US-EU Spying Scandal Threatens Transatlantic Passenger Data Sharing

A report in Germany’s Der Spiegel newspaper over the weekend alleging that the United States’ National Security Agency, or NSA, “targeted the European Union with its spying activities” could, if verified, have a serious impact on U.S.-EU relations, including the new Passenger Name Record program, in which the EU gives the U.S. personal data on each trans-Atlantic air traveler.

Rebecca Harms and Daniel Cohn-Bendit, Green Party leaders in the European Parliament, have long been vocal opponents of Passenger Name Record program. Over the weekend, they not only called for an immediate investigation into alleged NSA spying on EU representatives in Washington and infiltration of their computer network, but they also demanded the safe harbor of NSA whistle-blower Edward Snowden and the cancelation of the exchange of important data like passenger records between the U.S. and the EU.

“The EU should cancel the agreements on Swift and PNR [Passenger Name Record] with the U.S.,” Harms said Sunday. “The last few days have shown how urgently we need an international agreement on data protection.”

The European Parliament approved the new data agreement with the United States last April after years of resistance to a deal on handing over such information, which many found to be an invasion of privacy that could lead to false arrests. The seven-year accord mandates that airlines in Europe must give the U.S. Department of Homeland Security data about trans-Atlantic travelers prior to departure without fear of violating any EU privacy rules. The shared information includes each passenger’s name, address, reservation dates, number of bags, payment details, seat number and travel itinerary. The Passenger Name Record may also contain sensitive data like racial or ethnic origin, religion or health, though the U.S. Department of Homeland Security says electronic filters automatically mask such data, which can be viewed only “under exceptional circumstances where the life of an individual could be imperiled or security impaired.”

U.S. authorities agreed to blur passengers’ names and contact details after six months. The rest of the data is kept for up to five years, at which time it’s moved to a dormant database for an additional 10 years before it’s fully anonymized by deleting all information that could identify a passenger.

The 2012 accord replaced a provisional 2007 agreement and prevented European airlines from flying in legal limbo, forcing them to choose between violating EU or U.S. law. EU Home Affairs Commissioner Cecilia Malmstrom said last April that the new agreement would help both sides “fight serious transnational crime and terrorism.” The U.S. ambassador to the EU, William Kennard, added that such data had “aided nearly every high-profile U.S. terrorist investigation in recent years.

"The agreement will also help to facilitate legitimate trade and support the transatlantic travel and tourism industry, which accounts for $72.2 billion in trade each year," Kennard said.

The U.S. Customs and Border Protection agency, or CBP, placed new information about the Passenger Name Record program on its website on June 21 amid growing concerns following Snowden’s leak of highly classified government secrets.

“Collecting this information in advance provides the traveler two advantages,” the CBP explained. “First, it affords CBP adequate time to research possible matches against derogatory records to eliminate false positives. Second, it expedites travel by allowing CBP to conduct mandatory checks prior to a flight’s arrival in the U.S., rather then making you, and everyone else on your flight, stand in line while we manually conduct the review after you arrive.”

The U.S. Customs and Border Protection agency noted that any individual, regardless of citizenship, could access his or her Passenger Name Record under the Freedom of Information Act.