In some recently published documents, Statewatch revealed that very soon after the EU-USA agreement on PNR (passenger name record) was signed on 28 June 2007, the US government announced some changes in its Privacy Act that give exemptions from responding to request for personal information held to DHS (Department of Homeland Security) and ATS (Automated Targeting System). US Government also sent a written request to the Council of EU to agree on keeping secret all the documents on the negotiations for at least 10 years.
The declared purpose of the above-mentioned exemptions is for "national security, law enforcement, immigration and intelligence activities. These exemptions are needed to protect information relating to DHS investigatory and enforcement activities from disclosure to subjects or others related to these activities (....) Disclosure of information to the subject of an inquiry could also permit the subject to avoid detection or apprehension."
The exemptions are related to the new "Arrival and Departure System" (ADIS) that the USA is to introduce and which is meant to authorise people to travel only after PNR and API (Advance Passenger Information) data has been checked and cleared by US agency watchlists: "ADIS consists of centralized computerized records for and will be used by DHS and its components. .. The information is collected by, on behalf of, in support of, or in cooperation with DHS and its components and may contain personally identifiable information collected by other Federal, state, local, tribal, foreign, or international government agencies."
The Automated Targeting System, that is to be exempted as well, is a system of 6 modules of dealing with Passenger Name Record (PNR) data.
The exemptions seem to be meant to counterbalance "the set backs" for the US government in the EU-US PNR agreement signed in June. In the text of the agreement it is stated that DHS has taken the decision "to extend administrative Privacy Act protections to PNR data stored in the ATS regardless of the nationality or country of residence of the data subject, including data that relates to European citizens. Consistent with U.S. law, DHS also maintains a system accessible by individuals, regardless of their nationality or country of residence, for providing redress to persons seeking information about or correction of PNR."
The exemptions introduced now contradict this statement, as also notice Tony Bunyan, Statewatch editor : "The adoption of these two exemptions will seriously diminish any rights EU citizens have to find out what data is held on them and who it is held by. Did the Council and the Commission, who negotiated the agreement, know the US was planning to introduce them, and if not why not?"
Another measure taken by the US Government related to the agreement signed in June is one regarding the confidentiality of the negotiations that led to signing the act. On 30 July 2007, Mr Paul Rosenzweig, Acting Assistant Secretary for Policy at the US Department for Homeland Security sent a written request to the Council of European Union to agree on keeping secret all the documents on the negotiations for at least 10 years after the entering into force of the agreement.
EU's Article 29 Data Protection Working Party issued on 17 August an opinion on the new EU-USA PNR agreement concluding that it sensibly weakened the safeguards provided by the previous agreement and that "the new agreement leaves open serious questions and shortcomings, and contains too many emergency exceptions."
"Yet again we see the USA telling the EU what to do. In this case how it should operate the EU Regulation on access to documents. How can any request for PNR documents be fairly considered under EU law when it has already agreed to exercise a US veto? Are we going to see documents for all future EU-US agreements kept secret too? US access to PNR data and its further processing is an issue of substantial public interest which directly effects the rights and privacy of EU citizens and therefore all the documentation should be in the public domain for parliaments and people to see and discuss. It is a quite outrageous request and it is even more outrageous that the EU is going to agree to it" commented Tony Bunyan, Statewatch editor.
US changes the privacy rules to exemption access to personal data
(4.09.2007)
http://www.statewatch.org/news/2007/sep/04eu-usa-pnr-exemptions.htm
US demands 10 year ban on access to PNR documents (2.09.2007)
http://www.statewatch.org/news/2007/sep/02eu-usa-pnr-secret.htm
Proposed Rules, Federal Register - DHS, 6 CFR Part 5, Privacy Act of 1974:
Implementation of Exemptions (22.08.2007)
http://www.statewatch.org/news/2007/aug/usa-adis-privacy-act-exemption...
http://www.statewatch.org/news/2007/aug/usa-ats-exemptions-privacy-act...
Article 29 Data Protection Working Part - Opinion 5/2007 on the follow-up
agreement between the European Union and the United States of America on the
processing and transfer of passenger name record (PNR) data by air carriers
to the United States Department of Homeland Security concluded in July 2007
(17.08.2007)
http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2007/wp138_en...
EDRI-gram: Final agreements between EU and USA on PNR and SWIFT (4.07.2007)
http://www.edri.org/edrigram/number5.13/eu-us-pnr-swift