Critics of last week’s agreement allowing European passengers’ personal data to be shared with U.S. authorities have just under a month to reshape the accord before it comes into force, said Stavros Lambrinidis, vice president of the European Parliament’s civil liberties committee Monday.
“There is a battle to make this agreement respectful of European citizens’ civil liberties, and it’s not over,” he said in a telephone interview.
The European Parliament has no direct say in the shaping of an agreement that will give U.S. customs, the U.S. Department of Homeland Security and other agencies including the U.S. Central Intelligence Agency free access to airlines’ passenger databases to help them prevent potential terrorist attacks.
However, some national parliaments will get the chance. “There are about six or seven countries that have to debate this agreement. There is still a chance to change it,” Lambrinidis said.
The U.S. government demanded access to information about everyone flying to the U.S. from the E.U. in the wake of the terrorist attacks in September 2001.
However, by complying with the demand, airlines would have been breaching strict European data protection laws, so the U.S. and E.U. drafted an exemption clause from the laws, which they claim was respectful of European citizens’ data.
The European Court of Justice annulled that agreement last year and gave the two sides until the end of this month to come up with an alternative.
Failure to do so would leave European airlines exposed to massive fines and the possible loss of landing slots in the U.S if they don’t continue to hand over the data, or legal action on data protection grounds in the E.U. if they do.
“It’s clear that there has to be an agreement but not one like this,” Lambrinidis said.
The agreement that was reached during a phone call between German Interior Minister Wolfgang Schaeuble, E.U. justice and home affairs commissioner Franco Frattini and U.S. Secretary for Homeland Security Michael Chertoff last Wednesday reduces the fields of data to be shared from 34 at present to 19.
These fields include information such as name, credit-card details and travel itinerary. They won’t include dietary requirements, which could be used to identify someone’s religion.
However, it extends the length of time the U.S. authorities can hold the data from three years to 15 years, and it allows U.S. agencies to dip into the databases at their will.
In an interview last week, Europe’s data protection supervisor, Peter Hustinx, said his main concern was that the E.U. would grant American agencies the right to pull up information about Europeans whenever they want. He called for a push mechanism, meaning that database managers for the airlines would have to pass over the data, instead.
Like the temporary accord it replaces, the new agreement promises an eventual switch to a push mechanism.
Under the new agreement, U.S. agencies can pull up the data they want until early next year, when airlines will start pushing it instead. However, the DHS maintains the right to pull the information if airlines don’t offer up the data promptly.
The main concern, however, is that the agreement omits any binding undertakings for U.S. authorities to safeguard European citizens’ data.
The details of this arrangement aren’t in the agreement itself but in an exchange of letters that haven’t been made public, Lambrinidis said. Reacting to the agreement last week, Hustinx said he fears the measure could violate European citizens’ rights to privacy.
In addition to allowing U.S. authorities to keep the data for 15 years, there would be “no limitation to what U.S. authorities are allowed to do with the data,” Hustinx wrote in a letter to Schaeuble on Wednesday after the German minister clinched the deal.