European action week on airline passenger surveillance
This article is also available in:
Deutsch: Europäische Aktionswoche gegen Fluggastüberwachung
Credit card details, hotel bookings, IP addresses, mobile phone numbers, and travel details: all this information is currently being transferred to law enforcement agencies in third countries. The storage and automatic processing of our data is supposed to enable law enforcement agencies to identify "unknown" suspects and to profile citizens as possible terrorists or people-traffickers.
On 17 October 2011, EDRi and nopnr.org organised a public workshop with a keynote speech by U.S. travel expert and human rights advocate Mr Edward Hasbrouck. The aim of the workshop was to discuss the international agreements on the transfer, storage and processing of passenger name records (PNR) with the USA, Canada and Australia and the plans for a European travel surveillance system. The event launched a European action week on PNR including activists' workshops in Berlin and Vienna, discussions in the European Parliament and a meeting with Germany's Justice Minister Sabine Leutheusser-Schnarrenberger.
The agreements from 2007 on the processing and transfer of airline passenger data, which have since then been provisionally applied, are currently being renegotiated by the EU. The agreement between the EU and Australia has already been signed by the Council last month and will be put to a plenary vote in the European Parliament on 27 October 2011. If the EP decides to give its consent to this agreement next week - despite the fact that it does not meet the minimum guarantees demanded by the EP in its previous resolutions - it would then be in force for seven years.
The US-EU agreement, which aims to store the personal data of millions of transatlantic air passengers for 15 years, is still being negotiated. At the present time, the U.S. Department of Homeland Security (DHS) is not willing to countenance any concessions regarding the retention period or safeguards. However, air carriers are already transmitting travel data to the DHS each time we are taking the plane to the U.S. The information submitted by passengers when buying a ticket is freely available to any agencies in the U.S., where there are no data protection laws.
In his speech at EDRi's offices (see slides below), Hasbrouck explained his work in the U.S. which includes a legal case against the DHS to obtain access to his own PNR data. He mainly criticised that the EU-U.S. agreement is not a treaty and can therefore not be enforced in U.S. Courts. Hasbrouck underlined that it does not recognize the fundamental right to freedom of movement (ICCPR, Article 12) and criticised the fact that it does not prohibit data mining or profiling. He also highlighted that the main reason for the agreement was to legitimise the already existing access by the U.S. to travel data. According to a DHS testimony to Congress, 5 Oct. 2011, an agreement is crucial "to protect U.S. industry partners from unreasonable lawsuits, as well as to reassure our allies, DHS has entered into these negotiations."
In this context it is also worth noting that in May 2011, the DHS had already nearly 400 employees operating at airports and sea ports within the EU. This practice came to light after Mark Koumans, Deputy Assistant Secretary for International Affairs of the DHS, made a statement on the extensive range of cooperative activities between police forces in the EU and the U.S. police.
In addition to the international agreements, the Commission made a proposal for a European Passenger Name Record (PNR) Directive, earlier this year, to place all travel in and out of the EU under surveillance. The Commission is not excluding the possibility of collecting and using of passenger name record data for rail transport in the future. This proposal is supported by the UK who is in favour of a PNR system for passengers travelling by sea.
However, a leaked note by the Commission's own legal service in June this year questioned the necessity of a period of more than two years in the EU-PNR proposal. More worrying is European Union's own PNR system which intends to establish a new surveillance authority in each Member State (Passenger Information Unit), whose main purpose would be profiling of citizens based on their travel habits.
Last year, the European Data Protection Supervisor (EDPS) also harshly criticized the proposal for a EU-PNR system: "The EDPS considers that the bulk transfer of data about innocent people for risk assessment purposes raises serious proportionality issues. (...) The EDPS questions in particular the proactive use of PNR data. While 're-active' use of data does not raise major concerns, as far as it is part of an investigation of a crime already committed, real time and proactive use lead to a more critical assessment."
EDRi has serious concerns that storage and processing of travel data without given suspicion infringes the European fundamental right to data protection (Art. 8 Charter of Fundamental Rights) and argues that fundamental rights and freedoms in the context of 'transatlantic cooperation' are not taken into consideration. In a recent position paper sent to all relevant MEPs for their vote on the EU-Australia agreement, EDRi highlighted that the minimum standards requested by the European Parliament in two resolutions have not been met by the Commission.
EDRi position paper on the EU-Australian agreement (27.09.2011)
Hasbrouck's slides from EDRi-noPNR workshop (17.10.2011)
NoPNR.org campaign website
Hasbrouck's action week in Europe (12.10.2011)
FAQ about PNR data
Opinion of the European Data Protection Supervisor (EDPS) on the EU-PNR
Commission on the possibility to use PNR for rail transport (4.03.2011)
(Contribution by Kirsten Fiedler - EDRi)