E.U. Caves on Passenger Privacy


The European Union has notoriously tough privacy standards--until the U.S. government comes a-callin' under the cover of anti-terrorism protection. Then, privacy doesn't mean so much. As reported on Wired.com:

The European Union and the United States formally agreed on Friday to let American border officials access the personal information of every European heading to America on commercial airlines, despite objections from members of European Parliament, which voted three times against the deal.

The agreement (PDF) allows customs agents to access the airlines' databases up to 72 hours before a flight departs. The agents will use the databases to try to ferret out terrorists and "international" criminals.

The deal helps get European airlines out of a Catch-22: They have been trying to comply with European Union's strict privacy protection laws, but by doing so and refusing to open their databases, they were risking losing their landing rights in the United States.

Department of Homeland Security spokesman Dennis Murphy called the deal necessary and fair.

"The European airlines were between a rock and a hard place," Murphy said. "This agreement eliminates that conflict."
The deal also has domestic ramifications as it frees the Transportation Security Administration to begin testing CAPPS II, the domestic airline passenger profiling system, using European passenger data.

Nearly all domestic flights include passengers who bought their tickets while in Europe, which means their data is protected by EU law and, prior to the agreement, could not be used for testing without their consent.

The deal gives the TSA leeway to use itineraries from American carriers to test its system. It also lets the administration later use large batches of data from international flights for testing.

Under the terms of the agreement, if and when CAPPS is implemented, however, the DHS will have to go back to the European Union to get further clearance.

The current agreement, which only lasts for three and a half years, limits the number of data elements customs officials can look at and promises EU passengers the right to contest any data held by the United States through the Department of Homeland Security's chief privacy officer.

Border control officials can look at 34 data fields including addresses, frequent flyer information, contact numbers, companions and e-mail addresses.

The United States will hold on to the data for not more than three and a half years, unless it is being used in an investigation

The misleading talk about "Catch-22"s and "rock and a hard place" is especially amusing. There is nothing particularly Catch-22-like (which involves a way to avoid a problem inevitably forcing you to face that problem) about the E.U's dilemma, and they more or less chose to just get bashed against the rock (or the hard place, as you will) in order to "eliminate [the] conflict." They wanted to preserve their citizens' privacy. The U.S. didn't want to let them. The U.S. won. Not a Catch-22, just some successful international bullying.