Hustinx says EU-US data deal could breach citizens’ rights

The EU’s top data protection official has said he has "grave concerns" over a new deal between the EU and US on the transfer of airline passenger data.

Peter Hustinx wrote to Wolfgang Schaüble, the interior minister of Germany, current EU president, saying that he had "serious doubts" that the deal would comply with European fundamental rights.

"If the EU does not lead the way in developing the importance of fundamental rights, including the protection of data, how can we expect the rest of the world to follow?" he asked.

Ambassadors representing the member states are expected to endorse the deal tomorrow (29 June) to allow airline passenger data to be sent to the US following an agreement yesterday between Franco Frattini, European commissioner for justice, liberty and security, and the US secretary for the department of homeland security, Michael Chertoff.

One of Hustinx’s main concerns is that the US would be allowed to store the data for 15 years, as opposed to three-and-a-half years under the current agreement. The deal would be supplemented by an exchange of letters, a point Hustinx took as showing that the "US wants to avoid a binding agreement".

"Data on EU citizens will be readily accessible to a broad range of US agencies and there is no limitation to what US authorities are allowed to do with that data," he added.

The EU won the right to reduce the number of pieces of information being sent to the US - from 34 to 19. But Sophia in ’t Veld, a Dutch liberal MEP and author of a European Parliament report on passenger name records (PNR), said there would probably not be a reduction in the amount of information, rather there would be a merging of fields of information. The lack of a system for evaluating the collection and storage of the data, which would be made public, also made the agreement inadequate, she said.

"This agreement is worse than the last one…it’s more long-term, there is no evaluation and it will be very difficult to get out of it," she said.

Environment ministers are today (28 June) going to sign off on a separate agreement to allow personal banking information to be sent to the US authorities, after the ambassadors backed it yesterday.

Both deals follow years of wrangling between the two sides amid concerns that European citizens’ data was not being protected and that EU laws on data protection were being violated.

On the transfer of personal banking data by Swift, a financial network owned by banks, the US has agreed to use the information for counter-terrorism investigations only, to store it for five years and to delete any data which is no longer needed.

An "eminent European" will be appointed to check that the data is being held and processed correctly, according to the agreement.

In addition, Swift and the banks must inform their customers that their personal information will be transferred to the US.

In ’t Veld said that the Swift agreement was better than the PNR deal in that the data could only be used for counter-terrorism purposes whereas the use of airline passenger data was broader. But she questioned how the person tasked with independently monitoring the process would be appointed and why they would not report directly to the European Parliament but the Commission.

The US demanded the transfer of airline passenger data after the attacks of 11 September 2001. Following court challenges, this is the third deal on the transfer of this type of data.

On the banking data, the US compelled Swift by court action to give access to the information stored in databases in the US.

The EU’s top data protection official has said he has "grave concerns" over a new deal between the EU and US on the transfer of airline passenger data.