A leaked copy of the latest draft of a proposed “Agreement between the United States of America and the European Union on the use transfer of Passenger Name Record [PNR] data to the United States Department of Homeland Security” has been published by the civil liberties watchdog and investigative reporting group Statewatch.
So reports Ian Parker-Joseph:
Some people and groups who ought to know better, including lobbyist and former DHS Assistant Secretary for Policy Stewart Baker — the principal architect of an earlier US-EU “agreement” on PNR data — and the Heritage Foundation, have suggested that for the European Parliament not to ratify whatever the Commission and Council or pose would be to “renege” on their agreement with the US. That’s nonsense, obviously. The European Parliament has no more obligation to ratify treaties proposed by the European executive than the U.S. Senate is obligated to ratify every treaty proposed by the President.
With the impossibility of making this binding either over there or over here, various anomalies naturally arise, e.g.
The draft “agreement” claims that, “DHS processes and uses PNR data … in compliance with safeguards on privacy and protection of personal data and information.” There is no basis for such a claim. The DHS has exempted its PNR database from the protections of the Privacy Act, even for U.S. citizens. No privacy or data protection laws apply to PNR data held by the DHS.
The draft “agreement” claims that “the United States insures that passengers whose PNR is collected by DHS are made aware of the … use of their PNR.” In fact, the only U.S. law that requires any accounting of disclosures of personal data is the Privacy Act. The Privacy Act applies only to U.S. citizens and residents, and the DHS has exempted its PNR database from the Privacy Act requirement for an accounting of disclosures, even when it is requested by a U.S. citizen.
As Ian concludes:
The only entities which have anything to gain from this agreement are (a) travel companies whose current activities are in violation of EU laws, and (b) enforcement authorities in the EU (including national data protection authorities and the European Commission as enforcer of the Code of Conduct for CRSs) who don’t want to carry out their current responsibility to enforce EU law, to cut off U.S. access to PNR data collected in the EU, and to impose sanctions on the travel companies that are transferrring PNR data to the U.S.