Until now, passengers flying to the United States had to fill out the Electronic System for Travel Authorization (ESTA) form as a paperless replacement to the I-94 form to be checked against the US watch list and pay a fee in order to enter the United States. This form has basic information on it and, although stored for a period of up to 12 years, did not contain much personal information. A vote in the European Parliament has now changed that policy, leaving EU civil liberties at risk.

The European Parliament has approved the controversial data transfer agreement, the bilateral PNR (passenger name register), with the US which requires European airlines to pass on passenger information, including name, contact details, payment data, itinerary, email and phone numbers to the Department of Homeland Security.

According to the ruling, the following PNR data [pdf] will be sent:

PNR Data Types

1. PNR record locator code
2. Date of reservation/issue of ticket
3. Date(s) of intended travel
4. Name(s)
5. Available frequent flier and benefit information (i.e., free tickets, upgrades, etc.)
6. Other names on PNR, including number of travelers on PNR
7. All available contact information (including originator information)
8. All available payment/billing information (not including other transaction details linked to a credit card or account and not connected to the travel transaction)
9. Travel itinerary for specific PNR
10. Travel agency/travel agent
11. Code share information
12. Split/divided information
13. Travel status of passenger (including confirmations and check-in status)
14. Ticketing information, including ticket number, one way tickets and Automated Ticket Fare Quote
15. All baggage information
16. Seat information, including seat number
17. General remarks including OSI, SSI and SSR information
18. Any collected APIS information
19. All historical changes to the PNR listed under points 1 to 18

If a person is not on a terror watch list, no-fly list, or any other list that labels them a danger to the airline industry, then there is no need to keep any of this information. This is all erroneous information with no justifiable reason to keep innocent travelers’ information.

Under the new agreement, PNR data will be “depersonalised” after six months and would be moved into a “dormant database” after five years. However the information would still be held for a further 15 years before being fully “anonymised”.

All the information taken from passengers will be readily available and accessible for six months. PNR data is the personal details of a person. If you remove the information that identifies the person, how is any of that information useful in combating terrorism?

If this information is depersonalized, how is it useful beyond the six months? If the information is not completely anonymized until after 15 years, how do they intend to identify a person if it was already depersonalized? It should also be noted that, after 15 years, the information will still be held. It might be anonymized, but it will still be held somewhere in a database.

Unfortunately, the most depressing aspect of this story is that the European Parliament caved to US pressure in voting to send airline passenger data to the US.

Some EU politicians alleged that their colleagues had been “held to ransom”by the US authorities, who threatened to suspend visa-free travel to the US if the deal was rejected.

At this point in time, the United States is in no position to be making travel to the US more difficult than it already is. If Europe no longer has visa-free travel to America, they are more likely to travel elsewhere that does not require long waits for expensive visas. The European Parliament should have called the United States’ bluff as it cannot afford to have millions of European tourists go elsewhere for their holidays.

The United States is continuing to bully every country it can into doing their bidding. They are attempting to control worldwide copyright with TPP. They have attempted to control free speech and the internet with ACTA. They have already forced anyone flying over US airspace to hand over airline passenger data. They recently forced Canada, Mexico, and the Caribbean to turn over airline passenger data even if they don’t enter US airspace.

Other countries need to stop rolling over and merely accepting whatever policy the United States creates. As long as other countries are willing to give up their sovereignty to placate the United States, citizens across the world will suffer. Intrusive, big brother surveillance is not what the world needs.

Sophie in ‘t Veld of The Netherlands has urged the EU to reject the rule. This video is from her speech in the EU Parliament in February 2012.