguards.

No comments: