Watchdogs warn on US-EU air passenger data accord

European privacy watchdogs voiced concern on Monday over an agreement between the U.S. and the European Union that would allow...

European privacy watchdogs voiced concern on Monday over an agreement between the U.S. and the European Union that would allow airlines to pass on data concerning passengers to U.S. authorities, and asked for more time to rethink the deal.

Under the accord struck by U.S. Customs with the European Commission, airlines would from March 5 disclose booking details about passengers flying to the United States to comply with new U.S. anti-terrorism measures.

But national data controllers, charged with ensuring that companies and institutions comply with EU privacy rules, want more guarantees for EU passengers and more time to assess the impact of the accord on national laws, a letter obtained by Reuters showed.

The request risks reopening a translatlantic row over the use of information on airline passengers to prevent terrorist acts.

"This approach (requires) additional consideration in light of domestic laws as well as a definition of a suitable deadline for airlines to develop and implement effective measures aimed at informing passengers," said the letter, which was sent to European Commission President Romano Prodi, European Parliament President Pat Cox and EU president Costas Simitis.

To comply with the U.S. requests, the EU will have to modify its data privacy laws to explicitly allow airlines to provide the information.

Under EU rules, personal information about EU citizens cannot be passed on to non-EU countries without explicit prior consent from the citizen in question.

Airlines would normally risk fines if they handed over passenger data such as names, addresses and other information including dietary requirements.

But the European Commission said that U.S. Customs had given guarantees that the information would only be used for security purposes and, if stored on official U.S. databases, would be subject to U.S. laws that protect personal data.

Though the controllers said they had been properly consulted by the European Commission prior to the agreement, they reiterated concerns aired originally in October.

At that time, they said the U.S. request raised serious doubts with regards to privacy and would "lead to the disproportionate and routine disclosure of information by airlines."

They also said that the information risked being shared among all U.S. federal agencies.


Read more on IT risk management