31 May 2004
28 May 2004
Issued by U.S. Department of Homeland Security
The United States and the European Union signed an agreement May 28 allowing U.S. Customs and Border Protection (CBP) to collect air passenger data on those flying European airlines to or from the United States
Following is a U.S. Department of Homeland Security (DHS) Fact Sheet on the agreement, which sets forth how the passenger data is to be processed, used, and retained, as well as the purposes for which it may be used:
(begin fact sheet)
U.S. Department of Homeland Security
Washington, D.C.
May 28, 2004
FACT SHEET
U.S.-EU PASSENGER NAME RECORD AGREEMENT SIGNED
Milestone Agreement will be in place for at least 31/2 years
On May 17, the European Commission announced that it had found the U.S. Department of Homeland Security's program to collect air passenger data regarding flights between the U.S. and the European Union (EU) adequate under EU laws. This announcement was the culmination of more than a year of negotiations between the United States and the European Commission. The agreement pertains to airline passenger data collected by Homeland Security's U.S. Customs and Border Protection (CBP), for use in screening passengers destined to and departing from the United States.
The PNR Arrangement
The CBP Undertakings document represents a unilateral declaration on how CBP will handle and utilize the PNR data originating from the EU. The Undertakings are the basis for the Commission's adequacy finding and reflect the details of the arrangement reached between Secretary Ridge and Commissioner Bolkestein in December 2003. The Undertakings, the adequacy finding, and the accompanying international agreement work together to provide that:
-- The agreement will be in effect for three and a half years after it is implemented, with renegotiations to commence after two and a half years.
-- Data will be retained by CBP for three and a half years, unless associated with an enforcement action.
-- Only 34 PNR data elements will be accessed by CBP, to the extent collected in the air carriers' reservation and departure control systems.
-- CBP will filter and delete "sensitive data," as mutually identified by CBP and the European Commission.
-- PNR data will be used by CBP strictly for purposes of preventing and combating:
1) terrorism and related crimes;
2) other serious crimes, including organized crime, that are transnational in nature; and
3) flight from warrants or custody for the crimes described above.
-- TSA may use PNR originating in the EU for testing of CAPPS II, but not until CAPPS II is authorized to begin testing with domestic data.
-- There will be a yearly joint DHS and EU review regarding the implementation of the Undertakings.
-- A special channel of direct access has been established between European Data Protection Authorities and the DHS Office of the Chief Privacy Officer as a redress mechanism for concerns of European citizens.
Background
Consistent with the authority granted to U.S. Customs and Border Protection (CBP) under the Aviation and Transportation Security Act of 2001 and its interim implementing regulations, each air carrier operating passenger flights in foreign air transportation to or from the United States must provide CBP with electronic access to passenger name record (PNR) data to the extent it is collected and contained in the air carrier's automated reservation and departure control systems ("reservation systems"). This requirement has come into conflict with the 1995 European Commission "Data Protection Directive," which substantially affects the collection and use of personal data in the private sector including requirements concerning the purposes for which data may be used, how data may be collected, handled and stored and what types of mechanisms must be available to redress incorrect information or the misuse of information.
The Department of Homeland Security (DHS) has been negotiating with the European Commission for more than one year to obtain an adequacy finding under the European privacy directive, which would allow CBP to access PNR data from the airlines in a manner consistent with European Union (EU) privacy laws in order to conduct targeted border screening to combat terrorism and other serious transnational crimes. The negotiations have taken place through regular video conferences and a series of trips by both delegations for face-to-face discussions. Without an adequacy finding, a number of airlines would have been put in a position where they could be subject to fines from EU member states for providing PNR data to the U.S. Airlines flying between the U.S and the European Union have been transferring PNR data to CBP since March 5, 2003, pursuant to an interim arrangement with the European Commission, which suggests to member states that they need not take enforcement action against the airlines pending the issuance of a proper adequacy finding.
In December 2003, DHS reached an agreement in principle with the European Commission that would allow airlines to legally provide CBP access to PNR data originating within the EU, subject to carefully negotiated limitations. Based on this arrangement for CBP access, on December 16, 2003, EU Commissioner for Internal Market Frits Bolkestein led the effort for the Commission to adopt an "adequacy finding," stating that safeguards in CBP's system are adequate to protect passenger privacy. This finding was affirmed by the EU's Article 31 Committee, made up of member state representatives on February 27, 2004 and then again on May 11, 2004 by the now enlarged Article 31 Committee comprised of 25 member states. Despite this support for the Commission's adequacy finding, the European Parliament has not taken a favorable view, holding non-binding votes on more than one occasion that challenged the U.S.-EU PNR arrangement. Nevertheless, on May 17, the European Commission announced that it had adopted the "adequacy finding", and the accompanying international agreement was approved by the Council.
(end fact sheet)
28 May 2004
Pact contains specific guidance on use and retention of data
The United States and the European Union have signed an agreement allowing U.S. Customs and Border Protection (CBP) to collect air passenger data on those flying European airlines to or from the United States, the U.S. Department of Homeland Security (DHS) announced May 28.
The agreement sets forth how the data is to be processed, used, and retained, according to a statement by DHS. It also stipulates that the data collected may be used only to prevent and combat terrorism, serious transnational crimes, and flight from warrants or custody for such crimes.
The new agreement will be in effect for three and a half years, and the data
collected may only be retained for that length of time "unless associated
with an enforcement action."
