The European Commission last week adopted "a package of proposals" regarding the exchange of airline passenger data to countries outside the European Union. Noting that "the exchange of passenger name records is an increasingly important criminal intelligence tool to fight terrorism and serious transnational crime throughout the world," and that some countries require their airlines to provide PNR data of inbound foreign passengers before arrival, E.C. recommended a consistent framework for all such agreements, including "recommendations for negotiating directives for new PNR agreements with the United States, Australia and Canada."
When asked when the European Union would begin renegotiating new deals with those countries, a spokeswoman for the E.U.'s U.S. delegation noted that the European Council, in consultation with the European Parliament, first has to adopt the new negotiating mandates. "Negotiations can only start after the formal approval of the mandate by the Council, and this is expected before the end of this year," she said.
An official at the U.S. Department of Homeland Security did not indicate when or if the United States intends to rework the existing U.S.-E.U. transatlantic air passenger data sharing agreement, signed in 2007. "The United States will closely follow the work in the Council of the European Union as it considers the Commission's proposed mandate," according to the official. "While we have not seen the E.C.'s mandate, [DHS] Secretary [Janet] Napolitano spoke with [E.C. Home Affairs] Commissioner [Cecilia] Malmström on 21 September 2010."
The 2007 deal included provisions for sharing 19 pieces of information from passenger PNRs. It generated considerable opposition on both sides of the Atlantic from those who said it infringes on privacy.
"The 2007 PNR agreement between the United States and the European Union, intended to remain in effect until 2014, has been successful in both protecting the data and privacy of individuals and helping to prevent global terrorism and crime," according to DHS Deputy Assistant Secretary for Public Affairs Amy Kudwa.
Speaking in Washington in July during an Atlantic Council meeting, Napolitano said, according to a posted transcript, that "European airlines have provided PNR data to the United States in an operationally effective way, under United States law, since 2002, with no complaints that the United States has, in fact, misused the data. This success has been confirmed by two joint reviews by the Department of Homeland Security and the European Commission since 2004, and three internal Department of Homeland Security audits by its chief privacy officer.
"In recent months, the European Parliament has passed a resolution with a number of preconditions before it would consider ratifying our PNR agreement," Napolitano continued. "We have lots to discuss before anyone should talk about taking the drastic step of abrogating an agreement that, in fact, works very well. In 2009, one-third of all persons denied entry to the United States on terrorism grounds were denied not because of law enforcement or intelligence tips, but because of analysis of their PNR data. We should not and cannot allow relatively minor legal or cultural differences or misperceptions to derail a security effort altogether."
Speaking at the same event, E.U. vice president and commissioner for justice, fundamental rights and citizenship Viviane Reding said, "The past negotiations on the transfer of passenger data ... have shown that it is not always so easy to find mutually accepted standards and practices for the protection of the personal data.
"The PNR agreement," she added, "is a provisionary one. It has not yet been voted by the European Parliament." E.U.'s agreement with Australia also is "provisionally applicable," according to E.C. information.
Reding explained how Europeans should "have the same rights to redress in the United States as American citizens have in Europe. By which way this is done, that is not the problem to solve of Europe. That is a problem of our American counterparts to see, or do they want to open existing legislation with all the problems related to this? Do they want to solve the problem in a different way?"
As outlined last week, E.C.'s proposed negotiating points center on several areas, notably including data privacy. To protect personal information, E.C. wrote that new and renewed deals should ensure that countries have "effective independent oversight of the authorities which use PNR data;" use that data "exclusively to fight terrorism and serious transnational crime;" include only information necessary for that reason; store the data no longer than is necessary; explain the rationale and process to passengers; allow them to see PNR data and provide an "effective administrative and judicial redress." E.C. added that as a means to avoid profiling, "decisions having adverse effects on passengers must never be based on an automated processing of PNR data; a human being must be involved before a passenger is denied boarding."