The latest EU agreement for airlines to automatically transfer European personal passenger data to the US authorities breaches fundamental European human rights, a study commissioned by Green MEPs has found. The 2011 agreement to share Passenger Name Record (PNR) data of airline passengers flying from Europe breaches European data protection laws, according to a study conducted by Gerrit Hornung of the Universität Passau and Franziska Boehm of the Université du Luxembourg.
The researchers compared agreements struck between the EU and the US in 2004, 2007, and 2011, and found a general deterioration of Europeans' rights in relation to data sent to the US.
Hornung and Boehm found that the purpose and use of the data have been extended; the retention period has been extended; data transfer to third parties has been broadened; independence of supervision is not guaranteed; the amount of data sets transferred has not been reduced; there is less protection for sensitive data; and the data subject's rights and judicial review are not enforceable.
In addition, the stated need for the transfer of data — to reduce terrorism — has not led to a single arrest of a terrorist, said the academics.
A number of authorities have raised doubts about the legal basis of the agreements, including the European Commission and the European Data Protection Supervisor.
The study will be used by the Green Party in upcoming discussions on a European Parliament vote on the 2011 EU PNR agreement, according to Green MEP Jan Phillipp Albrecht.
"This study shows the PNR agreement is not in line with the [legal] framework we have in the EU," Albrecht told ZDNet on Wednesday.
The vote on whether to either ratify or to not support the agreement will be taken in the European Parliament home affairs legal committee on 27 March. The decision by this committee will then be put before the European Parliament in a plenary session.