U.S.-EU in comprehensive travaler data sharing accord

It has been a long tussle, but finally the United States and the European Union have agreed to expand a security program which shares personal data about millions of U.S.-bound airline passengers a year, potentially including information about a person’s race, ethnicity, religion, and even health. The agreement calls for airlines flying from Europe to the United States to provide data related to these issues, if it exists in their reservation systems, to U.S. authorities. The deal would allow the United States to retain and use the information only “where the life of a data subject or of others could be imperiled or seriously impaired,” such as in a counterterrorism investigation. The Washington Post’s Paul Lewis and Spence Hsu write that the information which may be used in such exceptional circumstances includes “racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership” and data about an individual’s health, traveling partners and sexual orientation.

The deal was signed yesterday by the United States and approved Monday in Europe, and it has already provoked alarm from U.S. and European privacy and civil-liberties groups. DHS secretary Michael Chertoff praised the pact as an “essential screening tool for detecting potentially dangerous transatlantic travelers.” If available at the time of the 9/11 attacks, Chertoff said, such information would have, “within a matter of moments, helped to identify many of the 19 hijackers by linking their methods of payment, phone numbers and seat assignments.”

U.S. customs officials began collecting Passenger Name Record data in 1992 for inbound international flights and enforced the requirement after the 2001 attacks. The U.S. government now stores data on nearly all eighty-seven million passengers who arrive in the country by air each year, most of them from Europe, in a master border security database. The government combines such information with terrorist watch lists, other databases and sophisticated computer algorithms to detect high-risk travelers, in ways that watchdog groups say it has not adequately explained.

The new accord takes effect in August and it runs through July 2014. It builds on a similar, if more limited, accord reached between the United States and Europe in 2004. It extends how long the United States can store data — to 15 years from 3 1/2 years. DHS said it will move passenger information to “dormant” status after seven years and “expects” to erase it after fifteen years, but the department notified the E.U. that expiration of data will be subject to “further discussions.” Also, beginning in January 2008, airlines will be required to “push” data from their reservation systems to DHS seventy-two hours before a flight departs, enhancing an existing “pull” system in which the department retrieves information from carriers.

DHS said the agreement with Europe wil likely to serve as a template for similar U.S. agreements covering travelers from Asia, South America, and other regions.