The US airline company Nothwest Airlines voluntarily handed over the personal data of possibly as much as 10 million US and European passengers to the National Aeronautics and Space Administration (NASA). Northwest Airlines has an alliance with the Dutch airline company KLM. The two companies have integrated their reservation systems and operate code-sharing flights from the USA to Amsterdam and beyond routes to Europe, Africa, the Middle East and India. Airline experts believe part of the data handed over to NASA originates from KLM passengers.

The Electronic Privacy Information Center (EPIC) in Washington publicized documents about the transfer obtained through a Freedom of Information Act procedure. NASA requested from Northwest Airlines the passenger data (PNR) from July to September 2001 for use in development and testing of passenger-profiling schemes. Northwest acknowledges the transfer. The company said in a statement that the transfer was 'appropriate' but that its current policy 'is to not provide passenger name record data to private contractors or federal government agencies for use in aviation security research projects'. EPIC has filed a complaint against Northwest Airlines with the US Department of Transport.

On 16 December the European Commission presented the long-awaited outcome of its negotiations with the U.S. Department of Homeland Security on the transfer of Passenger Name Record (PNR) data to the U.S. As expected, the outcome is a foul compromise, creating a permanent breach of law.

According to European data protection principles, personal data can only be transferred from Europe if the recipient has an adequate level of data protection. In the case of PNR data, the Commission will always issue a finding of adequacy in order to legitimise the transfer already taking place.

Talks between the European Commission and the US department of Homeland Security about airline passenger data are moving very slowly. Commissioner Frits Bolkestein told the European Parliament that the US are only willing to compromise on a few disagreements. Most importantly the US do not want to limit the use of airline passenger data to the purpose of fighting terrorism.

Since March the US are demanding passenger data from European airlines flying to or through the US. The data is sent to the US prior to flight departure and used by the US to screen passengers and apply a risk assessment. The passenger name record data (PNR) consist of many data items: departure and return flights, connecting flights, special services required on board the flight (meals such as Kosher, Halal) and payment

Negotiations about airline passenger data between the European Commission and the US are stuck but both parties have agreed to solve their differences before the end of this year. On 22 September, Asa Hutchinson, US Under Secretary for Border & Transportation Security met with EU Commissioner Bolkestein, but that didn't result in any public change of the US position.

Since March the US is demanding passenger data from European airlines flying to or through the US. The data is send to the US prior to flight departure and used by the US to screen passengers and apply a risk assessment.

On 12 September the moratorium expires on the transfer of European passenger-data to the United States. Already harsh words are being exchanged between EU institutions, one of the last realms of diplomatic kindness. "The violation of EU legislation is continuing and with it the rights of European citizens are being violated." This judgement from an official Working Document of the European Parliament is aimed at the Commission, which, according to the document, "in the 6 months since the adoption of Parliament's resolution (on the transfer of Airline Passenger's PNR data to U.S. authorities) has made very little progress with regard to ensuring that EU data protection legislation is observed". Still, the EP rapporteur, Dutch Liberal Johanna Boogerd-Quaak, continues, "Your rapporteur believes that the US commitments do not offer adequate

A Dutch member of the European Parliament is threatening to take the European Commission to court for failing to protect the digital privacy of its EU citizens. EU MP Johanna Boogerd is also vice-chairman of LIBE, the parliamentary committee on Citizens' Freedoms and Rights, Justice and Home Affairs. She opposes the agreement between the Commission and US Customs that allows for live access for an unlimited amount of US security officials to information about European air passengers, including sensitive personal data like travel history and food preferences.

As she explains in an interview with Radio Netherlands, providing such access to third parties breaks EU laws and directives designed to protect the privacy of the individual.

The European Data Protection Authorities, convened in the European Working Party (Article 29 Data Protection Working Party), have published an opinion on the transfer of EU airline passenger data to the US. The Working Party also published a US Customs document dated 22 May 2003 that refines the US wishes and demands towards PNR data transfer and which the Working Party' opinion is commenting on.

Since 5 March U.S. authorities have access to most European airlines’ passenger data bases after an agreement between the European Commission and US Customs. The transfer of the so-called Passenger Name Record (PNR) data has outraged the European Parliament, Data Commissioners and privacy groups. The scope of the original agreement between the European Commission and US Customs is wide. The agreement states that data can be stored as long as necessary and that the use of the data is not limited to combating terrorism but any "legitimate law enforcement purposes". Ongoing talks between the EU and the US need to result in a final agreement that gives the transfer a legal basis which it currently lacks.

Following a complaint from European parliament member Marco Cappato the Belgian data protection office is investigating a possible violation of European privacy law by the airline carriers Continental Airlines and United Airlines. Mr Cappato sent a letter to the Belgian data protection commissioner urging his office to investigate the transfer of his personal data to the US authorities. These so-called PNR data are sent to the US authorities by airlines following an agreement between US Customs and the European Commission.