The Contentious Development Of The Passenger Name Records Agreement Between The United States And The European Union That Was Approved On April 19, 2012
In response to the terrorist attacks on September 11, 2001, Congress passed several laws to strengthen homeland security, including the Aviation and Transportation Security Act of 2001 (ATSA). Among other things, ATSA required flights in foreign air transportation to the United States (US) to make passenger name record (PNR) information available to the Customs Service upon request. Both the Bush and the Obama Administrations have considered PNR data vital for national security. In 2008 and 2009, PNR helped the US to identify individuals with potential ties to terrorism in more than 3,000 cases, including the November 2008 Mumbai attack plotter, David Headley, and the perpetrator of the failed May 2010 Times Square bombing, Faisal Shahzad. In FY2010, approximately one quarter of the individuals denied entry to the US for having ties to terrorism were identified initially through PNR data. On September 21, 2011, the House Committee on Homeland Security approved a bipartisan resolution in support of continuing a PNR agreement with Europe, H. Res. 255. The pertinent part of H. Res. 255 reads as follows:
Resolved, That the House of Representatives--
On May 18, 2011, the Senate passed a companion resolution, S. Res. 174.
II. DEPARTMENT OF HOMELAND SECURITY SECRETARY JANET NAPOLITANO'S STATEMENT ON THE NEW PASSENGER NAME RECORDS AGREEMENT
Today's ratification by the European Parliament of the Passenger Name Record (PNR) agreement [ ] demonstrates how the US and the European Union continue to take vital steps to fight terrorism and transnational threats, while protecting privacy and civil rights. Addressing the shared security threats we face requires strong international partnerships, and this agreement is a testament to the long tradition of European and American cooperation.
PNR is an indispensible tool in our terrorism prevention efforts, and PNR data has aided nearly every high profile US terrorist investigation in recent years, including New York City subway bomber Najibullah Zazi, Times Square bomber Faisal Shahzad, and David Headley, who was involved in the 2008 Mumbai terrorist attack and was planning attacks in Europe. Additionally, this agreement will provide legal certainty for the travel and tourism industries, which will help facilitate transatlantic tourism which accounts for more than $72 billion in trade every year.
The PNR agreement reaffirms our commitment to extend essential security arrangements and protect individual liberty across the breadth of the US-EU relationship. In an era of transnational threats, we should all be proud of this strong international partnership.
III. EUROPEAN RESISTANCE TO SHARING PASSENGER NAME RECORDS INFORMATION WITH THE UNITED STATES
Article 25 of Directive 95/46/EC of the European Parliament (Parliament) with regard to the processing of personal data and on the free movement of such data, states as follows:
The European Commission (Commission) was not persuaded that the US ensured an adequate level of protection for PNR data. This created a conflict with ATSA, which required airlines to give PNR data to DHS. The airlines were caught in the middle of this dispute. The transfer of PNR data to the US was considered a breach of Article 25, but a failure to transfer the data subjected the airlines to sanctions in the US, which might extend to heavy fines and ultimately to a loss of landing rights.
In May 2004, the US and EU reached an initial PNR agreement. This accord, however, was controversial in Europe because of fear that it violated the privacy rights of EU citizens and did not contain sufficient protections to safeguard their personal data. The Parliament lodged a case against the PNR agreement in the EU Court of Justice. On May 30, 2006, the Court held that the EU had lacked authority to conduct such negotiations and annulled the agreement.
In July 2007, the US and the EU concluded negotiations on a seven-year agreement to ensure the continued transfer of PNR data, but the agreement was not formally accepted. Many Members of the EP (MEP) objected to key elements of the 2007 agreement, including: the amount of PNR data transferred; the length of time such data could be kept; and what they viewed as an inadequate degree of redress available for European citizens in the event of data misuse. Some MEPs also worried that US authorities might use PNR information for data mining or data profiling purposes. Other MEPs argued that rejecting the PNR agreement would create legal uncertainties and practical difficulties for both travelers and air carriers.
On December 1, 2009, the Lisbon Treaty, among other things, required approval from the Parliament for PNR agreements. Instead of approving the 2007 Agreement, however, the Parliament directed the Commission to resume PNR negotiations with the US. In May 2010, the Parliament agreed to postpone its vote on the 2007 PNR agreement, calling instead for the Commission to present a global external PNR strategy setting out general requirements for all PNR agreements with other countries.
On September 21, 2010, the EC issued a global external PNR strategy and called for the renegotiation of the EU's PNR agreements. The Commission also laid down a series of general considerations to guide the EU in negotiating PNR agreements. Adherence to these principles was expected to produce greater coherence between the various PNR agreements while ensuring respect for the fundamental privacy rights and protection of personal data.
