Yesterday, the Electronic Frontier Foundation (EFF) published a comprehensive article on the new EU-US PNR Agreement and raised serious fundamental rights concerns:
Despite these issues, last week the European Council approved the agreement, which now waits for the consent of the European Parliament. Sadly, the draft agreement focuses on what citizens are entitled to request, but not on what citizens are entitled to receive. EFF is concerned that DHS will continue its practices of failing to give users access to their own PNR data, of unduly delaying responses to data requests, and of failing to keep proper access logs.
EFF is not alone in raising these issues. In April of this year, an independent European advisory body created by the European Commission to comment on the use of PNR data issued a nine-page opinion on EU PNR agreements. The advisory body voiced concerns about the collection of huge amounts of personal passenger data, the length of time the data is kept, and the need to keep strict access logs. As recently as last week, the European Data Protection Supervisor and the German government voiced similar concerns. The issues raised are emblems of the large gap between the United States and the European Union approach to sensitive personal data.
In early December, 21 nonprofit advocacy groups issued a joint letter urging the European Parliament to reject the proposed agreement. They argued that “travelers are not informed which personal data is stored and processed” and “information requests to airlines travel agencies usually answered insufficiently.” We echo these concerns and urge the European Parliament to reject the proposal, which does not live up to the standards of the FIPPs and OECD’s guidelines for protecting privacy.
Further analysis can be found here: Statewatch – A Review of the Annexes to the EU-USA PNR THE EU-USA PNR Agreement and related press release by Chris Pounder: “the comments in the margin explain why I think this Press Release turns “misleading by omission” into an art form.”