Feeds

US and EU stitch up airline passenger data deal

And data protection law

Build a business case: developing custom apps

Then the US had wanted to keep the data it collects about people for at least eight years. The EU got it to settle with three and a half years. But Baker's letter said that as the new agreement only ran for nine months anyway, that restriction had been invalidated.

The real stickler was the EU's lauded "push" system for giving the US data about its citizens. US border control has been pulling the data, which means it takes what it needs straight from airlines' passenger databases. In 2004, the US agreed to a push system, which would mean that airlines handed over only the relevant passenger information.

The Department of Homeland Security still hasn't got round to giving up its pulling habit. But it has agreed to do so. Faull presented this as a way to ensure the US could get its hands on only that data it had agreed with the EU.

But Baker's letter, said the US push system was not going to be so restrictive: "The design of the system itself must permit any PNR data in the airline reservation or departure control systems to be published to DHS in exceptional circumstances where augmented disclosure is strictly necessary," he said.

Also, the EU's requirement that the US query only 34 fields of data about each passenger, was to be ignored (not forgetting a desire in Europe for the US to query no more than 15).

"The undertakings authorize DHS to add data elements to the 34 previously set forth...if such data is necessary," Baker said.

In other words, the US would take whatever data it wanted from the airlines, regardless of what it had agreed with the EU.

This could prove to be a difficult test for Europe's data protection law. Member states, through the Council of Ministers, have unanimously endorsed the US view of PNR signed up to in the new agreement. (They have yet to pass the agreement on Thursday, but have already given diplomatic approval enough for it to have been struck).

The test will centre on whether EC data protection law has competence over the transfer of data to countries without adequate data protection when the purpose of the transfer is security. The ECJ already ruled in June that the EC administration did not have the competence to strike the old PNR agreement, thus invalidating it.

It neglected to decide on the wider issue of whether the law was competent. That's next on the menu. And the ECJ advocate general has already indicated that he might prefer to side with the security hawks if he was required to intervene again. ®

A new approach to endpoint data protection

More from The Register

next story
Amazon says Hachette should lower ebook prices, pay authors more
Oh yeah ... and a 30% cut for Amazon to seal the deal
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
Nintend-OH NO! Sorry, Mario – your profits are in another castle
Red-hatted mascot, red-colored logo, red-stained finance books
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
Chips are down at Broadcom: Thousands of workers laid off
Cellphone baseband device biz shuttered
Feel free to BONK on the TUBE, says Transport for London
Plus: Almost NOBODY uses pay-by-bonk on buses - Visa
Twitch rich as Google flicks $1bn hitch switch, claims snitch
Gameplay streaming biz and search king refuse to deny fresh gobble rumors
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?