BlogEuropa.eu

Ideas, debates, analysis et al.

  • About BlogEuropa.eu
  • Editors
  • Acknowledgements / Legal
  • Seminarios BlogEuropa.eu

    • Privacy advocates rejoice! or not…?

    Filed under: Europe in the World,Law,Privacy,Tomás F. Serna

    Tomás F. Serna

    June 13, 2006

    Had you scanned through the recent headlines on privacy issues and noticed about the recent Court of Justice of the European Communities judgment on the 2004 EU-US agreement over personal data transfers from EU based airline companies to the US Government –but weren’t provided with or didn’t stop to read the fine print–, you’d think that this could mean a victory for so-called privacy advocates…

    Well, in that case, you’d had to think again.

    On May 14th. 2004, the EU Commision, after a period of negotiations with the US Government, approved a Decision [Commission Decision 2004/535/EC], finding that the competent US body [United States Bureau of Customs and Border Protection], provided an ‘adequate’ level of protection for accessing and processing certain personal data from passengers on EU based airline carriers to, from or via any US territory.

    Three days later, on May 17th. 2004, the EU Council passed its own Decision approving the conclusion of said agreement between the US and the EU. [Council Decision 2004/496/EC]

    Later, the EU Parliament challenged before the Court of Justice the legality of the Commision’s Decision, while as well raised the issue of the Commision’s Decision on ‘adequacy’ having been adopted ‘ultra vires’, and also a number of issues about fundamental rights being violated by the agreement.

    The amount of personal data which the US requires, usually referred to as ‘PNR’ (Personal Name Records), comprehends up to 34 references related to the passenger’s booked reservation/s. For a detailed list of these 34 references please see annex A of the May 14th. Decision. –If you are fond of cryptic acronyms, you are really going to have some serious fun.–

    After September 11 in the US, March 11 in Spain, etc. it is clear that there is a need for a certain amount of surveillance. –As a side note, I’ll mention that I personally feel a lot safer on flights to the US than to anywhere else. Though no-one welcomes waiting in two-three lines and going through a series somewhat thorough security checks prior to boarding a plane for a 7-9 hour flight, I feel a lot safer knowing these checks and probably others I’m not aware about have been in place for everyone boarding the aircraft.–

    And here is where the eternal question is raised once again. Where would the boundaries to that ‘certain amount of surveillance’ be? How does the fundamental (at least in the EU) right to privacy stack up against every other consideration in this issue?

    Cases such as JetBlue’s 2002 privacy affair with the US Transportation Security Agency immediately come to mind. In this particular case a popular US air carrier company handed some five million records from passengers to the US government, private records which in turn ended in the hands of a private government contractor. This contractor later merged these records with some others bought in the marketplace such as: social security numbers, income levels, vehicle ownership, etc. As it turns out the result of the merge was later used to attempt to tag each passenger’s security risk level.

    Again this brings to mind the widely reported CAPPS, and the recent CAPPS II programs. [Computer-Assisted Passenger Prescreening System.] A number of privacy concerns have been raised against these initiatives.

    Back to the EU, the Court of Justice on its May 30th. ruling, does not seem to address any of the privacy concerns that the Parliament, or the EU Data Protection Supervisor for that matter, raised before it. The Court annulled the challenged Decisions both in grounds of being based on the wrong legislation and both in the matter of ‘adequacy’ being ultra vires, but I guess it is fair to say they ended their analysis just there. None of the big privacy issues have been resolved.

    Can personal data obtained for commercial purposes be put through data mining techniques for law enforcement purposes in what, regardless of how convenient or useful this might be for the ‘greater good’, at first glance appears to be a flagrant breach of EU Law/s?

    Comments (2) 9:36 am |

    2 Comments »

    1. as you know the European Commission has already announced a new decision on this matter, following the ECJ ruling on competences, so we are back to square one in a way. my impression is that the debate about privacy at the EU level (“European privacy”) is just beginning.

      Comment by JMA — June 16, 2006 @ 10:57 am

    2. Many things in the EU seem to be ‘just beginning’… regardless of the amount of time and resources already devoted to them.

      Sadly enough, and regarding the issue of privacy, it seems to me that we never left ‘square one’.

      The European Commission needs to react as quickly as possible, and try to avoid unilateral agreements to be drafted, (not to mention signed!), by individual states that could be fearing air traffic to be interrupted from their territories to the US…

      All the best, TFS

      Comment by tfserna — June 26, 2006 @ 7:16 am

    RSS feed for comments on this post. | TrackBack URI | bookmark on del.icio.us.

    Leave a comment

    XHTML ( You can use these tags): <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> .

    Advertencia de Protección de Datos:

    Los datos personales capturados con ocasión de la utilización del formulario de comentarios (nombre/apodo, dirección de correo electrónico, sitio web y dirección IP), serán incluidos en un fichero del propietario del sitio web y se publicarán (excepto su dirección de correo electrónico y su dirección IP) en esta página con la finalidad de permitir opinar públicamente al lector, así como para en su caso contestar al comentario o consultas que formule. Podrá ejercitar sus derechos de acceso, de rectificación, de cancelación y de oposición en lo referido a dichos datos personales dirigiendo un correo electrónico a la dirección: datos.personales@blogeuropa.eu.

    ----

    Privacy notice:

    Please be informed that by using the comments form, your personal data (name/nickname, e-mail address, website and IP address), will be included in a file owned by the website proprietor and published along your comment (except for your e-mail and IP addresses), in order for the reader to publicly comment, as well as -should that be the case-, to respond to any comment or query that readers may have made. You will be able to exercise your rights to access, rectify, cancel and oppose such personal data by sending an e-mail to the following address: datos.personales@blogeuropa.eu.

    « Algunas propuestas para una ciudadanía europea    Enlargement fatigue »