The European Union Commission bureaucrats have ignored the votes in the European Parliament and the warnings from European Union state Data Privacy authorities, and have signed an agreement with the United States about the unilateral transfer of airline Passenger Name Record data to the USA.
The political scheming and misleading public statements by those involved in the EU negotiations with the USA make sorry reading, and can be found in the Privacy and Travel category of the The Practical Nomad Blog by Edward Hasbrouck.
and by Statewatch and by Privacy International(.pdf)
c.f. the actual text of the agreement which was signed on May 28th 2004.
The Data Retention period is being spun as, for some unfathomable reason as 3 years and 6 months. In practice, the actual Data Retention period will be for at least 8 years, which is allowed for "records which have been manually accessed". Under what circumstances will a transatlantic flight record not be "manually accessed" by a US official ?
The 34 data fields in the Passenger Name Record that will be "pulled" or eventually "pushed" from the airline Computerised Reservation Services such as Galileo/Apollo, Sabre, Amadeus, or Worldspan etc. include:
1. PNR DATA ELEMENTS REQUIRED BY CBP FROM AIR CARRIERS
1. PNR record locator code
2. Date of reservation
3. Date(s) of intended travel
5. Other names on PNR
7. All forms of payment information
8. Billing address
9. Contact telephone numbers
10. All travel itinerary for specific PNR
11. Frequent flyer information (limited to miles flown and address(es))
12. Travel agency
13. Travel agent
14. Code share PNR information
15. Travel status of passenger
16. Split/Divided PNR information
17. Email address
18. Ticketing field information
19. General remarks
20. Ticket number
21. Seat number
22. Date of ticket issuance
23. No show history
24. Bag tag numbers
25. Go show information
26. OSI information
27. SSI/SSR information
28. Received from information
29. All historical changes to the PNR
30. Number of travelers on PNR
31. Seat information
32. One-way tickets
33. Any collected APIS information
34. ATFQ fields"
The implications of collecting and forwarding these data which invade the privacy of passengers and their families and business associates (if they have not paid for a flight personally) are very worrying, especially as the aim of all of this seems to be Passenger Profiling, with all the scope for massive mistakes, racial harrassment and ineffectiveness against real terrorists, which plans like CAPPS II entail (thanks again to Edward Hasbrouck for his excellent online resources on this issue).