Homeland Security, E.U. reach agreement on passenger data sharing

A new agreement between the Homeland Security Department and the European Union, expected to be finalized in the coming weeks, will clarify the manner in which DHS can use personal information about international travelers collected from airline reservation systems.

The agreement follows a 2006 interim agreement, which allowed Customs and Border Protection to access the Passenger Name Record data of travelers coming to or leaving the United States. A Passenger Name Record is a file of information created for each airline passenger when making a flight reservation. It can include everything from name, nationality and payment method to religious meal preference and seat assignment.

According to the minutes of an E.U. Permanent Representatives Committee meeting, the new agreement will expand access to the information to allow CBP's parent agency, DHS, to access it directly from airlines as well. The agency also will be allowed to keep data for twice as long. Previous agreements mandated the destruction of PNR data after three and a half years, but according to information presented to the E.U. committee, DHS Secretary Michael Chertoff and German Interior Minister Wolfgang Schäuble agreed that the data would be kept and used for seven years and then kept dormant for an additional year.

The agreement, initialed on June 28 by Chertoff, Schäuble and EU Commissioner Franco Frattini, has not been formally signed. The details, therefore, have not been released by U.S. officials. The E.U. Permanent Representatives Committee, however, discussed the particulars June 12, and the minutes of that meeting were published.

A DHS official said the agency was not able to comment on or confirm the details of the agreement, as negotiations are ongoing. But the official expected the agreement to be signed within the next few weeks.

The official did confirm that the agreement will call for a "push" system of Passenger Name Record data sharing to be put in place. Thus far, CBP has been using a "pull" system, meaning the department directly accesses airline reservation systems and extracts PNR information. Under a "push" system, the airlines would transmit the information to DHS.

The official was unable to say if data would be pushed for all international flights or only upon request.

Air Transport Association spokeswoman Elizabeth Merida said she assumes DHS will seek passenger data under the "push" system. She also said that while some airlines have "push" systems in place, others will have to develop them before being able to transmit the data to DHS.

"We are pleased that the European Union and the U.S. government have reached an accord about continued access to passenger information," Merida said. "We view the conclusion of an agreement that accommodates civil aviation security needs and privacy considerations, while avoiding airlines being subjected to contradictory legal requirements, as an important accomplishment."

The European Union and DHS have been negotiating the use of Passenger Name Record data for years, with various agreements hitting stumbling blocks because of E.U. concerns over legality. One major E.U. worry was that data collected by CBP was shared with other U.S. agencies without regulation.

The DHS official refused to say whether the new agreement would place restrictions on interagency sharing.

"PNR data is primarily collected to protect against terrorism and serious international crime," the official said. "PNR data is not used or shared for purposes other than that under which it was collected."