Monday, 27 February 2012

In 't Veld to propose EP rejection of EU-US PNR Agreement

Sophie in 't Veld (ALDE), rapporteur on the EU-US Passenger Name Record Agreement (Text) will present her report to the committee on civil liberties, justice and home affairs today. The PNR agreement will permit the transfer of Passenger Name Record data for passengers on flights from the EU to the US to fight terrorism and serious crime. PNR data is all the data from the machine-readable part of the passport (name, etc.) plus the times of departure and arrival, place of departure and arrival, check in time/status, payment details, luggage details, and other general information.

If the Parliament does vote for rejection, it will be a big blow to the US and those in the EU who have been trying to set the rules for this data transfer. In fact, the PNR saga has been going on for about a decade now, since the US adopted its PNR regime in the wake of the September 11 attacks, setting penalties for airlines that refused to transfer the PNR data they collect (airlines collect PNR data for commercial purposes). This left EU airlines in the position where they would be punished by the US if they didn't hand over the data, and by EU data protection laws if they did. An agreement in 2004 fell foul of an ECJ judgment over the legal base used, and an agreement in 2007 was never assented to by the EP (as required under the Lisbon Treaty after December 2009), so it only applied provisionally. The European Parliament called for new agreements with the US (and Canada and Australia) to bring them more into line with data protection rights (the Committee voted to assent to the new Australian agreement in October).

There have been several concerns raised over the agreement, mainly on data protection grounds. In her report, in 't Veld highlights that the necessity and proportionality of PNR systems haven't been satisfactorily established - in fact, with the EU's own proposed PNR Directive, this is also the case (PDF) - when information gathering could be done on a smaller scale (e.g. via an API system that just covers passport and flight departure/arrival data); that the agreement does not limit the use of data to fighting terrorism and serious crime; that data does not have to be destroyed, but can be held indefinitely: despite its use being restricted over time, it could still be accessed and used. It is also pointed out that the agreement does not provide a sufficient protection against the use of sensitive data by the US Department of Homeland Security (data indicating race, religion, sexual orientation, etc); that there aren't sufficient guarantees that data will be equally well protected if it's transferred to another country from the US; and that the agreement might not provide EU citizens with adequate means of judicial address.

She says (PDF):

"The call for a coherent approach and a single set of principles to govern international agreements on the transfer of PNR data was an approach embraced by the Commission and the Council. However, the Agreement with the US differs fundamentally from this approach as well as from the Agreement with Australia, concluded on 13 December 2011. This Agreement was considered to be sufficiently consistent with the criteria set out by Parliament, while the Agreement with the US departs from the approach that had been agreed by the European Parliament, the Commission and the Council in 2010. Additionally, compared to the first EU US PNR Agreement of 2004, this 2011 Agreement even represents a deterioration on many points. Having in mind that the European Parliament sought annulment of the 2004 Agreement before the Court of Justice, your Rapporteur will recommend the European Parliament to decline to consent to the conclusion of the Agreement."


I hope the Committee votes for this report - the case for PNR regimes is quite shaky, with high levels of data collection from people who aren't suspected of any crime, for no proven gains in effectiveness over less invasive and data protection-compliant alternatives. Rejecting the PNR Agreement would be the second time this parliament that the EP has blocked an US-EU Agreement - the first being over SWIFT I (which prompted heavy lobbying by the US). Blocking this agreement would not only put an end to invasive data gathering, but also raise the profile of the EP and of the importance of data protection rights in the US's security dealings with the EU.

The report will be presented to the Committee at 15:00 CET. The Committee will vote on the report on March 20th, and the plenary will vote on the agreement in April.

1 comment:

  1. Thanks for the PDF, I feel the concerns on the Agreements are clear now!@bose

    ReplyDelete