EDRI and its partners held successful actions on 20 May at Schiphol (Amsterdam), Zaventem (Brussels) and Vienna airport.

At all three airports EDRI members have provided airline passengers with important information about the transfer of their personal data to US authorities. Passengers were given a letter they can send to the national Data Protection Authority in their country to request an investigation of the illegal transfer of their personal data.

The action in Amsterdam was done by Bits of Freedom with Kathalijne Buitenweg (member of the European parliament) and Marijke Vos and Jan de Wit (members of the Dutch parliament). In Brussels Kathalijne Buitenweg and Marco Cappato (both members of the European parliament) informed passengers.

This week, European Digital Rights (EDRI) launched a campaign against the transfer of European air travellers' data to the United States. The campaign coincides with renewed talks between the European Commission and the United States.

Since 5 March 2003, an agreement between the European Commission and United States Customs provides US authorities online access to European travellers' Passenger Name Record (PNR) data for flights to the US.

EDRI campaign at Schiphol airport (Amsterdam).

EDRI and its partners held successful actions on 20 May at Schiphol (Amsterdam), Zaventem (Brussels) and Vienna airport.

At all three airports EDRI members have provided airline passengers with important information about the transfer of their personal data to US authorities. Passengers were given a letter they can send to the national Data Protection Authority in their country to request an investigation of the illegal transfer of their personal data.

The action in Amsterdam was done by Bits of Freedom with Kathalijne Buitenweg (member of the European parliament) and Marijke Vos and Jan de Wit (members of the Dutch parliament).

Early in April, the Dutch Lower House silently approved of a change of the Telecommunication Law that lowers access barriers to personal data substantially. All 40.000 policemen will have the right to demand the name and address data of all telephony and internet subscribers. There is no need for the user to be a suspect, requests can be made in the general context of investigating serious crime.

Currently, access to the central database with the data of telephony subscribers is limited to the 500 public prosecutors (and the secret service).

The agreement between the European Commission and U.S. authorities on the transmission of passenger name record data (PNR) has encountered fierce opposition during a public hearing at the European parliament. The agreement gives the U.S Customs on-line access to passenger name record data of all EU based airlines for flights that go to, from or through the U.S.

During the 25 March public hearing in the European parliament the Commission argued that it had no choice but to accept the U.S. demands for passenger data. Threats to fine European airlines or even halt landing rights were taken very seriously by the Commission. But many participants were not satisfied with the explanation that the Commission had been blackmailed and couldn't do anything about it. They argued that the transfer of PNR data has no legal basis and is a direct violation of the EU data protection directive.

During last weeks CFP conference (Computer Freedom Privacy) in New York, Simon Davies from UK EDRi-member Privacy International announced the winners of the Stupid Security Awards. The jury received some 5.000 nominations from 35 different countries. Though most of the winners are American, Europe also produced some very noteworthy stupid security measures. UK mobile phone company T-Mobile won a Most Annoyingly Stupid Award 'for pointless and idiotic financial security measure'. T-Mobile won't let anyone pay more than fifty pounds a month from a bank account, for unspecified 'security' reasons. Runner-Up for the Most Egregiously Stupid Award was Moscow Mayor Yury Luzhkov for the "Propiska" Identity Papers, while UK Heathrow Airport was selected the runner-up for the Most Inexplicably Stupid Award.

The Commission’s secret talks with U.S. authorities on the transmission of air passenger data have caused a heavy clash between EU institutions. The Security spokesperson of the EP conservative fraction, the Austrian Hubert Pirker, announced today his fraction will take the Commission to the European Court of Justice.

Since 5 March U.S. authorities have access to most European airlines’ passenger data bases. On 10 March, the European Parliament’s influential Citizen’s Rights and Freedoms, Justice and Home Affairs Committee (LIBE) adopted a resolution containing harsh criticism of the Commission’s proceedings. It “questions the legal base and the repercussions”, of the Joint Declaration with U.S. officials and “expresses concern that it could be interpreted as an indirect invitation to the national authorities to disregard Community law”. The original French-language draft of the resolution contained even more outspoken criticism, stating that the Joint Declaration “lacks any legal basis”. Immediately after the vote, amendments were drafted in order to broaden the criticism of the Commission in the EP resolution, which will be voted in Brussels on 26 or 27 March and is likely to be adopted by a vast majority.

From 5 March onwards, USA officials will have direct electronic access to databases with EU passenger data. On 19 February, U.S. Deputy Customs Commissioner Douglas Browning and officials of the European Commission agreed to give the custom officials direct access to the personal data of passengers flying to, from and through the United States.

These databases don't just include names of passengers, but also itinerary, phone and credit card number, time of booking and possible changes. The discussion about data of a sensitive nature, such as meal preferences, was closed with a recommendation to jointly develop measures to protect these data, preferably before 5 March 2003.

In return, 'US Customs undertakes to respect the principles of the Data Protection', at least, as long as these principles don't stand in the way of the secret services. 'US Customs may provide information to other US law enforcement authorities only for purposes of preventing and combating terrorism and other serious criminal offences, who specifically request PNR information from US Customs.'