This article is also available in:
Deutsch: Erste Abstimmung im EU-Parlament über PNR-Abkommen mit den USA
The latest chapter in the collection and processing of passenger data to cover all flights arriving in and departing from the US was opened when, in 2011, the European Commission tabled a renegotiated proposal for an air passenger data agreement with the US. After the attacks of 9/11, the US Government required to access travellers' personal data contained in the databases of all foreign carriers. In 2006 however, the first agreement was annulled by the European Court of Justice and since then, negotiations around each new proposal (in 2007 and 2011) have been characterised by tense negotiations between and within EU institutions. Sufficient and adequate protection of personal data of European citizens and the alleged need for such a wide-scale transfer of personal data have become the core of the debate once again.
At the beginning of February 2012, Dutch liberal MEP Sophie In't Veld urged the European Union to reject the Agreement. Her demand is not altogether surprising, given that nearly all of the demands of the European Parliament in its resolutions adopted in 2010 have been ignored in the proposed Agreement, for instance:
a. The retention period has not been reduced. PNR data will be stored for 15 years (out of which 10 in a "dormant" database) and then will be "fully anonymised" rather than deleted.
b. The European Parliament has asked that PNR data "shall in no circumstances be used for data mining or profiling". However, these uses have not been excluded in the agreement.
c. The agreement does not provide for sufficient protections and rights for citizens. According to US organisation Friends of Privacy: "Europeans cannot, as the agreement suggests, obtain independent and adequate relief from unlawful actions by the US Executive Branch (USG) by appealing those decisions under the Administrative Procedures Act (the APA)."
The Article 29 Working group pointed out in its letter to the LIBE committee dated 6 January 2012 that, in order to make "PNR data of all (...) passengers - nearly all of them being innocent and unsuspected citizens - available to foreign law enforcement agencies", irrefutable proof is required to show that the agreement is necessary and proportionate. So far however, the Commission has failed to credibly argue, let alone prove, that the use of PNR data is necessary and proportionate in order to combat terrorism effectively.
The Commission has also failed to provide the Parliament with systematic evidence and the Privacy Impact Assessment that it requested. Despite Commissioner Malmström's repeated statements that the Agreement has been significantly improved, there is no evidence to support this claim.
Another worrying point is the attempt to legitimise current illegal processing of European data by companies on which US jurisdiction is being imposed. According to a Department of Homeland Security (DHS) testimony to Congress, 5 October 2011, an Agreement is crucial "to protect US Industry partners from unreasonable lawsuits, as well as to reassure our allies, DHS has entered into these negotiations."
On 27 March 2012, the Civil Liberties Committee (LIBE) of the European Parliament is going to vote in favour or against a new text for an Agreement for the transfer of passenger data (PNR) to the USA. If the European Parliament manages to remain consistent with its earlier positions and decides to reject the new text, the Commission would have to renegotiate and the 2007 PNR agreement would continue to be provisionally in force.
EDRi Comments on the PNR Agreement with the USA (01.2012)
Sophie In't Veld's Draft Recommendation (1.02.2012)
Statewatch's Comparison between the PNR Agreements 2004 - 2007 - 2011
Letter by the Article 29 Data Protection Working Party to the LIBE
Friends of Privacy Opinion (26.12.2011)
Contact your MEP on the PNR vote (only in German)
No PNR mail campaign
(Contribution by Kirsten Fiedler - EDRi)