it
en
fr
es
eo
Nl
Passenger privacy and the war on terror
Tweet
Resisting U.S. demands
BRUSSELS I may be just about the only person who felt reassured after reading about how Jet Blue surrendered passenger records to a firm working for the government ("Betraying passengers' privacy," editorial, Sept. 24). I do not, of course, favor betraying the privacy of airline passengers. But it is reassuring to hear that the discussions that I, as the European commissioner responsible for data protection, am currently holding with the Department of Homeland Security about the appropriate use of passenger information from trans-Atlantic flights reflect a debate that is also going on within the United States.
At the heart of this debate lies a fundamental question: To what extent are we prepared to see our civil liberties eroded in the search for greater security?
The question becomes even more difficult when different nations come to different answers. The U.S. Congress took some hard decisions in the aftermath of Sept. 11 that included mandating the Customs service to require airlines to grant electronic access to their passenger data bases, or PNR data. It is important to note that before Sept. 11, Congress had turned down the idea more than once.
It is the sovereign right of the United States to determine the conditions under which people may enter its territory. But it is Europe's sovereign right to insist that personal data concerning its citizens enjoy adequate safeguards when transferred to other countries. The problem for airlines is that if they meet the requirements which Customs - now part of the Homeland Security Department - have laid down, they risk falling foul of European Union data protection law.
Obviously the airlines cannot be expected to sort this out. Currently, some airlines are providing the data, and risk sanctions under EU law; others are not, and risk sanctions under U.S. law. The two sides have to get together and find a solution. This is what the commission and the Department of Homeland Security have been attempting to do since March.
The European Commission is holding similar talks with Canada and Australia, which also want to use passenger data to enhance security, though in neither case do the demands go as far as those of the United States. Some EU member states also make use of the data - or are planning to do so - for border security purposes, so the idea is not in itself unreasonable.
But the homeland security department has taken a maximalist view of the authorization it received from Congress. Secretary Tom Ridge and his officials protest that they have been flexible: They have reduced the period for which they retain the data from 50 to seven years, and they have promised to delete the meals data. These are indeed welcome improvements. But keeping up to 39 data elements on every passenger and crew for seven years, regardless of whether there is any suspicion about them, or whether they have left the United States, is surely excessively intrusive by any standards.
I make no apology for seeking a further shortening of this period. On meal data: again it is a welcome step in the right direction but we still have to ensure that the meal data are deleted in practice, and we have to work out how other kinds of “sensitive” data (revealing race or religion, or concerning the health of the passenger) can be identified and deleted.
The word that sums up the current U.S. approach is "disproportionate." One may ask if any measure can be considered disproportionate where the enemy is terrorism. But the U.S. authorities are not prepared to limit the use of passenger data to the fight against terrorism - even with the addition of terrorism-related crimes. If they were, Europe could perhaps take a somewhat broader view on some of the other issues, like the storage period or the amount of data required. As it is, some voices in Washington are pleading for the passenger data to be used for law enforcement in general.
To come back to Jet Blue, I am confident that publicity for cases of this kind and the understandable outrage that they provoke will help to ensure that reasonable counsels in Washington prevail as regards the limits that must be set on the security-enhancing uses of passenger data.
The writer is the European Commission member responsible for the Internal Market.
BRUSSELS I may be just about the only person who felt reassured after reading about how Jet Blue surrendered passenger records to a firm working for the government ("Betraying passengers' privacy," editorial, Sept. 24). I do not, of course, favor betraying the privacy of airline passengers. But it is reassuring to hear that the discussions that I, as the European commissioner responsible for data protection, am currently holding with the Department of Homeland Security about the appropriate use of passenger information from trans-Atlantic flights reflect a debate that is also going on within the United States.
At the heart of this debate lies a fundamental question: To what extent are we prepared to see our civil liberties eroded in the search for greater security?
The question becomes even more difficult when different nations come to different answers. The U.S. Congress took some hard decisions in the aftermath of Sept. 11 that included mandating the Customs service to require airlines to grant electronic access to their passenger data bases, or PNR data. It is important to note that before Sept. 11, Congress had turned down the idea more than once.
It is the sovereign right of the United States to determine the conditions under which people may enter its territory. But it is Europe's sovereign right to insist that personal data concerning its citizens enjoy adequate safeguards when transferred to other countries. The problem for airlines is that if they meet the requirements which Customs - now part of the Homeland Security Department - have laid down, they risk falling foul of European Union data protection law.
Obviously the airlines cannot be expected to sort this out. Currently, some airlines are providing the data, and risk sanctions under EU law; others are not, and risk sanctions under U.S. law. The two sides have to get together and find a solution. This is what the commission and the Department of Homeland Security have been attempting to do since March.
The European Commission is holding similar talks with Canada and Australia, which also want to use passenger data to enhance security, though in neither case do the demands go as far as those of the United States. Some EU member states also make use of the data - or are planning to do so - for border security purposes, so the idea is not in itself unreasonable.
But the homeland security department has taken a maximalist view of the authorization it received from Congress. Secretary Tom Ridge and his officials protest that they have been flexible: They have reduced the period for which they retain the data from 50 to seven years, and they have promised to delete the meals data. These are indeed welcome improvements. But keeping up to 39 data elements on every passenger and crew for seven years, regardless of whether there is any suspicion about them, or whether they have left the United States, is surely excessively intrusive by any standards.
I make no apology for seeking a further shortening of this period. On meal data: again it is a welcome step in the right direction but we still have to ensure that the meal data are deleted in practice, and we have to work out how other kinds of “sensitive” data (revealing race or religion, or concerning the health of the passenger) can be identified and deleted.
The word that sums up the current U.S. approach is "disproportionate." One may ask if any measure can be considered disproportionate where the enemy is terrorism. But the U.S. authorities are not prepared to limit the use of passenger data to the fight against terrorism - even with the addition of terrorism-related crimes. If they were, Europe could perhaps take a somewhat broader view on some of the other issues, like the storage period or the amount of data required. As it is, some voices in Washington are pleading for the passenger data to be used for law enforcement in general.
To come back to Jet Blue, I am confident that publicity for cases of this kind and the understandable outrage that they provoke will help to ensure that reasonable counsels in Washington prevail as regards the limits that must be set on the security-enhancing uses of passenger data.
The writer is the European Commission member responsible for the Internal Market.
