EU strikes deal with US over sharing of passenger data

‘Guarantees’ that privacy standards will be met
Green MEPs highlight threat to civil liberties

David Gow

US counter-terrorism agencies, including the FBI and CIA, will get quicker and easier access to the personal data of millions of European passengers flying across the Atlantic under a deal reached yesterday between the EU and the Bush administration.

European ministers and senior officials claimed the temporary deal would ensure data protection and personal privacy standards were met. “We got concrete guarantees,” French justice minister Pascal Clément said. But Green MEPs and others accused the EU of caving into US pressure at the expense of civil liberties, enabling American agencies to continue to “plunder” 34 pieces of personal data, including credit card details, telephone and email contacts and “no-show” records.

The deal, hailed by the home secretary, John Reid, as “a vital measure in combating international terrorism”, lasts until July next year and replaces a 2004 agreement nullified by the European Court of Justice in May on technical grounds after a challenge over privacy by MEPs.
Late last week talks between the US and the EU on updating the 2004 agreement foundered on demands by Michael Chertoff, head of the US Homeland Security department, for a more routine sharing of passenger data - and their electronic storage - among American intelligence and law enforcement agencies.

Franco Frattini, the EU justice commissioner, said agencies other than the US customs and border protection agency, part of the Homeland Security department, would have to “request” access to the data and receive it “only if they have comparable standards of data protection”.

But the key to reaching a deal was the Americans’ agreement that European airlines may in future be allowed to “push” electronic data to the US rather than see it “pulled” automatically by Mr Chertoff’s officials. A test of this new scheme will be held in November, with the aim of getting it in place permanently by July 2007.

Airlines now have to ensure the US authorities can access the data within 15 minutes of a flight’s departure for America, with some understood to have to do this three or four times per flight because of seat-changes and the like. The quid pro quo for a permanent deal is likely to be the sharing of more data - up to 60 items, according to senior EU officials.

The US drive for easier and quicker access to passenger data for several agencies, heightened by the foiling in August of the alleged terrorist plot to blow up as many as 10 British flights to US cities, comes after legislation forcing them to share intelligence. Their failure to do is seen as a root cause of the 9/11 attacks.

Mr Reid said the deal showed that the “common alliance against terrorism is, on both sides of the Atlantic, very strong” and that “when the chips are down, Europe can act very swiftly to reach a unanimous decision”. On Thursday the EU adopted UK-style measures to restrict liquids carried on board flights to 100ml to prevent the threat of liquid explosives.

But Liberal MEPs said Mr Chertoff was determined to extract ever more personal data and the new deal was a “stop-gap” solution that required too much data, offered too few privacy safeguards and gave no clear guidelines on use by other agencies. The European Parliament is already investigating Swift, the bank transfer company, for secretly handing over customer information to the US and the CIA’s use of secret prisons in Europe for detaining alleged terrorists.

Airlines, which faced fines of up to $6,000 (£3,200) per passenger and the loss of landing rights for failing to share passenger data, welcomed the deal as ending legal uncertainty. The International Air Transport Association demanded government help to meet the airlines’ annual $5.6bn security bill.

Mr Chertoff told Reuters that other US agencies would abide by the “general privacy rules that we have agreed to” and the deal satisfied American security needs. He added that airlines may now have to provide data more than 72 hours before departure under the new arrangement.

Graham Watson, leader of the EU parliament’s Liberal and Democrat group, called the deal the “least worst option” but said it remained very concerned.

“The current American administration is determined to extract ever more personal data and share it with the wider intelligence community,” he said.