EU to collect, distribute data on American passengers flying to Europe

The personal data of American travelers on their way to Europe would for the first time be distributed to all European Union states by airline carriers flying to Europe, under a proposal to be announced this week. The data, including names, telephone numbers, credit card information, and travel itinerary, would be sent to EU member states so they could assess passenger risk for counterterrorism purposes. The European Commission proposal would allow the data to be kept for thirteen years — or longer if used in criminal investigations and intelligence operations. It would cover all passengers flying into and out of Europe, not just Americans. The Washington Post’s Ellen Nakashima writes that airlines already share data with U.S. authorities on passengers entering the United States. Canada and Australia have similar laws. The European proposal was modeled after an agreement signed in July between the United States and Europe dealing with passenger data from European flights entering and leaving the United States. Franco Frattini, European commissioner for freedom, security, and justice, proposed that airlines or computerized reservation systems would send at least nineteen pieces of data on each passenger to data-analysis units set up by each state. The data fields would also include e-mail addresses, names of accompanying passengers, and open ones for special requests such as meals or medical service. Under the proposal, no personal data that could reveal race, ethnicity, political opinions, religion, trade union membership, or health or sex-life information could be transmitted. If such data was shared, it would have to be deleted immediately by the data-analyzing units, the proposal says. The proposal must be approved by all twenty-seven E.U. states to become a Europe-wide law, but individual states could introduce their own programs. It would affect about thirty million people who fly from North America to Europe each year. DHS spokeswoman Laura Keehner said the U.S. is “definitely open to the idea…. It would be fair of the Europeans to ask the same information of us that we’re asking of them. We are open to finding ways to make our respective homelands secure.”

The European countries’ units would analyze the data to identify people and their associates who may be involved in terrorism or organized crime. It would also create and update “risk indicators” for assessing them and provide intelligence on travel patterns and other trends relating to terrorist offenses and organized crime, according to the proposal. The data could be used in criminal investigations and prosecutions. James Harrison, a Sacramento attorney and director of the Identity Project, a privacy organization, said that the prospect of analyzing the data to create risk assessments is “alarming.” “Congress forbids the U.S. from conducting algorithms on passenger data domestically,” he said, referring to a ban on testing algorithms assigning risk to passengers not on government watch lists. “That is exactly what they are talking about here.” EU officials said that all non-Europeans would be protected under the scheme by European states’ data-protection laws, while U.S. privacy laws apply only to U.S. citizens. In the case of passenger data, the United States has extended administrative Privacy Act protections to non-U.S. citizens.