Following is a Department of Homeland Security press release:
(begin text)
U.S. Department of Homeland Security
Washington, D.C.
May 28, 2004
Press Release
DHS AND EU SIGN AGREEMENT TO ALLOW COLLECTION OF PASSENGER DATA
(Washington, DC) May 28, 2004 - Today, Secretary of Homeland Security Tom Ridge, Irish Ambassador Noel Fahey (representing the Presidency of the European Union), and European Union Ambassador Günter Burghardt, (representing the European Commission) signed an agreement that will allow U.S. Customs and Border Protection (CBP) to collect airline Passenger Name Record (PNR) information relating to flights between the United States and the European Union. Although air carriers have been providing PNR data since March 2003 under an interim arrangement, this agreement will establish the legal basis for such information to be collected and transferred consistent with U.S. and European Union (EU) laws.
The agreement will be in effect for three-and-a-half years once it is implemented, with renegotiations to start within one year of the agreement's expiration date. The comprehensive arrangement concluded with the EU, which includes this agreement as well as a more specific set of Undertakings setting forth in detail how CBP will process and handle PNR data, contains specific guidance on the use and retention of the PNR data, to include:
-- Data will be retained by CBP for three and a half years, unless associated with an enforcement action.
-- Only 34 PNR data elements will be accessed by CBP, to the extent collected in the air carriers' reservation and departure control systems.
-- CBP will filter and delete "sensitive data," as mutually identified by CBP and the European Commission.
-- PNR data will be used by CBP strictly for purposes of preventing and combating:
1) terrorism and related crimes;
2) other serious crimes, including organized crime, that are transnational
in nature; and
3) flight from warrants or custody for the crimes described above.
"The U.S. and the EU are equally committed to not only improving the safety
of air passengers and the security of our borders, but also to protecting
the privacy of air passengers consistent with both U.S. and European laws,"
said Secretary Ridge. "Today's signing is the result of more than a year
of negotiations between the United States and the European Commission, and
is a sign of our united commitment to combat terrorism."
Without an agreement, air carriers were placed in a situation where they
could either face fines for violating EU privacy laws or penalties for failing
to provide passenger data to CBP. Through the interim arrangement, both the
U.S. and the EU had agreed not to take enforcement action while negotiations
were underway. Today's formal agreement removes air carriers from that situation
and strikes a balance between facilitating legitimate travel while contributing
to the security of the U.S. and EU member states.
(end text)
(Distributed by the Bureau of International Information Programs, U.S. Department of State. Web site: http://usinfo.state.gov)
Date: 29 May 2004 10:01:19 -0000
From: "q/depesche" <depesche@quintessenz.org>
Subject: PNR: Hallo, EU-Gerichtshof
To: jya@pipeline.com
q/depesche 2004-05-29T11:59:55
PNR: Hallo, EU-Gerichtshof
Die Kommission hat den Deal unterschrieben, der Parlamentspräsident hat es wie immer in dieser Angelegenheit nicht eilig, den Willen des Parlaments umzusetzen, der nimmermüde Abgeordnete Marco Cappato trommelt zum Widerstand.
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
post/scrypt: Wenn sie beim Lesen dieser q/depesche merkwürdige Geräusche vernehmen sollten - die Schnarchtöne kommen aus dem EU-Gerichtshof.
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
Dear President,
During its last session, the European Parliament decided to consult the Court of Justice on the compatibility of the EC/USA agreement on the transfer of passengers' data with EU law. The Council and the Commission have decided to make this decision void because they feared that the Court would have confirmed what the EP has already affirmed for some time: the incompatibility with EU law of the acts they have adopted in a hurry to cover the blatant illegality and breach of EU privacy law since March 2003.
The Commission and the Council have exploited the fact that the EP has suspended its activities because of the electoral period, hereby breaching the principle of loyal cooperation among institutions. I believe the EP President has the duty to immediately take measures to defend the prerogatives and the rights of the institution he chairs, of its members and of EU citizens.
After the publication of the international agreement in the Official Journal, the President of the Parliament should have had started - and still should start - the procedures to dispute, on behalf of the EP, the agreement and the Commission decision declaring that the US administration assures an adequate protection of passengers' data. The critical position of the EP on these acts and their contents is crystal clear, since it has been reiterated five times - two of them asked by the President - through its votes.
The President of the EP, in case he considered that a further recommendation by the legal affairs committee was needed to proceed, should have had convened the committee, as provided by art. 166 of the Rules of Procedure, before the elections.
President Cox, you have not made any of these acts until today.
This seriously puts the credibility of our institution into question, as well as that of the respect of democracy, the Rule of Law, fundamental freedoms and notably European citizens' right to privacy.
We ask you to urgently intervene to activate procedures to go to Court on behalf of the EP against the international agreement and the adequacy finding decision and otherwise urgently convene the legal affairs committee, in order to defend the prerogatives and the rights of the EP, of its members and of European citizens, as provided by the powers and duties of the President of our institution.
Sincerely,
Marco Cappato Radical Member of the European parliament
Office of Marco Cappato: Tel +32 2284 7496 - Fax +32 2284 9496 -
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
relayed by Harkank
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
quintessenz is powered by http://www.ewave.at
subscribe/unsubscribe/digest
http://www.quintessenz.at/cgi-bin/index?funktion=subscribe
comments to depesche@quintessenz.org