IV. APPROVAL OF THE PASSENGER NAMES RECORDS AGREEMENT
On April 19, 2012, Parliament approved a new EU-US agreement (Agreement) on the use and transfer of PNR data to DHS. Although the Parliament's Committee on Civil Liberties recommended approval, forty-two percent of the EU members voted against the PNR. There were 31 votes in favor, 23 against, and one abstention. Following the vote, a person appointed to report on the proceedings, the Dutch Liberal-Democrat rapporteur Sophie in'T Veld, asserted that the vote showed clearly that there are very strong reservations about the Agreement. It might not have passed if the US had not made it very clear that a "no" vote would be answered by suspending visa-free travel to the US. Many of my colleagues did not want to make this sacrifice. It is highly regrettable that fundamental rights of EU citizens have been bargained away under pressure.
According to Sophie in 't Veld, the Agreement does not limit the use of PNR data to the fight against terrorism and serious transnational crime. The Agreement permits its use for a wide range of vague and unspecified purposes, such as immigration and border controls. It permits the storage of data for an indefinite period, albeit anonymised. Moreover, it does not prohibit US authorities from gaining access to the European computer systems to pull PNR data. She emphasized that she and the rest of the EU support the use of PNR data for the fight against terrorism and serious transnational crime. Nevertheless, the EU cannot credibly endorse an agreement that is not in line with EU privacy and data protection laws and principles.
Speaking in favor of the Agreement, British Conservative Timothy Kirkhope stated that the Agreement will ensure that extremely valuable information on terrorists, serious criminals, and people traffickers can be passed to the US authorities under strict conditions. When making a transatlantic flight reservation, very specific pieces of passenger information will be transferred to the US, and the US will establish clear rules for protecting the data, including who can see it, passenger rights of access, correction, redress, and how their information can be used. If Parliament had blocked this deal, PNR data would still have been handed over by the airlines, but it would have been outside of any data protection framework. Now we have a strong agreement, and we have sent a powerful message to the US that we continue to be its partner in the fight against terrorism.
V. ARTICLE-BY-ARTICLE SUMMARY OF THE PASSENGER NAME RECORDS AGREEMENT
ARTICLE 1 - Purpose. The purpose of this Agreement is to ensure security and to protect the life and safety of the public.
ARTICLE 2 - Scope. "Passenger Name Records" (PNR) means the record created by air carriers for each journey booked by or on behalf of any passenger and contained in the carriers' reservation systems, departure control systems, or equivalent systems (collectively referred to in this Agreement as "reservation systems"). This Agreement applies to carriers operating passenger flights between the EU and the US.
ARTICLE 3 - Provision of PNR. Carriers are required to provide the PNR data in their reservation systems to DHS in accordance with DHS standards. Should transferred PNR information include data beyond those listed in the Annex below, DHS must delete it upon receipt.
ARTICLE 4 - Use of PNR data. The US will collect, use, and processes PNR data for the purposes of preventing, detecting, investigating, and prosecuting terrorist offenses and related crimes, and other transnational crimes punishable by imprisonment of three years or more. PNR may be used on a case-by-case basis where necessary to deal with a serious threat, for the protection of vital interests of any individual, or if ordered by a court. And PNR data may be used by DHS to identify persons who would be subject to closer questioning or examination upon arrival to or departure from the US.
ARTICLE 5 - Data Security. DHS will ensure that appropriate arrangements are implemented to protect personal data and personal information contained in PNR from destruction, loss, disclosure, alteration, access, processing, or unauthorized use. In the event of a privacy incident (including unauthorized access or disclosure), DHS will take reasonable measures to notify affected individuals, to mitigate the risk of harm from unauthorized disclosures, and to institute remedial measures. DHS also will inform appropriate European authorities without undue delay about cases of significant privacy incidents involving the PNR of EU citizens or residents. All access to PNR data, as well as its processing and use, shall be logged or documented by DHS.
ARTICLE 6 - Sensitive Data. To the extent that the PNR of a passenger includes sensitive data (i.e., personal data and information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or data concerning the health or sex life of the individual), automated systems will be used by DHS to filter and mask it out from PNR. DHS shall provide the European Commission (Commission) with a list of codes and terms identifying sensitive data that will be filtered out. Access to, as well as processing and use of, sensitive data shall be permitted in exceptional circumstances where the life of an individual could be imperiled or seriously impaired. Sensitive data shall be permanently deleted by HDS no later than 30 days from the last receipt of PNR containing such data. However, sensitive data may be retained for the time specified in US. Law for the purpose of a specific investigation, prosecution, or enforcement action.
ARTICLE 7 - Automated Individual Decisions. The US shall not make decisions that produce significant adverse actions affecting the legal interests of individuals based solely on automated processing and the use of PNR.
