The United States and the European Union (EU) have reached agreement on the legal transfer of air passenger data used by U.S. authorities in their efforts to fight international terrorism and transnational crime.

In a December 16 news release the U.S. Department of Homeland Security (DHS) said its agreement with the European Commission, the EU's governing body, affirms that U.S. privacy protections are legal and sufficient to guard passenger privacy.

At issue is transfer of passenger name record (PNR) data that is information about an air passenger collected through an airline reservation system.

DHS said that agents of the department's U.S. Customs and Border Protection Bureau need 34 elements of PNR data to screen passengers for possible involvement in terrorist activities or other serious crimes. The data will be retained for no longer than three and a half years, the department said

The agreement was reached after a year of difficult negotiations launched as a result of objections from both the European Commission and European Parliament against what they viewed as a breach of EU privacy laws in transfer of PNR data.

The EU had wanted to narrow the list of PNR data elements to 19 items and the duration of data storage from seven to three and a half years, according to news reports.

After the agreement enters into force, it will be valid for three and a half years, DHS said. After two and a half years, the two sides will renegotiate it, the department added.

U.S. DEPARTMENT OF HOMELAND SECURITY

Office of the Press Secretary

December 16, 2003

HOMELAND SECURITY AND EUROPEAN COMMISSION REACH AGREEMENT ON PNR DATA COOPERATIVE EFFORTS WILL KEEP TRAVELERS SAFER WORLDWIDE

In an historic effort to keep the United States' and European Union's borders safer from terrorism and international crime while protecting travelers' privacy, Department of Homeland Security (DHS) Secretary Tom Ridge and European Commissioner Frits Bolkestein have reached an agreement regarding the legal transfer of Passenger Name Record (PNR) data to Homeland Security. The agreement finds that Homeland Security's handling of the PNR data is sufficient for an "adequacy finding."

"This determination by the European Commission enhances the Homeland Security mission of fighting terrorism and crime while still ensuring that the privacy of travelers will be protected," said Ridge. "After a year of frank and earnest negotiations, this outcome shows the world that the United States and the European Union share the goals of keeping our people safe and our air travel network secure."

This finding by the European Commission affirms under European law that protections to be implemented by Homeland Security are appropriate to guard passenger privacy. By using 34 key elements of PNR data at borders and ports of entry, U.S. Customs and Border Protection (CBP) officers will be able to better screen passengers for the purposes of preventing and combating terrorism and transnational crimes. The PNR data will be generally retained for no longer than three and one-half years.

Additionally, the Department will continue to negotiate with the European Commission to reach a permanent agreement for the transfer of PNR data to the Transportation Security Administration (TSA) for operational use by the Computer Assisted Passenger Prescreening System II (CAPPS II), which will identify high-risk passengers for additional screening.

After review by the European Parliament, the agreement will enter into effect and be in place for three and one-half years with renegotiations beginning in two and one-half years.