Concerns include that data about European airline passengers would be collected for purposes for US interests other than merely fighting terrorism and organised crime, would be used to create database profiles and "risk scores" that would determine the way people were treated by the system, and that this data would be shared widely with other US departments and that it would be kept for 40 years. Europeans also have no course of redress should they discover the system contains incorrect data.
Jonathan Faull, lead PNR negotiator for the European Commission, told the Parliament that Baker wrote with assurances on 15 December that the data protection provisions the Europeans had imposed on the US in the last PNR agreement would be imposed on European data stored in the ATS as well.
"Assistant secretary Baker of the DHS confirmed clearly that the ATS in no way supersedes or alters the agreement signed in October," he said, insisting also that there would be a PNR agreement.
However, those in Brussels pushing for the protection of data about European citizens from the US, are as sceptical of Baker's assurances now as they were last October when he hit them with the US's interpretation of the interim agreement. They don't believe it had any legal standing. It was merely an agreement between the US and EU executives anyway. Open Skies, which as a treaty will be debated in Congress and the European Parliament, will be taken seriously - and privacy campaigners are for now very worried about it.
MEP's are yet hopeful. Sophie Int-Veld, the Dutch MEP acting as rapporteur for the Parliament on the PNR talks, told The Register before the hearing that shifting sands in the US Congress would lead to greater co-operation between the houses on transatlantic data sharing arrangements like PNR. They've both got problems reining in their executives, apparently. Their co-operation on privacy will become more important as fledgling talks for an over-arching transatlantic data protection agreement progress. Till now, the Commission has kept the Parliament at arms length. MEPs will be in Washington for a pow-wow on their mutual problems in April.®
SWIFT has everything to do with PNR
The data is handed over by companies, in this case the airlines, in other case SWIFT.
When Baker came with his 'new expanded' interpretation, the companies concerned handed the data over based on his expanded definition WITHOUT FURTHER AGREEMENT FROM THE EU.
There is no negotiation between EU and US, there is only US decides and EU meekly complies. The reason for this is that the companies concerned do not fear EU privacy legislation.
That's why the need to make an example of the SWIFT CEO, if the multinationals fear prosecution in the EU, they'll suddenly remember their obligations to us.
swift have nothing to do with PNR...
Errr... I agree that action should be taken against SWIFT but am not clear that it has much to do with this story on airline passenger data other than the similarity of the US browbeating everyone outside the US... Have you guys ruled out voting for a different party next time? Almost anyone will do from my perspective! :-)
Throw the CEO of SWIFT in Jail
Lock up the CEO of SWIFT exactly like the Americans locked up the CEOs of gambling related companies. You'll see sudden obedience of EU Privacy laws and companies will magically remember their duties to the EU.
Words are worthless with this neocon lot, they're not even abiding by their own laws. EU has to fight our corner or USA will walk all over us.
SWIFT are a natural target, the CEO is EU resident, they broken lots of EU laws, their story is inconsistent (claiming both that they received subpoenas and that they didn't need them because they're not a financial institution).
US citizens are also protected by the 'right to financial privacy act' which blocks fishing expeditions and requires a letter is sent to anyone whose records are handed over to security agencies to inform them of the fact. (1112b).
"(b) When financial records subject to this title are transferred pursuant to subsection (a), the transferring agency or department shall, within fourteen days, send to the customer a copy of the certification made pursuant to subsection (a) and the following notice"
There's also no doubt SWIFT come under this law, it specifically includes AGENTS of financial institutions, which is what SWIFT is.
"SEC. 1103. (a) No financial institution, or officer, employees, or AGENT OF a financial institution, may provide to any Government authority access to or copies of, or the information contained in, the financial records of any customer except in accordance with the provisions of this title. "
SWIFT are up to their neck in it and if they don't get prosecuted then who will? What happens when banks are sending EU leaders bank records to USA. What happens when hospitals are sending medical records for Europeans to USA? ISPs logging and sending emails to USA? They'll point to the SWIFT case, and it will be far more difficult to prosecute them.
Still happy with the USA? What happens when they're sending info to China under pressure of the Chinese? Or Russia under pressure from the Russians? These large corps operate in many markets and if they cave to one countries pressure, they'll cave to others too.