European Lawmaker To Sue U.S. Over Data
Tuesday, July 1, 2008
A European Union lawmaker who frequently travels to the United States is suing the U.S. government for access to her personal records, such as credit card information and travel history, that the Department of Homeland Security and other security agencies may have gathered.
The lawsuit to be filed today by Sophie in't Veld, a Dutch member of parliament, comes as the United States and Europe are working on an agreement on privacy protections for transatlantic data-sharing. The pact would permit security agencies to obtain personal information for law-enforcement purposes. One sticking point, however, is the ability of European citizens to sue the U.S. government for access to information and redress if they think the data are inaccurate or have been misused.
In't Veld said her case underscored the need for more explicit data-protection guarantees than those contemplated in the draft of the accord. It is also the first high-level legal test of Bush administration assurances that anyone may access his or her data under the Freedom of Information Act, privacy experts said. The law allows anyone, including non-citizens, to sue for access. But it provides no mechanism for correcting errors.
"The bottom line is, the U.S. is trying to give the impression in Europe that there's a simple, well-established process for records access that any European can avail themselves of," said David L. Sobel, senior counsel for the Electronic Frontier Foundation, which is filing the lawsuit on in't Veld's behalf. "But as this lawsuit shows, it's a difficult, time-consuming process that might ultimately not result in anything being obtained."
In't Veld, who helps develop transatlantic data-sharing policies as a member of the E.U.'s Civil Liberties, Justice and Home Affairs Committee, has been flying to and from the United States for the past three years or so. She is almost always detained as she leaves the United States and sent to secondary screening for questioning and a search of her handbag and luggage.
Last October, she filed a FOIA request for access to her records at three agencies. "I don't expect to find anything specific in the files," she said in a phone interview from Utrecht, the Netherlands. "But I am entitled to know what is in them."
In March, DHS officials responded that a "comprehensive search" of files within agencies including Customs and Border Protection, U.S. Citizenship and Immigration Services, Immigration and Customs Enforcement turned up no "responsive records."
The FBI also said it found no records. The State Department has not responded, according to her complaint.
In't Veld said "there must be something if I'm traveling in and out of the United States." A Washington Post reporter's FOIA request for personal records to the DHS yielded airline travel and reservation records for flights to and from the United States.
A DHS official, who spoke on condition of anonymity because department officials generally do not discuss specific cases, said that in't Veld was not "on any list," including the no-fly list, and that she had not sought redress through DHS's Traveler Redress Inquiry Program (TRIP). The official could not address her records request, which is handled by a separate department.
The proposed agreement, according to a draft final report, contains 12 principles that are standard hallmarks of data privacy. They include ensuring that the information collected is relevant and timely, that it is collected for a specific and legitimate purpose -- in this case, for law enforcement, and that people have access to their data and a means to correct inaccuracies.
It specifies that anyone may have administrative redress for concerns about misuse of data and notes that FOIA allows judicial redress to anyone.