US to hold personal data on EU travellers until 2022

Illustrated rainbow pride flag on a white background.

Tony Grew and Yepoka Yeebo

The Liberal Democrats have expressed concern over an EU agreement to give the US Department of Homeland Security unprecedented access to the personal information of passengers on transatlantic flights.

The European Commission quietly approved the agreement on Monday.

It gives the DHS access to the personal information of anyone on a transatlantic flight, which could include details of their sexual orientation.

Detailed passenger information was originally required as an anti-terror measure, but the DHS now insists on the right to use the information for disease control, and there are fears that gay passengers may be singled out as possible HIV risks.

Jo Swinson MP, Lib Dem spokesperson for women and equality, told PinkNews.co.uk:

“That the EU could hand over sensitive information about transatlantic passengers, including sexual history, is deeply worrying.

“The Liberal Democrats in the European Parliament have been highly critical of this measure, which seems unnecessary and lacks any democratic legitimacy.”

Today a Ministry of Justice official denied that any passengers will be asked about their sexual orientation under the new system.

The US can now retain the personal information of passengers from the EU on file for up to 15 years.

The data can also be accessed by any US law enforcement agency in pursuit of “serious crimes.”

The US is not required to provide similar information about its citizens to EU border police.

The new EU/US agreement will mean upgrading information already sent by airlines to the Department of Homeland Security on the 4-million-plus Britons who visit the US every year.

At present the DHS accesses payment details, home addresses and in-flight meal choices.

The new agreement now gives them access to 19 possible categories, which could include information on ethnic origin, political and philosophical opinions, credit card numbers, trade union membership, sex life and details of the passengers’ health.

The information will be provided by passengers when making bookings.

Notes that travel agents, for example, make about your booking, such as a gay or lesbian couple requesting a double bed, will be covered by the new arrangements.

Any information about your health needs, or if you travel as a member of a group, will also be recorded and stored.

The PNR agreement allows all the different agents within the air industry, from the travel agent and the computer reservation systems (CRS), to the carrier and the handling agents at the airports, to recognise each passenger and have access to all relevant information related to his or her journey.

The EU said the information will be stored by the US for seven years from the date of collection in an active database, following which the data will be moved to an inactive status for eight years, to be accessed only in exceptional circumstances and under strict conditions.

That means the US government will retain information on an EU citizen taking a flight this year until 2022.

“I can’t see any valid reason why [DHS] would need to retain PNR data for that length of time,” Graham Titherington, principal analyst at Ovum, told vnunet.com

“But the primary concern is not the length of time but that the data is being exchanged at all.

“This information will be hacked; it will leak at some point.”

The Ministry of Justice has responsibility for data protection issues.

A spokeswoman for the department told PinkNews.co.uk:

“By no means will passengers be asked for their sexual orientation.

“That is not information you give out when you book a ticket.

“There’s an open field, so if you tell your travel agent, “I’m disabled,” or “I need a halal or kosher meal” they can put it in that open field.

“The only way to infer issues like political opinion is if the Labour party, for example, pays for your ticket.”

Peter Hustinx, the European data protection supervisor, has written to the Commission expressing his ‘grave concern’ that there is no mechanism for EU citizens to challenge misuse of personal information and that there is no legal precedent in this area.

“Data on EU citizens will be readily available to a broad range of US agencies and there is no limitation to what US authorities are allowed to do with the information,” he said, according to The Observer.

“I have serious doubts whether the outcome of these negotiations will be fully compatible with European fundamental rights, which both the Council and the Commission have stated are non-negotiable.”

The Ministry of Justice stressed there are checks and balances in the new information sharing agreement.

“These safeguards include a provision stating that sensitive data will be filtered out and not used by DHS, except in an exceptional case where life is at risk.”

The Ministry of Justice declined to comment on why the EU’s data commissioner had expressed serious doubts about the data sharing or explain why the DHS would need access details of a passenger’s sexuality or meal choices in life-threatening situations.

The US Department of Homeland Security feeds the data supplied by airlines into a computer system, called the Automated Targeting System, which assigns people travelling to the US a numeric score.

The system detects whether people have, for example, bought a ticket very close to the departure date or missed bookings in the past.

These factors would be considered suspicious and increase a passenger’s score.

The system also considers more subtle patterns, such as where a passenger chooses to sit on the plane.

Travellers with a high score are interviewed on arrival, or barred from entering the US altogether.

Click here to read the EU document about the new agreement.