Pact contains specific guidance on use and retention of data

The United States and the European Union have signed an agreement allowing U.S. Customs and Border Protection (CBP) to collect air passenger data on those flying European airlines to or from the United States, the U.S. Department of Homeland Security (DHS) announced May 28.

The agreement sets forth how the data is to be processed, used, and retained, according to a statement by DHS. It also stipulates that the data collected may be used only to prevent and combat terrorism, serious transnational crimes, and flight from warrants or custody for such crimes.

The new agreement will be in effect for three and a half years, and the data collected may only be retained for that length of time "unless associated with an enforcement action."

Following is a Department of Homeland Security press release:

(begin text)

U.S. Department of Homeland Security
Washington, D.C.
May 28, 2004

Press Release

DHS AND EU SIGN AGREEMENT TO ALLOW COLLECTION OF PASSENGER DATA

(Washington, DC) May 28, 2004 - Today, Secretary of Homeland Security Tom Ridge, Irish Ambassador Noel Fahey (representing the Presidency of the European Union), and European Union Ambassador Günter Burghardt, (representing the European Commission) signed an agreement that will allow U.S. Customs and Border Protection (CBP) to collect airline Passenger Name Record (PNR) information relating to flights between the United States and the European Union. Although air carriers have been providing PNR data since March 2003 under an interim arrangement, this agreement will establish the legal basis for such information to be collected and transferred consistent with U.S. and European Union (EU) laws.

The agreement will be in effect for three-and-a-half years once it is implemented, with renegotiations to start within one year of the agreement's expiration date. The comprehensive arrangement concluded with the EU, which includes this agreement as well as a more specific set of Undertakings setting forth in detail how CBP will process and handle PNR data, contains specific guidance on the use and retention of the PNR data, to include:

-- Data will be retained by CBP for three and a half years, unless associated with an enforcement action.

-- Only 34 PNR data elements will be accessed by CBP, to the extent collected in the air carriers' reservation and departure control systems.

-- CBP will filter and delete "sensitive data," as mutually identified by CBP and the European Commission.

-- PNR data will be used by CBP strictly for purposes of preventing and combating:

1) terrorism and related crimes;
2) other serious crimes, including organized crime, that are transnational in nature; and
3) flight from warrants or custody for the crimes described above.

"The U.S. and the EU are equally committed to not only improving the safety of air passengers and the security of our borders, but also to protecting the privacy of air passengers consistent with both U.S. and European laws," said Secretary Ridge. "Today's signing is the result of more than a year of negotiations between the United States and the European Commission, and is a sign of our united commitment to combat terrorism."

Without an agreement, air carriers were placed in a situation where they could either face fines for violating EU privacy laws or penalties for failing to provide passenger data to CBP. Through the interim arrangement, both the U.S. and the EU had agreed not to take enforcement action while negotiations were underway. Today's formal agreement removes air carriers from that situation and strikes a balance between facilitating legitimate travel while contributing to the security of the U.S. and EU member states.

(end text)

(Distributed by the Bureau of International Information Programs, U.S. Department of State. Web site: http://usinfo.state.gov)