Feeds

US and EU stitch up airline passenger data deal

And data protection law

The Power of One Infographic

Then the US had wanted to keep the data it collects about people for at least eight years. The EU got it to settle with three and a half years. But Baker's letter said that as the new agreement only ran for nine months anyway, that restriction had been invalidated.

The real stickler was the EU's lauded "push" system for giving the US data about its citizens. US border control has been pulling the data, which means it takes what it needs straight from airlines' passenger databases. In 2004, the US agreed to a push system, which would mean that airlines handed over only the relevant passenger information.

The Department of Homeland Security still hasn't got round to giving up its pulling habit. But it has agreed to do so. Faull presented this as a way to ensure the US could get its hands on only that data it had agreed with the EU.

But Baker's letter, said the US push system was not going to be so restrictive: "The design of the system itself must permit any PNR data in the airline reservation or departure control systems to be published to DHS in exceptional circumstances where augmented disclosure is strictly necessary," he said.

Also, the EU's requirement that the US query only 34 fields of data about each passenger, was to be ignored (not forgetting a desire in Europe for the US to query no more than 15).

"The undertakings authorize DHS to add data elements to the 34 previously set forth...if such data is necessary," Baker said.

In other words, the US would take whatever data it wanted from the airlines, regardless of what it had agreed with the EU.

This could prove to be a difficult test for Europe's data protection law. Member states, through the Council of Ministers, have unanimously endorsed the US view of PNR signed up to in the new agreement. (They have yet to pass the agreement on Thursday, but have already given diplomatic approval enough for it to have been struck).

The test will centre on whether EC data protection law has competence over the transfer of data to countries without adequate data protection when the purpose of the transfer is security. The ECJ already ruled in June that the EC administration did not have the competence to strike the old PNR agreement, thus invalidating it.

It neglected to decide on the wider issue of whether the law was competent. That's next on the menu. And the ECJ advocate general has already indicated that he might prefer to side with the security hawks if he was required to intervene again. ®

Mobile application security vulnerability report

More from The Register

next story
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
Want to beat Verizon's slow Netflix? Get a VPN
Exec finds stream speed climbs when smuggled out
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.