Detailed data on all European airline passengers - potentially including credit card details, phone numbers, addresses and full travel itineraries - are to be routinely handed over to the US Department of Homeland Security (DHS) for scrutiny and storage, under a European Commission agreement being finalised in Brussels, writes Karlin Lillington
Privacy advocates fear that under the agreement, European PNR (passenger name record) data taken from 34 categories in each individual record will be dispersed across the dozens of US federal agencies that now come under the DHS umbrella.
While such information is currently protected by strict usage restrictions under EU data protection legislation, it will lose all protections once it is passed to US agencies. The US says it needs such information to screen for terrorists and others who have committed "serious crimes".
"This breaks three fundamental principles of data protection law: that such information shouldn't be retained in the first place, can't be held for long periods and can't be handed on to other organisations," says Mr Tony Bunyan, director of London-based privacy watchdog Statewatch.
"Without very much debate, we're getting a system that undermines the EU approach to data protection," says Mr Malachy Murphy, co-chair of the Irish Council for Civil Liberties.
A particularly controversial element of the proposal is that European data could be used for the DHS's ambitious CAPPS II database (Computer Assisted Passenger Pre-Screening System), which could merge data from many sources, including commercial sources such as financial and medical records.
According to Mr Bunyan, the US has stated an intention to use European data gained through PNR records to test-run the CAPPS system.
The EU and US have agreed to postpone discussions on whether automatically to allow further EU data to be passed on to CAPPS until after the system is operational.
Privacy advocates and many MEPs fear the Commission is planning a similar centralised database for Europe, and is using the pretence of capitulating to US demands to bring in a pan-European system that has long been desired by European law enforcement agencies.
"The Commission is using this as an excuse," says Green Party MEP Ms Patricia McKenna. "The EU wants to have its own system."
Spain has already introduced a proposal for such a system, which was initially to cover all EU citizens and all EU flights.
Later, this was modified so that only data from immigrants entering the EU would be retained.
According to Mr Bunyan, the proposal once again applies to all EU citizens, although the exact status of the proposal is unclear.
Ms McKenna says such lack of clarity is a problem with both the US and EU proposals.
"The whole thing is very unclear. And there has been such a lack of public debate that it's hard to understand how this information will be used."
The Government has already stated that passing the Spanish proposal would be a goal of the Irish EU Presidency. The Commission has argued that European data should at least be gathered into a central database before being passed on to the US, as this approach is more cost-effective.
According to Mr Bunyan, the Republic and Britain have been the most vocal supporters of having an EU system that gathers information on all EU citizens.
In the case of the US agreement, PNR data is only to be collected from European airlines, which have been asked to modify their computer systems to give US customs agents direct access to "pull" data at their discretion.
US airlines, however, will not be asked to supply PNR data for flights coming from Europe, as collecting such data on US passengers has been politically controversial in America.
Revelations that PNR data had been secretly passed to federal agencies by two airlines, Northwest Airlines and Jetblue, caused uproar in the US at the end of last year.
The European Commission is expected to agree only to allow data to be "pushed" - sent in response to a specific request - rather than "pulled" at will by US agents.
But US civil liberties groups such as the American Civil Liberties Union (ACLU) have warned that EU citizens' data would have little or no protections and would almost certainly be used to build large database profiles of individuals.
"European passenger data that is shared with the US will receive little or no protection. Individuals targeted for scrutiny by US officials will have no recourse as their most personal medical and financial data is examined and processed in ways they never imagined and never contemplated when they purchased an airline ticket," Mr Barry Steinhardt, director of the ACLU's technology and liberty programme, wrote in a formal memorandum on the PNR proposal.
Although the European Parliament is likely to express strong opposition to any such agreement, the proposal is expected to be approved within weeks.
Modifications made to the proposal have met the tacit consent of the EU expert working group in the area, the Article 29 Committee comprising all the EU data protection commissioners, according to Irish Data Protection Commissioner Mr Joe Meade.
After much discussion, the US has made numerous concessions, such as agreeing to hold PNR records for three years rather than its original suggestion of 50, and to institute a data privacy official in the DHS.
"The US has given commitments that will be enshrined in an agreement," Mr Meade says, noting that the agreement will be reviewed in 3½ years.
The Article 29 group is not completely happy with the draft agreement but "is favourably disposed towards what was proposed," he says. But Mr Bunyan expressed worries that data collected for the "fight against terrorism" would end up becoming a general police tool, "crunched" to search for likely criminals.
Already, data gathered under the US Patriot Act has seen such "mission creep", he says.
"Since September 11th, dozens of proposals have gone through that were said to be targeting terrorism, but few are primarily targeting terrorism," he says.
"What we're getting now is the wholesale surveillance of entire populations. And all you're doing is creating a bigger haystack for finding that needle in."
