by CIO Staff

Officials Downplay EU Data Privacy Concerns Over Passenger Data

May 30, 20063 mins

The European Commission and U.S. government officials played down fears that flights from Europe to the United States might be disrupted at the end of September, when an agreement on sharing passengers’ private data will expire.

A two-year-old agreement to share more than 30 different items of personal information about passengers flying to the United States is illegal, the European Court of Justice ruled Tuesday.

“We need continuity,” said Franco Frattini, the European commissioner for justice and home affairs during a televised debate among European Union and U.S. antiterrorism officials assembled in Washington, D.C., and Brussels. He is “certain” an agreement can be reached to avert a crisis in transatlantic travel.

A U.S. official agreed. “I am confident that we will find a solution that will keep the data flowing and the planes flying,” said Stewart Baker, an assistant secretary of state for the U.S. Department of Homeland Security.

But some data-protection lawyers believe the problem won’t be so easy to get rid of. “It’s not an easy situation,” said Chris Kuner, a partner in the Brussels office of law firm Hunton & Williams. “The U.S. government has said this court ruling won’t change the rules on passenger data transfers agreed two years ago, but the court decision today throws everything up for re-examination,” Kuner said.

The court allowed the passenger data agreement to continue until Sept. 30 “for reasons of legal certainty,” the court said in a statement. The European Commission must either draft a new agreement in the next four months or allow individual member states to strike bilateral agreements.

Without one of those two solutions, European airlines could be fined by U.S. authorities if they fail to provide the same data after Sept. 30 or by European data protection authorities if they do hand over the information. Worse, passengers on European carriers could face delays of up to six hours while flights into the United States are screened.

U.S. authorities have also threatened to strip European carriers of the landing rights if they fail to provide the required passenger information in advance. U.S. airlines don’t face the same problem because they are not subject to Europe’s tough data-protection laws.

The U.S. government doesn’t appear ready to tone down its demands for passenger data, leaving European policy makers in a tight spot, Kuner said. “The bottom line is that European airlines, which rely heavily on the revenues from transatlantic flights, risk being shut down or pushed out of business,” he said.

Information required by the United States includes names, addresses, credit card numbers and travel schedules. The U.S. government insisted that European airlines hand over such information at least 15 minutes before a transatlantic flight departs so that passenger lists can be screened for potential terrorists.

Airlines were caught in the middle of a legal tussle before the agreement between the United States and the European Union was signed in May 2004, because European data-protection laws forbid companies from exporting European citizens’ personal data outside the union, unless the country they export the information to has equivalent data-protection laws. The United States is not deemed to have equivalent data-protection rules.

-Paul Meller, IDG News Service

For related news coverage, read EU Called Wrong to Allow Passenger Data Release.

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.