Draft of Washington-EU deal leaked to the Guardian shows agreement 'violates basic European principles'
The personal data of millions of passengers who fly between the US and Europe, including credit card details, phone numbers and home addresses, may be stored by the US department of homeland security for 15 years, according to a draft agreement between Washington and Brussels leaked to the Guardian.
The "restricted" draft, which emerged from negotiations between the US and EU, opens the way for passenger data provided to airlines on check-in to be analysed by US automated data-mining and profiling programmes in the name of fighting terrorism, crime and illegal migration. The Americans want to require airlines to supply passenger lists as near complete as possible 96 hours before takeoff, so names can be checked against terrorist and immigration watchlists.
The agreement acknowledges that there will be occasions when people are delayed or prevented from flying because they are wrongly identified as a threat, and gives them the right to petition for judicial review in the US federal court. It also outlines procedures in the event of anticipated data losses or other unauthorised disclosure. The text includes provisions under which "sensitive personal data" – such as ethnic origin, political opinions, and details of health or sex life – can be used in exceptional circumstances where an individual's life could be imperilled.
The 15-year retention period is likely to prove highly controversial as it is three times the five years allowed for in the EU's PNR (passenger name record) regime to cover flights into, out of and within Europe. A period of five and a half years has just been negotiated in a similar agreement with Australia. Germany and France raised concerns this week about the agreement and the unproven necessity for the measure.