ARTICLE 8 - Retention of Data. DHS will retain PNR data in an active database for up to five years. After the initial six months of this period, PNR shall be depersonalized and masked. Access to this active database shall, unless otherwise permitted by this Agreement, be restricted to specifically authorized officials. To achieve depersonalization, the following PNR data types shall be masked out: name(s); contact information; General Remarks, including other supplementary information (OSI), special service information (SSI), and special service request (SSR); and Advance Passenger Information System (APIS) information.
After this active period, PNR shall be transferred to a dormant database for a period of up to ten years. This dormant database shall be subject to additional controls, including a more restricted number of authorized personnel, as well as a higher level of supervisory approval required before access. In this dormant database, PNR shall not be repersonalized except in connection with law enforcement operations and then only in connection with an identifiable case, threat or risk. Following the dormant period, retained data must be rendered fully anonymized by deleting all data types which could serve to identify the passenger to whom PNR relate.
Information that is related to a specific case or investigation may be retained in an active PNR database until the case or investigation is archived.
ARTICLE 9 - Non-discrimination. The US shall ensure that the safeguards applicable to the processing and use of PNR data apply to all passengers on an equal basis without unlawful discrimination.
ARTICLE 10 - Transparency. DHS shall provide information to the traveling public regarding the use and processing of PNR through publications in the Federal Register and on its website; notices that may be incorporated by the carriers into contracts of carriage; statutorily required reporting to Congress; and other appropriate measures as may be developed. DHS shall publish and provide to the EU for possible publication its procedures and modalities regarding access, correction or rectification, and redress procedures. The Parties shall work with the aviation industry to encourage greater visibility to passengers at the time of booking on the purpose of the collection, processing, and use of PNR by DHS, and on how to request access, correction, and redress.
ARTICLE 11 - Access for Individuals. In accordance with the provisions of the Freedom of Information Act, any individual, is entitled to request his or her PNR from DHS. DHS shall timely provide such PNR subject to the provisions of paragraphs 2 and 3 of this Article. Disclosure of information contained in PNR may be subject to reasonable legal limitations. Any refusal or restriction of access shall be set forth in writing and provided to the requesting individual on a timely basis. Such notification shall include the legal basis on which information was withheld and shall inform the individual of the options available under US law for?seeking redress. DHS shall not disclose PNR to the public, except to the individual whose PNR has been processed and used or his or her representative, or as required by US law.
ARTICLE 12 - Correction or Rectification for Individuals. Any individual, regardless of nationality, country of origin, or place of residence may seek the correction or rectification of his or her PNR by DHS. DHS shall inform the requesting individual in writing of its decision whether to correct or rectify the PNR at issue. Any refusal or restriction of correction or rectification shall be set forth in writing and provided to the requesting individual on a timely basis. Such notification shall include the legal basis of such refusal or restriction and shall inform the individual of the options available under US law for seeking redress.
ARTICLE 13 - Redress for Individuals. Any individual whose personal data has been processed and used in a manner inconsistent with this Agreement may seek administrative and judicial redress in accordance with US law. Any individual is entitled to petition for judicial review in US federal court of any final agency action by DHS. Further, any individual is entitled to petition for judicial review in accordance with the Freedom of Information Act; the Computer Fraud and Abuse Act; the Electronic Communications Privacy Act; and other applicable provisions of US law. DHS will provide an administrative means to resolve travel-related inquiries, including those related to the use of PNR. This is done currently by the DHS Traveler Redress Inquiry Program (TRIP). Pursuant to the Administrative Procedure Act, any such aggrieved individual is entitled to petition for judicial review in US federal court from any final agency action by DHS relating to such concerns.
ARTICLE 14 - Oversight. Compliance with the privacy safeguards in this Agreement shall be subject to independent review and oversight by Department Privacy Officers, such as the DHS Chief Privacy Officer. Application of this Agreement by the US shall be subject to independent review and oversight by the DHS Office of Inspector General; the Government Accountability Office as established by Congress; and the US Congress.
ARTICLE 15 - Method of PNR Transmission. For the purposes of this Agreement, carriers shall be required to transfer PNR to DHS using the "push" method. Carriers shall be required to transfer PNR to DHS by secure electronic means in compliance with the technical requirements of DHS. The Parties agree that all carriers shall be required to acquire the technical ability to use the "push" method not later than 24 months following entry into force of this Agreement. Whenever carriers are unable to respond timely to requests under this Article in accordance with DHS standards, or, in exceptional circumstances, DHS may require carriers to otherwise provide access.
ARTICLE 16 - Domestic Sharing. DHS may share PNR only with domestic government authorities when acting in furtherance of the uses outlined in Article 4.
