European Parliament approves passenger name record sharing agreement

New agreement will last 7 years
Tools

The European Parliament approved April 19 a long-awaited 7 year agreement to share airplane passenger name record data with the United States.

Under the deal, ratified by a 409 to 226 vote with 33 abstentions, European airlines embarking on trans-Atlantic flights to the United States will transmit to the Homeland Security Department passenger data such as individual itineraries, billing and contact information (including emails and mobile numbers) and passport information.

The United Kingdom already announced in February that its government had opted-in to the agreement.

The new agreement replaces a series of interim or provisional passenger name record data sharing agreements with European Union countries in place since October 2006; negotiations on this version started in 2010. Homeland Security Secretary Janet Napolitano hailed the agreement's passage, stating that the data "is an indispensable tool in our terrorism prevention efforts."

Under its provisions, DHS can use the data only when it needs it for combating terrorism or transnational crime. The agreement defines a crime as one punishable by a sentence 3 or more years of imprisonment.

It stipulates that DHS may hold on to the data for 6 months, after which the data should be depersonalized and stored in an active database for a total of 5 years. If need be, personally identifiable information can be restored during that time.

After the active period, DHS must transfer the data to a "dormant database" subject to a greater level of access restriction for up to an additional 10 years. DHS may repersonalize the dormant data in the context of combating serious transnational crime for 5 of those 10 years, and in a terrorism context for all 10 years. Data the subject of a specific case or investigation can be left in the active database until its closure.

The EU says data that could reveal information such as religious beliefs (exposable via a request for a special meal, for example), health status (which could be revealed through requirement for wheelchair assistance or other needs) or other senstive areas should be stored in a database separate from other passenger name record data and deleted permanently after 30 days. According to the EU, the most recent joint review of passenger data sharing showed that between 2007 and 2010, authorities never utilized such data.

Although the final agreement is narrower in places than the provisional agreement already in effect, it has been a source of controversy among some European privacy advocates.  

Dutch European Parliament member Sophie in't Veld, the "rapporteur" (legislative examiner) in charge of the agreement, urged members to reject it, afterward stating that it "is contrary to European treaties and privacy laws and does not meet the minimum criteria set by Parliament itself."

German Green Party MeP Jan Philipp suggested opponents may attempt to block implementation in the European Court of Justice.  

For more:
- download the agreement (.pdf) 
- go to an EU FAQ about the agreement      
- go to an EU press statement about the agreement 
- go to Napolitano's statement about the agreement

Related Articles: 
U.S. and E.U. officials reach passenger name record sharing agreement 
Privacy watchdog criticizes European data protection proposal