EU and US Reach Deal On Airline Data

gambit3 writes "According to the BBC, the EU and the US have struck a new deal for sharing airline passenger data. It will replace a deal struck down by the European Court of Justice in May, which allowed the US its own access to passenger data. Under the deal, the EU will 'push' the data — 34 pieces of information per passenger — to the US, replacing the current 'pull' system. The new deal will expire at the end of July 2007."

So what's changed?

[jimicus]

Old system: US pulls 34 items of data about each passenger.
New system: EU pushes 34 items of data about each passenger.

Unless the data itself has dramatically changed, I really can't see any functional difference. So how is this any better?

Re:So what's changed?

nothing, it's just that they did not get their wish for even more data granted.

personally I'd like to see proof that ANY effect has come out of this other than of course a massive breach of privacy.

jacquesm posting on the road as AC

Re:So what's changed?

[Richard+Steiner]

Well, the US can't go rummaging around for unrelated information in the second case -- they only get what they're given.

Re:So what's changed?

[Decado]

RTFA Please

The new system is better from an EU standpoint because the data is sent to a single secure source. They no longer have to worry about it being pulled from an untrusted source. There is no longer an external logon to the EU system that could potentially reveal private information. Instead it is pushed securely to a trusted homeland security site which is then responsible for distributing it within the US. Because the EU is no longer a risk for distributing private information it is OK within the EU. If there is a privacy breach it won't be the fault of the EU and that makes the EU authorities happy. From the standpoint of the consumer the same data still flies around but that was never the issue, the issue was that there was potential for the EU system to leak sensitive data which was unacceptable.

34 data fields (missing from article)

[digitalderbs]

The data fields can be found from this earlier article.

• Information about the passenger: name; address; date of birth; passport number; citizenship; sex; country of residence; US visa number (plus date and place issued); address while in the US; telephone numbers; e-mail address; frequent flyer miles flown; address on frequent flyer account; the passenger's history of not showing up for flights
• Information about the booking of the ticket: date of reservation; date of intended travel; date ticket was issued; travel agency; travel agent; billing address; how the ticket was paid for (including credit card number); the ticket number; which organisation issued the ticket; whether the passenger bought the ticket at the airport just before the flight; whether the passenger has a definite booking or is on a waiting list; pricing information; a locator number on the computer reservation system; history of changes to the booking
• Information about the flight itself: seat number; seat information (eg aisle or window); bag tag numbers; one-way or return flight; special requests, such as requests for special meals, for a wheelchair, or help for an unaccompanied minor
• Information about the passenger's itinerary: other flights ticketed separately, or data on accommodation, car rental, rail reservations or tours.
• Information about other people: the group the passenger is travelling with; the person who booked the ticket

Does this violate the EU's data protection law?

[kcbrown]

Once the data leaves the hands of the EU, it is beyond the control of the EU. DHS can (and will, I'm sure) give it to anyone they want to. I have little reason to believe that won't include corporations that are willing to pay off the right people.

So, really, how is this any better than what the U.S. was demanding to begin with, other than the fact that the EU gets to decide ahead of time whose data gets sent to the U.S.? For ordinary people, it seems to me that this is no different. Only people with "special" standing within the EU (i.e., those who have special connections to the people who decide what data goes out) will be protected.

The actions of all governments with respect to the rights, liberties, and protections of the people have become so predictable that it's depressing. :-(

Frankly

[Timesprout]

We should just tell the US to go fuck themselves over the data and not travel there. If anything US airline security has been shown to be so poor we should be the one imposing the ridiculous restrictions on them coming here.

Re:Frankly

[ev0l]

I don't know where you live but I live in Toronto and fly to the states five or six times a year.

In the Toronto Airport (YYZ) it usualy takes under thirty minutes to clear through both US customs (yes you clear through US customs while still in Canada) and security. A direct flight to Florida takes about 2 and a half hours.

To be safe I usualy show up 90 minutes before my flight departs and usualy have about an hour wait when I get to the terminal.

I don't know where you fly out of by 4 hours is absurd and I am not sure you have ever actually experienced that sort of delay or were embellishing to make a point.

In fact the YYZ web site states that you should show up 2 hours early for flights with both international and US destination.

So that puts you at at most 5 hours to fly from Toronto to Florida or 9 hours or more to fly to Europe.

Re:Frankly

[chicago_scott]

I would probably agree with you about boycotting travelling to the US if I lived outside the US.

But regarding your point about risks to your personal liberty and freedom if you come here; I have to point out that the EU is the one that collects this data on it's citzens in the first place.

Isn't the EU also infringing on on their personal liberty and freedom?

What about Canada? They have to do the same thing. Here's Air Canada's policy. Isn't your government infriging on your personal liberty and freedom as well?

http://www.aircanada.com/en/travelinfo/APIS/apis.h tml

Air Canada (like all other airlines) is required to adhere to the Advance Passenger Information System (APIS), which requires the collection of specific information from every passenger travelling to Canada, to/from the U.S. and other countries. This information is required for the purposes of ensuring aviation safety and security.

Travellers must supply Advance Passenger Information at time of check-in or they will be unable to travel.

Following is a list of information required:

      1. Full name (last name, first name, middle name if applicable)
      2. Gender
      3. Date of Birth
      4. Nationality
      5. Country of residence
      6. Travel document type (normally passport)
      7. Travel document number (expiry date and country of issue for passport)
      8. Destination address in the U.S. (Not required for U.S. nationals, Legal Permanent Residents, or Alien Residents of the U.S. entering the U.S.)

It went something like this

[thefirelane]

US: Hey EU, we need to talk about your Pieces of Information
EU: Oh, is there a problem, I thought I was giving you the right number, 34 is the minimum right?
US: Oh, yes, 34 is the minimum number of pieces of information, if you just want to do the minimum
US: Look at Bulgaria over there, they give 54 pieces of information, don't you want to be like Bulgaria?
EU: Look, if you want 54 pieces of information, just make the minimum 54
US: I just want you to want to do more than the minimum


Sorry, I forget the actual script, that's off the top of my head.

What about US citizens?

[miffo.swe]

If the EU gets the same access to US databases im a ok with this. Somehow i suspect the US would never bend over and take it like that. Only the EU is so cowardly bent over for their new puppet lors.