Feeds

US and EU stitch up airline passenger data deal

And data protection law

Security for virtualized datacentres

Then the US had wanted to keep the data it collects about people for at least eight years. The EU got it to settle with three and a half years. But Baker's letter said that as the new agreement only ran for nine months anyway, that restriction had been invalidated.

The real stickler was the EU's lauded "push" system for giving the US data about its citizens. US border control has been pulling the data, which means it takes what it needs straight from airlines' passenger databases. In 2004, the US agreed to a push system, which would mean that airlines handed over only the relevant passenger information.

The Department of Homeland Security still hasn't got round to giving up its pulling habit. But it has agreed to do so. Faull presented this as a way to ensure the US could get its hands on only that data it had agreed with the EU.

But Baker's letter, said the US push system was not going to be so restrictive: "The design of the system itself must permit any PNR data in the airline reservation or departure control systems to be published to DHS in exceptional circumstances where augmented disclosure is strictly necessary," he said.

Also, the EU's requirement that the US query only 34 fields of data about each passenger, was to be ignored (not forgetting a desire in Europe for the US to query no more than 15).

"The undertakings authorize DHS to add data elements to the 34 previously set forth...if such data is necessary," Baker said.

In other words, the US would take whatever data it wanted from the airlines, regardless of what it had agreed with the EU.

This could prove to be a difficult test for Europe's data protection law. Member states, through the Council of Ministers, have unanimously endorsed the US view of PNR signed up to in the new agreement. (They have yet to pass the agreement on Thursday, but have already given diplomatic approval enough for it to have been struck).

The test will centre on whether EC data protection law has competence over the transfer of data to countries without adequate data protection when the purpose of the transfer is security. The ECJ already ruled in June that the EC administration did not have the competence to strike the old PNR agreement, thus invalidating it.

It neglected to decide on the wider issue of whether the law was competent. That's next on the menu. And the ECJ advocate general has already indicated that he might prefer to side with the security hawks if he was required to intervene again. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Verizon bankrolls tech news site, bans tech's biggest stories
No agenda here. Just don't ever mention Net neutrality or spying, ok?
NATO declares WAR on Google Glass, mounts attack alongside MPAA
Yes, the National Association of Theater Owners is quite upset
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.