EU, US Reach Airline Passenger Data-Sharing Agreement

After months of back-and-forth negotiations, the United States and the European Union have reached an agreement on the sharing of data pertaining to airline passengers flying to the U.S. from Europe.

The new agreement gives more U.S. government agencies access to data collected by European agencies, including the name, address and credit card information of passengers bound for American soil.

Privacy Concerns

This new agreement replaces one that was thrown out by a judge in May. It came after lengthy talks aimed at satisfying both the United States’ desire to have improved security readiness and growing privacy concerns in the EU.

The original agreement had been struck in the weeks after Sept. 11, 2001, when homeland security concerns drove the U.S. to strike sweeping data-sharing agreements with many overseas jurisdictions, in many cases asking for and receiving wholesale access to passenger data.

More recently, privacy rights groups began to question the deal the EU had struck with the U.S., including the provision allowing multiple U.S. agencies to scour the passenger records.

It also came after reports in Europe over the past week suggested talks had stalemated, throwing into question whether some airlines may have to halt trips to the U.S. or risk violating European laws by sharing data with U.S. officials. The U.S. had warned that airlines that failed to share passenger data faced fines of up to US$6,000 per passenger and possible landing bans.

The new agreement is good until the end of July, 2007.

Victory for Both Sides

The court that ruled in May against the older deal had given the two sides until Oct. 1 to strike a new agreement, but that deadline passed with both sides still at loggerheads over key provisions.

Reports suggest Finnish officials helped broker the deal and each side apparently won some concessions.

For instance, the U.S. will now have the right to share the passenger data with multiple agencies beyond the Customs Department and Department of Homeland Security. That presumably frees the U.S. to share the data with other intelligence agencies as well as the Department of Immigration and Naturalization.

Meanwhile, the U.S. gave up the right to directly draw data from the networks of European airlines in real-time, and instead will have to request access from the airlines. That presumably creates a need for agencies to explain why they need specific information.

The data covered in the deal does not change, with 34 specific pieces of information available to the U.S., from passenger names, birthdates and other biographical information to their reasons for traveling to the U.S.

European Union Justice and Security Commissioner Franco Frattini said the deal was reached during a nine-hour negotiation session.

“We are not talking about more data or more exchanges, we are talking about making it easier to transmit data,” Frattini said at a news briefing announcing the deal.

Technology Ahead of Society?

To many observers, the passenger-data standoff is a symbol of the rapidly evolving privacy landscape. In the past, such near-instantaneous information-sharing would have been physically and technologically impossible.

Technology has evolved so rapidly that the ability to open data to third parties has outpaced the rate at which companies, agencies and society as a whole have established rules and guidelines for sharing it, said Gartner analyst Avivah Litan. The events of Sept. 11 led to much more data being shared, with some share agreements only now starting to be considered in a new light.

“The world is playing catch up with technology,” Litan added. “The tension between privacy and the need to have openness is going to be with us for some time.”