You are currently browsing EDRi's old website. Our new website is available at https://edri.org

EDRI-gram

If you wish to help EDRI promote digital rights, please consider making a private donation.


Flattr this

logo

EDRi booklets

EU knew about the US's system profiling all visitors

17 January, 2007
» 
|

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

New controversial issues appear in the case of Passanger Name Record (PNR) deal with US that show the level of privacy from the US authorities is very far from the European standards. As Statewatch revealed, the EU Council Presidency admitted that the Council of the European Union and the European Commission had known about the US's "Automated Targeting System" (ATS) profiling all visitors.

The issue has become critical after the Homeland Security Department (DHS) posted a Notice on the Federal Register in November 2006 showing that PNR data on travellers from the EU are included in the ATS used by DHS Customs and Border Protection (CBP) branch.

ATS is a system that U.S. has used for some years to assess risks to transport. Until August 2006 the system was believed to target cargo shipments. However the DHS notice of November revealed the fact that CBP was using this system to target passengers as well, using, collecting and storing PNR data received from airlines databases.

The system creates a risk assessment score and it is not limited to fighting terrorism and crime. Moreover the data is preserved for a 40 year period and can be shared with other US Government organizations and foreign governments or organizations.

ATS system not only violates US Congressional prohibitions on passenger risk-assessment schemes ignoring the privacy rights of the US citizens but also the right of citizens all over the world.

According to the agreement reached between EU and the US Government in 2004 the transfer of data was allowed with some safeguards, including 3.5 year period of retention and some rights of access by European citizens to correct their data. The US Government promised to use the data only to fight terrorism and organised crime and not to share these data with other agencies or for risk-assessment scoring.

The concerns of data protection organisations and bodies come from the fact that US has shown to have constantly broken the agreement. As ATS uses PNR received from EU carriers, CBP uses the data for the profiling of risk assessments although the agreement was only for the verification of the data for people on a watch-list. The data are preserved for 40 years for risk assessment profiling purposes which obviously exceeds by far the 3.5 year period established in the agreement or the case-to-case provision for a person suspected of terrorism.

The data is not only used to combat terrorism or organized crime as agreed but also for general law enforcement purposes and the safeguards imposed by the agreement, including the right to correct data by the European citizens, are not observed.

Although the Finnish Presidency of EU claims to have made all the efforts in reaching a political consensus on the promotion of the Framework Decision on data protection and in increasing the safeguards for data protection, it has also come out that the Council of Europe and the European Commission had been aware of the existence of ATS since 2005. The Finnish Presidency stated it had sent an official enquiry to the US authorities to clarify the ATS relation to the PNR agreement but data protection advocates show strong reserves to whether the EU will be able to negotiate efficiently in this matter.

"The EU Presidency statement that the Council and Commission have known about the ATS for over a year is quite extraordinary. During this period they renegotiated the EU-USA PNR agreement claiming it was on the same terms as that agreed in 2004 when they clearly knew it was not. The Council and the Commission knew about it but did nothing until the existence of the ATS was made public and now they have asked for clarification" stated Tony Bunyan, Statewatch editor.

The past history on this issue has shown that the US Government has not observed the agreement and that EU has continuously weakened its demands related to data protection safeguards.

Privacy International and the American Civil Liberties Union have called for the repeal of the EU-US agreement on PNR data transfers by appealing to the Council of the European Union, the European Commission, the European Parliament, and privacy commissioners in 31 countries across Europe.

Address to the European Parliament by Minister for European Affairs Paula Lehtomaki on Data Protection (12.12.2006)
http://www.statewatch.org/news/2006/dec/ats-eu-coun-statement-12-dec-0...

PI and ACLU call for repeal of EU-US agreement on data transfers (11.01.2007)
http://www.privacyinternational.org/article.shtml?cmd%5b347%5d=x-347-5...

‹ Copyright extension term rejected by EU commissioned reportupIs DRM fading out? ›
Printer-friendly version
 
Site by Floatleft.

Syndicate:

Syndicate contentCreative Commons License

With financial support from the EU's Fundamental Rights and Citizenship Programme.
eu logo