ARTICLE 17 - Onward Transfer. The US may transfer PNR to competent government authorities of third countries only under terms consistent with this Agreement and only upon ascertaining that the recipient's intended use is consistent with those terms. Apart from emergency circumstances, any such transfer of data shall occur pursuant to express understandings that incorporate data privacy protections comparable to those applied to PNR. PNR shall be shared only in support of cases under examination or investigation. Where DHS is aware that the PNR of a citizen or a resident of an EU Member State is transferred, the competent authorities of the concerned Member State shall be informed of the matter at the earliest appropriate opportunity.
ARTICLE 18 - Police, Law Enforcement and Judicial Cooperation. DHS shall provide to competent police, other specialized law enforcement or judicial authorities, information obtained from PNR in cases under examination or investigation that is needed to prevent, detect, investigate, or prosecute terrorist offenses and related crimes or transnational crime. A police or judicial authority may request access to PNR when it is necessary in a specific case to prevent, detect, investigate, or prosecute terrorist offenses and related crimes or transnational crime. DHS shall provide such information. DHS shall share PNR only following a careful assessment of exclusively as consistent with Article 4; when acting in furtherance of the uses outlined in Article 4. Receiving authorities shall afford to PNR equivalent or comparable safeguards as set out in this Agreement.
CHAPTER IV - IMPLEMENTING AND FINAL PROVISIONS
ARTICLE 19 - Adequacy. DHS shall be deemed to provide an adequate level of protection for PNR processing and use. In this respect, carriers which have provided PNR to DHS in compliance with this Agreement shall be deemed to have complied with applicable legal requirements related to the transfer of such data from the EU to the US.
ARTICLE 20 - Reciprocity. The Parties shall actively promote the cooperation of carriers within their respective jurisdictions with any PNR system operating consistent with this Agreement. Parties shall consult to determine whether this Agreement would need to be adjusted accordingly to ensure full reciprocity.
ARTICLE 21 - Implementation and Non-Derogation. This Agreement shall not create or confer, under US law, any right or benefit on any person or entity, private or public. Each Party shall ensure that the provisions of this Agreement are properly implemented. Nothing in this Agreement shall derogate from existing obligations of the US and EU Member States.
ARTICLE 22 - Notification of Changes in Domestic Law. The Parties shall advise each other regarding the enactment of any legislation that materially affects the implementation of this Agreement.
ARTICLE 23 - Review and Evaluation. The Parties shall jointly review the implementation of this Agreement one year after its entry into force and regularly thereafter as jointly agreed. Further, the Parties shall jointly evaluate this Agreement four years after its entry into force. The Parties shall jointly determine in advance the modalities and terms of the joint review and shall communicate to each other the composition of their respective teams. Following the joint review, the European Commission (Commission) shall present a report to the European Parliament (Parliament) and the Council of the European Union (Council). The US shall be given an opportunity to provide written comments which shall be attached to the report.
ARTICLE 24 - ?Resolution of Disputes and Suspension of Agreement. Any dispute arising from the implementation of this Agreement shall give rise to consultations between the Parties. In the event that consultations do not result in a resolution of the dispute, either Party may suspend the application of this Agreement. Notwithstanding any suspension of this Agreement, all PNR obtained by DHS pursuant to this Agreement prior to its suspension shall continue to be processed and used in accordance with the safeguards of this Agreement.
ARTICLE 25 - Termination. Either Party may terminate this Agreement at any time by written notification. Prior to any termination of this Agreement, the Parties shall consult each other in a manner which allows sufficient time for reaching a mutually agreeable resolution. Notwithstanding any termination of this Agreement, all PNR obtained by DHS pursuant to this Agreement prior to its termination shall continue to be processed and used in accordance with the safeguards of this Agreement.
ARTICLE 26 - Duration. Subject to Article 25, this Agreement shall remain in force for a period of seven years from the date of its entry into force. Upon the expiration of the seven-year period, the Agreement shall be renewed for a subsequent period of seven years unless one of the Parties notifies the other in writing of its intention not to renew the Agreement. Notwithstanding the expiration of this Agreement, all PNR obtained by DHS under the terms of this Agreement shall continue to be processed and used in accordance with the safeguards of this Agreement.ANNEX - PNR DATA TYPES.
Nolan Rappaport was a counsel on the House Judiciary Committee. Prior to working on the Judiciary Committee, he wrote decisions for the Board of Immigration Appeals. He also has been a policy advisor for the DHS Office of Information Sharing and Collaboration under a contract with TKC Communications, and he has spent time in private practice as an immigration lawyer at Steptoe & Johnson. He is retired now, but he does temporary and part time work.
The opinions expressed in this article do not necessarily reflect the opinion of ILW.COM.