A U.S. mandate that airline passenger information be sent to the
American government prior to arrival has come into question
following a decision last week in the European Court of Justice
that brands the process as illegal.
The European Parliament took the matter to the court in
Luxembourg due to concerns that passenger data may not be
adequately protected by the U.S. government under the 2004
"passenger name agreement" introduced in the wake of the September
11, 2001 attacks.
The ruling means the agreement - signed between the European
Union's executive body the European Commission, and the U.S.
government - is invalid and is currently under a four-month
hiatus.
The court gave the commission until September 30 to find another
solution. Plans are under way to sign a new agreement that provides
more than 30 hit points of ID data per passenger.
The move is a victory for civil libertarians but it leaves
travel companies, especially the airlines that must collect the
passenger data in a legal quandary. Under U.S. laws passed after
September 11, 2001, airlines can be fined for failing to hand over
the information.
Irene Graham, Electronic Frontiers Australia executive director,
said providing information to another country's immigration
department raises huge privacy issues about the security of
data.
"I don't believe that most people travelling overseas know that
a vast amount of [personal] information is given to international
authorities," Graham said.
"It raises the question of not only how securely the airlines
keep information, but if that is handed over to officials in
another country, how can we be sure the people with access to that
data are legitimate. I do not understand how this information stops
terrorism."
Australian airlines fully comply with the U.S. mandate and the
Australian federal government claims passenger data is secure.
A spokesperson from the Department of Immigration, Multicultural
and Indigenous Affairs (DIMIA) would not disclose the amount or
type of passenger information sent, via airlines, to the U.S.
Australian legislation covering passenger data collection falls
under the DIMIA-controlled Border Control and Compliance Division
as "Advanced Passenger Processing" (APP).
The spokesperson said APP performs two key functions for border
security.
It allows an airline to electronically verify a passenger's
authority to travel to, and enter, Australia before boarding a
flight and signals the impending arrival of a passenger on an
international flight to enable the passenger's arrival
processing.
"The Australian and the U.S. systems are both advance passenger
information systems. However, how they use and collect data is
different; our system has additional functionality," the
spokesperson said.
"Australia's APP system does not use airline reservation
information or Passenger Name Record (PNR) data.
"Instead, the airline check-in agent collects data from the
passenger's passport and sends that data to Australia's APP system
for validation purposes and no other data is collected for
processing."
The information used by the APP includes passport number,
nationality, family name, given names, date of birth and gender.
The APP allows DIMIA to issue passenger boarding directives to
airlines at the time of check-in.
A spokesperson at Qantas Airways Ltd. confirmed that details
sent to the U.S. of passengers travelling from Australia to the
U.S. "fully comply with relevant U.S. legislation."
icon.
