Transnational data grabs
30 December 2003
European airlines are required to pass 34 items of information to the US Government’s Department of Homeland Security (DHS) on each of its transatlantic passengers under the terms of a protocol agreed by the EU in December 2003. The DHS and other US law enforcement agencies can retain this information for 3 ½ years – the US request was for 50 years! Airlines routinely collect data on individual passengers including name, phone number, email and home addresses, credit card, meal preferences and other frequent flyer information as part of the PNR – Passenger Name Record.
This disclosure from PNRs contravenes the EU’s own privacy legislation. EU MP Marco Cappato has objected to the protocol stating, “the reality is that the current practice of data transfer is in breach of EU regulation 2299/89 on computerized reservation system (which prohibits the access to personal data by third parties without the consent of the person) and of Directive 95/46 (that foresees that any exception to privacy rules should be based on a specific legislative measure of a Member State). This means that the personal data, before being illegally accessed and transferred, are illegally collected”.
The US authorities operate two profiling systems – CAPPS (Computer-Assisted Passenger Pre-Screening System) and CAPPS II (Computer Assisted Passenger Pre-boarding System). The former determines which passengers' baggage receives special scrutiny, based on input parameters such as gender, age, purchase with cash or credit card, time of check-in, type of luggage, and demeanor. The latter profiles passengers even before they board their flight. Passengers checking in at a European airport can therefore find themselves interrogated at any point.
It has been revealed in the EU Parliament that some airlines have been forwarding data since January 2002 under threat of heavy fines and the denial of landing rights.
The EU’s acquiescence raises questions on whether developments such as the UK’s flagship ‘National Population Register’ project will be open to similar illegal data grabs. The Office for National Statistics (ONS) completed a feasibility study in June 2003 on a new central database “giving officials unprecedented knowledge of the daily lives of all UK residents who have ever paid tax or national insurance or received social security” (The Guardian, 22nd December 2003). One of the technical issues under discussion is what should be the unique identifier of each record – NI number, NHS number or some new code. The ONS has recommended further investigative work to last up to 16 months.
-‘EU to concede to demands for information on air travel’
Financial Times, 15 December 2003
-Criticisms of data disclosure from Italian MEP Marco Cappato
-Criticisms of data disclosure from Dutch MEP Johanna Boogerd