We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Battle over EU flight passenger data rages on

Groups say plans to give E.U. citizens' data to the U.S. and Australia breaches civil liberties and is a security threat

Digital rights organizations have hit out at new agreements to transfer information about flight passengers in Europe to the U.S. and Australia.

Fresh negotiations on the so-called PNR (Passenger Name Register) 2007 deal are currently taking place and last week draft agreements on the transfer and retention of air passenger data were leaked.

The agreements, which would require airlines to send passenger information to the U.S. Department of Homeland Security and Australia's Customs and Border Protection, has provoked outrage among civil liberties groups.

This data would allow for profiling --- the use of data for sorting passengers into risk categories based on pre-defined and secret criteria -- without an initial suspicion or criminal lead, according to the European Digital Rights group EDRi.

Members of the European Parliament (MEPs) have also criticized the plan and refused to even vote on it in May 2010.

"We are skeptical about the absolute necessity of a European system of flight data storage," said German MEP, Manfred Weber. "So far, the U.S. and other countries using the PNR system have failed to convince us about its necessity."

The data, including credit card details, phone numbers and home addresses, could be stored for up to five and a half years in Australia and 15 years in the U.S. There are also provisions for onward transfer of the data to third agencies and countries.

Meanwhile, international data security company Imperva has warned that PNR data, in particular the Advanced Persistent Threats (APT), would be a target for hackers. Instead of stealing data, APT hackers could try to insert entries and give them "no need to check at all" clearance or try to gain information about a person and use it to create fake passports, said Tal Be'ery, Imperva's Web research team leader.

"Of course -- it doesn't have to be a digital attack," Be'ery said. "An attacker may convince some employee, even low ranking one, to give him some (or all) data. I'm not saying that this database shouldn't exist because of these reasons -- it should be closely defended and guarded as a prime target of APT."

The European Council of Justice and Home Affairs Ministers are due to discuss the draft agreement on June 9.

Follow Jennifer on Twitter at @BrusselsGeek or email tips and comments to [email protected].


IDG UK Sites

Best Black Friday 2014 tech deals UK: Latest bargains on phones, tablets, laptops and more this...

IDG UK Sites

Tech trends 2015: 3D printing grows up

IDG UK Sites

10 mind-blowing Oculus Rift experiments that reveal VR's practical potential

IDG UK Sites

Black Friday 2014 UK: Apple deals, Amazon deals & other Black Friday tech offers