U.S., E.U. Miss Deadline on Data-Sharing Agreement

By Ellen Nakashima
Washington Post Staff Writer
Sunday, October 1, 2006

The United States and the European Union failed to meet a Saturday deadline to conclude a permanent new agreement on the sharing of airline passenger data, an issue that has raised serious privacy concerns in Europe. But both sides said talks will continue and flights will not be affected.

In the aftermath of Sept. 11, 2001, terrorist attacks, the U.S. government began requiring all airlines flying to the United States to share passenger data, such as name, address and credit card information, with Customs and Border Protection.

The European Court of Justice, the highest European court, annulled the deal on a technicality in May but gave the E.U. and the United States until yesterday to replace it.

Homeland Security Department Secretary Michael Chertoff on Saturday said in a statement that he had initialed a draft formal agreement that "ensures the appropriate security information will be exchanged and counter-terrorism information collected by the department will be shared, as necessary, with other federal counter-terrorism agencies."

Under the post-Sept. 11 data-sharing agreement, Europe allowed the United States to keep the data for up to 3 1/2 years, but the United States wants to be able to hold onto the information longer. Europe also allowed the United States to share the data, part of a database called the Passenger Name Record, with other U.S. counterterror agencies on a restricted, case-by-case basis. The United States wants to be able to share the data more liberally.

The United States has said it could take steps, including fining airlines $6,000 per passenger or revoking landing rights, if data are not turned over.

Chertoff told the Associated Press that he had been assured the United States would continue to receive data from European airlines and that he did not think the airlines would be penalized by their home governments.

Telmo Baltazar, counselor to the E.U. delegation, said there was no final deal reached yesterday because E.U. negotiators said they needed to consult with E.U. authorities, according to the Associated Press.

The talks have broken down before, and the struggle to reach an agreement underscores the difficulty in reconciling the U.S. government's growing appetite for information in a post-Sept. 11 world with other countries' desires to protect their sovereignty and their citizens' privacy, analysts said.

"You have a situation where the United States is increasingly data-hungry, even though it has no idea what it wants to do with this data, and the European Union is increasingly waking up to its obligations under its founding principles, including data protection and privacy," said Gus Hosein, a senior fellow with Privacy International in London.

David Sobel, senior counsel of the Electronic Frontier Foundation, a privacy organization, said that since Sept. 11, the U.S. government has put an emphasis on the collection of passenger data and has "generally ignored the serious privacy issues that arise both under E.U. law and domestic law."

"The problems that the Department of Homeland Security has encountered internationally are similar with respect to the privacy concerns that have hampered the development of domestic systems," Sobel said.

The United States requires all airlines flying to the country to submit data. The European Union objected because it has stronger data-protection laws than many nations, including the United States.

The dispute could easily have been resolved if the United States had adopted privacy protection for passenger reservation data that satisfied the European standards, said Edward Hasbrouck, an expert on travel data privacy in San Francisco. The standards include giving the person whose data is shared the right to have access to and to review the data and putting limits on its use and on its retention.

© 2006 The Washington Post Company