U.S. PNR Collection Angers Buyers
Travel managers on both sides of the Atlantic have condemned the U.S. government for starting to access the passenger name records of inbound travelers from the European Union.
A secret interim deal struck by U.S. Customs with the European Commission last month means the Commission will not prosecute airlines for passing PNRs onto U.S. authorities. The understanding absolves the airlines even though there is every likelihood that surrendering the data severely breaches European laws on data privacy. PNRs contain details of where passengers have flown, plus a great deal of personal information, including credit card numbers, telephone numbers and medical details.
Buyers fear the U.S. government will misuse the data and may not be able to prevent it from leaking to third parties. They also said they cannot see the security benefit of accessing the PNRs and worry that the precedent set unilaterally by the United States could be followed by more unsavory regimes. So far, Canada, the United Kingdom and Australia all are said to be interested in adopting a similar strategy.
The European Commission acceded to U.S. demands after E.U. airlines found themselves in an impossible situation. U.S. Customs had threatened to fine the carriers and even withdraw their landing rights if they did not surrender the PNR data. At the same time, the airlines risked being prosecuted for violating European privacy laws if they did. The United States added further pressure last month by subjecting passengers on several flights from E.U. airports to lengthy searches and interrogations on arrival.
In return for the Commission agreeing temporarily not to prosecute, U.S. Customs has pledged a number of safeguards over how the PNRs will be treated. These include only accessing records for flights into, through and out of the United States—although how these can be filtered from all other flight data is not yet clear. The guarantees have not been enough to satisfy the European Parliament, which on March 13 voted 414 to 44 to condemn the Commission for caving into American demands. The parliament is considering whether to refer the issue to the European Court of Justice.
Buyers and other travel professionals also have expressed deep unhappiness. "The U.S. says it is doing this for security reasons, but in what way does this help?" said Tom Stone, vice chairman of the Institute of Travel Management of the U.K. & Ireland and European director of travel management for Universal Music International. "Any self-respecting terrorist would be able to overcome anything that goes in a PNR. No one has given us a detailed reason why this is needed. It is a sledgehammer to crack a nut.
"This takes concern about where our records are going to another level when people outside the industry control access to them," Stone continued. "It also sets a precedent for other countries to access PNRs, and I fear that a less-benign regime might not be quite so careful with the information. U.S. citizens might think this is a good measure because it protects the homeland, but how would they feel if it applied to them when visiting other countries?"
Tony Hughes, president of Radius, suggested that a better answer would be for the U.S. government to bring back visas for all overseas visitors, an idea supported by Philip Carlisle, chief executive of the U.K.'s Guild of Business Travel Agents. Carlisle also articulated a fear made in private by numerous buyers. "Corporates do not want it to be known where their employees are traveling," he said. "If the U.S. is true to its word and the information is not spread around, there is no need to worry, but there is always a risk when it is opened up to another pair of eyes."
The German travel managers' association VDR also is uneasy about the U.S. move. "Security, yes, absolutely," said a spokesman, "but please no schemes that have built-in loopholes, might violate existing European laws and are an added obstacle to smooth travel."
Association of Corporate Travel Executives president Mark Williams said members would have the same concerns about governments accessing PNRs as they have expressed about the domestic CAPPS II project. Delta Air Lines began testing the second generation of the Computer Assisted Passenger Prescreening System at three undisclosed airports earlier this month. The newer system will apply technology used for instant credit checks to search passengers' backgrounds. It will collect data and rate each passenger's risk potential according to a three-color system: green, yellow or red. When travelers check in, their names will be put into the system and their boarding passes encrypted with the ranking.
"Our members are concerned about what the government is going to do with it and what data will be supplied, and they do not trust the government not to disseminate it elsewhere," Williams said. "Everyone wants air travel to be safe and for confidence to remain high. On the other hand, what type of data does it take to give that level of security? We want to know what the authorities are looking for, how they are going to use the information, what they are going to do with it when they finish with it and how they will rectify mistakes when they inevitably happen."
The National Business Travel Association also released a statement, saying, "Ultimately, this program will allow the Transportation Security Administration to focus on more realistic threats to aviation security, but efforts must be made to alleviate the confidentiality and security concerns of the traveling public."
Travel managers also are considering the practical implications of the United States gaining access to PNRs, including whether to inform travelers that their data may be seen by third parties. However, it has emerged that the U.S. government might have been looking at PNRs long before last month's agreement with the Commission. During the March 13 debate in the European Parliament, Frits Bolkestein, commissioner for the internal market of the E.U., said, "It is clear that in the absence of discussions, the E.U. airlines would have provided the data anyway. The airlines know that the U.S. airlines and U.S.-based reservations systems are already doing this. That is a very important point, which may have been overlooked in the heat of the debate. It is not simply a question of letting the data be transferred or preventing this. Much of it is flowing anyway."