EU Court Blocks Passenger Data Deal with U.S.

Reinier writes "The BBC reports that the European Court of Justice has ruled the airline data agreement with the United States is illegal. The 'agreement' required airlines to share 34 items of personal data of their passengers with American authorities at least fifteen minutes before take-off of any flight to the US. The Court of Justice examined the agreement after the European Parliament objected. A PDF of the ruling is available online."

Directive & Articles

[eldavojohn]

The PDF linked states:

The Court found that Article 95 EC, read in conjunction with Article 25 of the directive, cannot justify Community competence to conclude the Agreement with the United States that is at issue.

I could not find anything entitled Article 95 EC, did they mean Directive 95/46/EC which is in regards to the protection of personal data?

Article 25 of the EU Directive can be found on a number of sites and states that non-member countries may be provided with member data in the case of need. It's quite vague (standard law-talkin' guys strategy) so I could see it being read either way--entirely open ended!

Re:Directive & Articles

[gowen]

It's quite vague (standard law-talkin' guys strategy) so I could see it being read either way--entirely open ended!

No, its not. The principles are vague, Article 26 itself is pretty clear. It says that you can't transfer to third countries unless you can guarantee data protection up to the level of Directive 95/46/EC unless

(a) the data subject has given his consent unambiguously to the proposed transfer; or
(b) the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of precontractual measures taken in response to the data subject's request; or
(c) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and a third party; or
(d) the transfer is necessary or legally required on important public interest grounds, or for the establishment, exercise or defence of legal claims; or
(e) the transfer is necessary in order to protect the vital interests of the data subject; or
(f) the transfer is made from a register which according to laws or regulations is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate legitimate interest, to the extent that the conditions laid down in law for consultation" are fulfilled in the particular case.

Only (b) or (c) could possibly apply here, and the Court have decided they don't.

Re:Sounds like it was more a concern about protect

[Confused]

Which raises the question as to what specifically the EU courts find lacking in US data security.

Basically, the main problem of the database-war between the USA and the EU is, that the EU guarantee to its citizens certain rights concerning their data, like not having it transferred to third parties, the right to review the data about oneself and some limited rights to have the data erased. To prevent clever corporations to circumvent those regulations by shipping the data outside the EU, there's a directive that personal data can only be shipped to countries, that have similar data-protection rights (so called safe havens). As you can imagine, the USA isn't really too interested in giving its own citizens data protection rights from corporations and the gouvernement and even less on granting those rights to foreigners. Thus, no data transfer of personal data of EU-citizens to the USA.

Re:what are those 34 items?

[mbrett]

These are the 34 items, taken from the DHS document at http://www.dhs.gov/interweb/assetlibrary/CBP-DHS_P NRUndertakings5-25-04.pdf which also describes how easily the data can be distributed, and how "deleted after 3.5 years" doesn't really mean what it says, but may mean that your data goes into a file marked "deleted, honest, and reely hard to read because it's raw data" and kept for 8 years or more.

1. PNR record locator code
2. Date of reservation
3. Date(s) of intended travel
4. Name
5. Other names on PNR
6. Address
7. All forms of payment information
8. Billing address
9. Contact telephone numbers
10. All travel itinerary for specific PNR
11. Frequent flyer information (limited to miles flown and address(es))
12. Travel agency
13. Travel agent
14. Code share PNR information
15. Travel status of passenger
16. Split/Divided PNR information
17. Email address
18. Ticketing field information
19. General remarks
20. Ticket number
21. Seat number
22. Date of ticket issuance
23. No show history
24. Bag tag numbers
25. Go show information
26. OSI information
27. SSI/SSR information
28. Received from information
29. All historical changes to the PNR
30. Number of travelers on PNR
31. Seat information
32. One-way tickets
33. Any collected APIS information
34. ATFQ fields

financial aid?

[m874t232]

The US doesn't give "financial aid" to Europe. Instead, Europe and Asia are pouring hundreds of billions of dollars into the US to keep the US economy afloat (it's not called "financial aid", but "loans and investments", but the end result is not that different). They are doing this because the US is an important export market for Europe and Asia and the world economy would collapse if they didn't do this.

So, the US has some credible economic threats against Europe, but withdrawal of "financial aid" isn't it. The US threat is more like "we can commit economic suicide and take you with us"; it's a threat better exercised with great care.

Re:So, has anyone ever ...

[Erwos]

Kosher doesn't mean it was blessed. It means the food doesn't contain any forbidden items, such as improperly-slaughtered meat, unkosher meats or fish (eg, pork, shellfish, etc), and so on. I think there's a bit of confusion because kosher slaughtering (shechitah) does require someone with ordination to do it, because of potential complexities and problematic situations - indeed, this is what the bulk of a proper rabbinical ordination covers in material.

Halal is apparently similar, but less strict on the number of "inherently un-Halal" items (for instance, I believe Muslims can eat shellfish). I'm no expert, but I've been told that kosher is a subset of Halal - so Muslims who can't find Halal food can rely on kosher certification in a pinch. I don't think they're supposed to do that as the first option, though, which is understandable (after all, their own authorities should be the one making the call).

You can get foods which are both kosher and Halal - for instance, the My Own Meals brand (they do instant meals and MRE-esque stuff) has a good kosher certification, and at least some sort of Halal certification.