15 January 2009
The Privacy Office of the U.S. Department of Homeland Security (DHS) released in the second part of December 2008 a report regarding the Passenger Name Record (PNR) information from the EU-US flights.
Even though the official conclusion of the authors is that DHS handling of PNR data “is in compliance with both US law and the DHS-EU agreement on USA access to, and use of, PNR data related to flights between the EU and the USA.” In reality the report shows a number of major disfunctionalities that proves the DHS did not comply with the EU agreement or with the US legislation in its use of PNR, that includes data from Europeans that travel to US.
According with the second PNR agreement between US and EU, there should have been periodic joint US-EU reviews of compliance. But the present report is just an unilateral internal review conducted within the DHS, which did not include EU representatives or any outside experts in PNR data.
A detailed analysis by the Identity Project in the US shows the specific DHS compliance failings resulted from the report:
– Requests for PNR data have typically taken more than a year to answer – many times longer than the legal time limits in the Privacy Act and Freedom of Information Act;
– When individuals have requested “all data” about them held by the DHS, often they have not been given any of their PNR data;
– Because of this, the vast majority of requesters who should have received PNR data did not;
– PNR data has been inconsistently censored before it was released;
– A large backlog from the initial requests for PNR data remains unanswered, more than a year later.
The results of the report are in line with the findings of the earlier reports of the Identity Project that revealed the practical problems in accessing your PNR data with the DHS. These problems are the same that the European citizens might face in getting access to their data from DHS
A clear example is the last year request from MEP Sophia In ‘t Veld to get her PNR information – a request which received a first false claim from DHS that they didn’t have any record of her trip.The MEP finally received her PNR data after EFF lawyers filed a Federal lawsuit on her behalf, but the data was late, clearly incomplete, and inconsistently and inappropriately redacted, according with a well-known PNR expert, Edward Hasbrouck .
A report concerning Passenger Name Record Information derived from flights between the US and the European Union (18.12.2008)
DHS admits problems in disclosing travel surveillance records (24.12.2008)
Can you really see what records are kept about your travel? (30.12.2008)
European Lawmaker Sues U.S. Agencies to Obtain Travel-Related and Other Personal Information (1.07.2008)
EDRi-gram: Final agreements between EU and USA on PNR and SWIFT (4.07.2007)