This week, European Digital Rights (EDRI) launched a campaign against the transfer of European air travellers' data to the United States. The campaign coincides with renewed talks between the European Commission and the United States.

Since 5 March 2003, an agreement between the European Commission and United States Customs provides US authorities online access to European travellers' Passenger Name Record (PNR) data for flights to the US. The PNR data consist of all relevant information related to a passenger's flight: departure and return flights, connecting flights, special services required on board the flight (meals such as Kosher or Halal) and flight payment information such as credit card numbers.

Under EU privacy regulations the transfer of such personal data to third countries is bound to strict guidelines. However, due to political and economic pressures by the US government, the European Commission has allowed the transfer of passenger data to go through.

On 6 May the parliamentary Committee on Citizens' Freedoms and Rights (LIBE) held a hearing on transfer of European air travellers' data. Representatives of the US Department of Homeland Security came to Brussels to convince the Committee members of their intention to protect the privacy of European air travellers. They had little to offer and presented no new limitations on the existing practice of data transfer.

It became clear during the hearing in the European parliament that the PNR data will be fed into the Computer Assisted Passenger Pre-screening System. In a current test of the second generation of the system, CAPPS II, the goal is to identify terrorists, according to Douglas Browning, a senior official if US Customs. But the agreement between the US and the EU on the PNR data mentions that US Customs may share the data with other US agencies for "legitimate law enforcement purposes". This is a very broad definition and can be read like an assurance that all European passengers' data could be stored in FBI and other US agencies' databases for many years to come, to be used for all kinds of law enforcement purposes. Those purposes are very different from the limited anti-terrorism objectives that, the US government claimed, originally justified their request for more EU passenger data from European airline companies.

In the campaign against the transfer of PNR data European Digital Rights offers models of complaints that air travellers can send to the airline carriers and their national data protection commissioners. With the first letter, air travellers can request their personal data from the airlines and get information about which of their personal data were transferred to the US. The second letter is addressed to national data protection commissioners to urge them to investigate the transfer of personal data. The letters are available through the website of European Digital Rights.

Although the US Department of Homeland Security now has a Privacy Officer and the CAPPS II program will get a Passenger Advocate (to process complaints from passengers) it remains to be seen what influence and powers they will have or if these officials are merely installed to keep EU privacy officials and advocacy groups at a distance.

Campaign against the illegal transfer of European travellers' data to the USA
http://www.edri.org/cgi-bin/index?funktion=campaigns

EPIC resource: EU-US Airline Passenger Data Disclosure
http://www.epic.org/privacy/intl/passenger_data.html

Complaints of US air passengers about the "no-fly" list (an outlook for European travellers!)
http://www.epic.org/privacy/airtravel/foia/watchlist_foia_analysis.htm...