The European Commission has agreed that US security
demands for information about all air passengers flying to the US
from Europe do not breach tough European Union data privacy
laws.
The US Department of Homeland Security (DHS) initially sought 39
pieces of information about passengers before they boarded their
flights, including their name, address and details about how and
where they purchased their tickets.
The DHS wanted to hold the information for 50 years and use it
in domestic criminal investigations as well as for antiterrorism
purposes. It also wanted the information before the passengers
boarded their flights.
EU data protection laws forbid airlines from sharing personal
details of their passengers with organisations based in countries
with less stringent privacy laws, such as the US.
The commission has spent most of this year trying to find a way
of accommodating US security needs within the EU's privacy laws.
Agreement was only possible after last-minute concessions by the
US, said commission spokesman Jonathan Todd.
US officials agreed to reduce the amount of time they would hold
on to the passenger data to three and a half years, down from 50
years. They also agreed to restrict use of the data to
investigation of terrorist and other international crimes,
excluding domestic US criminal investigations.
The US also agreed to reduce the number of items of required
data to 34 from 39.
The issue of the number of data elements is largely academic,
said Todd, as many airlines do not collect all the items anyway.
Italy's Al Italia refuses to pass on the data at all, he added.
In addition, the US agreed to provide similar data on US
citizens when they fly to Europe. "The aim is to make this
reciprocal," Todd said.
Commissioner Frits Bolkestein led the negotiations for the EU.
"I do not see any solution which serves our objectives better," he
said.
Failure to agree with the US would have had negative
repercussions, according to Bolkestein. "I see in any case no
justification at all for pursuing policies which risk producing
negative outcomes for passengers and negative impacts for
airlines."
The agreement with the US was the only practical way of avoiding
lengthy delays for European travellers to the US and fines against
European airlines that did not provide the data to the US
authorities, Todd said.
The agreement must be discussed by national data protection
regulators, the European Parliament and national governments before
it can be adopted. The commission hopes to finalise the agreement
by March or April.
Paul Meller writes for IDG News
Service