Privacy in the Skies US-EU Flight Data Treaty Signed
A newly-signed treaty between the US and the EU will send in-depth profiles of European airline passengers to the US Department of Homeland Security within minutes of take-off. European privacy advocates say there's turbulence ahead.
Metal detectors will be supplemented by digital watchdogs as airlines forward data on passengers to the US Department of Homeland Security.
The new agreement replaces an interim agreement which was due to lapse at the end of July. A previous deal had expired in October 2006.
Under the new data-sharing agreement, widely criticized by privacy advocates as invasive, 19 pieces of data will be sent to the US Department of Homeland Security within 15 minutes of a flight's departure.
Included in the information will be seat assignments, credit card numbers, phone numbers, frequent flier award information, passport numbers and connecting flights. At the signing ceremony in Washington, the US Secretary of Homeland Security Michael Chertoff called the data "an essential screening tool for detecting potentially dangerous trans-Atlantic travelers."
Chertoff signed on behalf of the US, and Portuguese Minister of Foreign Affairs Luis Amado represented the EU. The treaty had been held up for months as European officials pushed for a variety of concessions. Concern over privacy rights led the EU to insist on a reduction in the number of data points (from 34 to 19) and to complain that the data would be stored for too long.
As part of the deal, which was reached after extensive negotiations that finished in late June, the US agreed to keep the data active for seven years, and then in a "dormant" file for specific uses for an additional eight years. And US officials will not be able to access airlines' records directly, instead relying on the airlines to send them data -- or face fines.
Much of the treaty relies on the US to follow the rules and notify Europe later. Sensitive data on race or religion is supposed to be filtered out, for instance, but could be retained in special cases. "This is like Swiss cheese -- for every rule, there is an exception or escape clause," Dutch Member of the European Parliament Sophie in 't Veld told SPIEGEL ONLINE. "This fails completely, despite all the statements to the contrary."
Treaty critics say the new version actually represents a much more modest revision than claimed, and that most of the reductions are simply reorganizations and rephrasings of the original categories. Only four of the 34 original data points requested by the US have been eliminated entirely.
Skeptics say European negotiators should have pushed for more concessions, especially given the US track record on data protection. In a report after treaty negotiations were completed, the European Parliament called the treaty's privacy protections "substantively flawed."
"The Americans basically declare on their word of honor that they will be very careful with our personal data," in 't Veld says. "Based on our experiences in the past, that's not good enough."