The European Union’s highest court ruled Tuesday that an EU-U.S. deal on passenger data was illegal, saying it did not provide adequate privacy protection for European travelers.
The trans-Atlantic agreement compels European airlines to turn over 34 pieces of information about each passenger – including name, address and credit card details – within 15 minutes of departure for the United States. Washington maintains that the information is vital to combat terrorism, and it has warned that airlines will face fines and a loss of landing rights if they do not comply.
The European Court of Justice in Luxembourg, however, found that the data would not be “adequately protected” by the United States.
I work with this kind of information every day. In my world, each reservation I make is called a “Passenger Name Record (PNR).” I’ve often wondered at how easily some of the information could be snagged inappropriately – especially now in light of the NSA domestic wiretapping scandal, and how easily some phone companies rolled over and provided data. It would be just as easy for US airlines (and more to the point, US airline reservations vendors, which are often separate entities) to provide a “feed” to the NSA.
I’ve been somewhat aware of the controversy swirling around PNRs and data privacy for a while now, mostly because of Edward Hasbrouck’s travel/privacy related blog category. It’s interesting that now, government and judicial bodies outside the US are emboldened to call a US request or policy “illegal.” He recently posted on this very issue.
I have to hope that our own judicial would also call this policy “illegal” for domestic travel within the US, too.