US hits legal turbulence over EU passenger data

The Electronic Frontier Foundation is taking the Department of Homeland Security to court for not disclosing how it uses and shares EU airline passenger information
Written by Tom Espiner, Contributor

The US Government has had a complaint brought against it for failing to disclose how it uses European airline passenger data.

The Electronic Frontier Foundation (EFF) has issued a legal complaint against the US Department of Homeland Security (DHS), to force it to comply with an earlier request for information on how European passenger data is secured, shared, used and stored.

The EFF is using the Freedom of Information Act to try and find out how EU passenger data transferred to the US is retained, secured, used, disclosed to other entities, and combined with other information. The EFF is also attempting to get hold of all correspondence between DHS and EU officials concerning the transfer and use of passenger data, and all correspondence between US Government officials on how to interpret the terms of the agreement.

The EFF would also like to see all complaints received from EU citizens or entities concerning the DHS acquisition, maintenance and use of EU passenger data.

"Travellers may give up a lot of personal information when they make flight reservations," said EFF staff attorney Marcia Hofmann.

Hofmann claimed that passengers travelling between Europe and the US deserve to know who gets to see their data, how the information is protected and whether those practices comply with EU law.

"When federal agencies don't comply with the Freedom of Information Act's requirements, they may conceal activities and programmes that raise serious legal issues and put privacy at risk," added Hofmann. "The Department of Homeland Security must abide by the law and give the public information about the new passenger data agreement."

The European Council and the US Government reached a disputed agreement in May 2004 on the processing and transfer of passenger name record (PNR) data for all European air passengers travelling to the US. Under the agreement, the DHS could electronically access PNR data from air carriers' reservation and departure control systems within the EU.

The European Parliament objected to the deal, and the European Court of Justice found it illegal on a technicality in May 2006. The EU and DHS renegotiated the agreement as a result, and reached a new deal which the EFF said gave the US even more powers to force disclosure of passenger information, but which the European Commission said gave it more control over the data.

The new, temporary deal means that up to 34 pieces of information concerning every individual passenger would automatically be sent to the DHS up to 72 hours before flight departure. Frequent flyer information would include name, address, email address, telephone number and number of bags on a flight.

The US Government is currently seeking to extend the number of government departments that can share PNR data.

The DHS did not comply with the EFF's Freedom of Information request within a statutory limit of 20 days, prompting it to file the legal complaint with the district court of Columbia on Tuesday.

Editorial standards