European Parliament

Committee on Citizens' Freedoms
and Rights, Justice and Home Affairs

Hearing on the Disclosure of
Passenger Data to the United States

(May 6, 2003 – Brussels)


(Prepared statements – MEPs’ questions – witnesses’ answers)



1) Darlene FREEMAN, Director, Office of International Affairs, Bureau Border and Transportation Security, Dept. of Homeland Security (DHS)

2) Douglas BROWNING, Deputy Commissioner, Customs and Border Protection (CBP), DHS

3) - Steven McHALE, Deputy adm., Transportation Security Administration (TSA), DHS

4) Nuala O'Connor Kelley, Chief Privacy Officer, DHS



_Freeman_ said that data protection /is/ important to US
He said that DHS goal is to obtain a determination of adequacy under Art. 25, Dir. 95/46.

_Browning_ spoke for the CBP unit and said that access to PNR is an "important security issue not just to the US but to a lot of gov'ts", complete 100% control is impossible, but CBP has to take decisions about" whom to talk to in greater depth". DHS is "Mandated by law to collect PNR data". Therefore, ideal situation is to obtain data before take-off to finish "risk-assessment" by time of landing. Airline industry has cooperated for a number of years already. The more information we get, the better informed we are to make decisions. This is not about creating a data base, but about "protecting the citizens of resp. countries" according to a number of principles: (1) fairly and lawfully, (2) data can only be collected for a specific and legitimate purpose, (3) further processing has to be compatible with the initial purpose of collection, (4) collection has to be adequate and not overly burdensome, (5) mechanisms for accuracy and integrity of data, (6) retention only "as long as necessary".

_McHale_ spoke for TSA: security and privacy issues are complimentary—do not exclude each other. Explained passenger screening. After the Lockerbie bombing of a PanAm jet, so-called CAPPS was installed (computer assisted passenger pre-screening), this is now being developed in to a second generation CAPPS-II, operated by the TSA. Aim is to screen risks before even boarding, CAPPS-II is designed to reduce the no. of people for further screening and intended to "restore public trust" in airline travel. CAPPS-II is using data for identity and risk assessment only, using "commercially available data", excluding “sensitive data” as defined by Art. 8 of the Data Protection Directive (e.g., ethnic, religious or racial data), protected by double firewalls, does not include data mining and is not a profiling system. CAPPS-II will be able to accurately authenticate passengers’ identity and avoid identification errors.

_O'Connor Kelly_ She calls the creation of her office "a historic development within the US" and claims she's independent from DHS because this was done by Congress, she also reports "to Congress and the White House directly". She admits to be part of "DHS team leadership", but the achievements for data protection by this team are "considerable". (See prepared statement at


_Pirker (PPE-DE)_ supports "close US-EU cooperation in the fight against terrorism", but wants it to "be in balance" with data protection questions: which data is transferred, how is this data processed further, using which linkages, which control mechanisms or guarantees are in place? How can the EU check whether the data is actually used in the way the US gov’t has promised? The profiling of passenger data could be used to get interesting information on business travelers and on the reason of their travel to the US. Compliance with the principle of purpose specification is important in that regard.

_Ceyhun (PSE-DE)_ insists to be very "sensitive" to the issue as a Social democrat and an Interior policy specialist. His worry is that the US just led a war against international opposition, so what happens when the US similarly decide to use the data according to their own rules and don't listen to others’ opinions?

_Buitenweg (Greens-NL) _believes "the more the gov't mingles, the more abuse you get, the more citizens feel unsafe". Questions: What is already in the US government’s databases? What data is used? Which agencies have access, why is there retention of passenger data for more than a day since the purpose of the US government is to identify passengers and to prevent threats to air travel safety? Retention should as a result not last more than a day. What guarantees can be given not to use the data for a global surveillance system?

_Swiebel (PSE-NL)_ Asks what PNR’s scope really is. Recalls that PNR includes up to 60 data fields and sub-fields [according to COM PR, SE]. Is it really necessary to have so many fields? Is it proportionate to get so many data if it used for security purposes? Which of these fields are transferred? Who has access? How can data be corrected if wrong? Can I have access to US courts?

_Kirkhope (PPE-UK)_ wants to make the US delegation "feel more at home" by pointing out that he supported the war contrary to Ceyhun, and acknowledges the US side "the full right" to control its borders and who has access to US territory. He demands that the data used be "strictly limited" and considers it "not proportionate" to pull over a complete passenger manifest. The information collected should be specifically limited to what is strictly necessary for intelligence purposes.

_Schmitt (PPE-DE)_ is also of different opinion than Ceyhun on war, but wants to know why US-side sought dialogue with EU only now? He recalls that the measures was "dictated" at the beginning under "heavy financial sanctions" which "put airlines in a difficult legal situation" between EU data prot laws and US demands. Questions: which data is transferred? who has access? He considers data retention "as long as necessary" as being "too vague". There should be a cut off period of 1 or 2 years.

_Cederschiöld (PPE-SV)_ considers data retention" for 50 years" to be "a little exaggerated". Although this would not be legally binding, she wants to know from the US delegation if they "personally believe that the data will be used according to EU standards" from what they have heard so far?

_Newton-Dunn (Liberal-UK)_ recalls enlargement of the EU with 10 new states increasing the EU population by up to 450 mio. How are the US going to win the trust of these new citizens of the EU? If there's no discrimination on grounds of race, ethnicity or religion, is there any on grounds of nationality [this is rejected by Browning, SE]. Is there a possibility for EU passengers to check their data?

_Boogard Quack (Liberal-NL)_ wants to know how the Freedom of Information Act applies to non-US citizens?


_Freeman_ asserts that there is "no intent to carry any global surveillance, nor are there any economic interests but the fight against terrorism". By" intent" she means a "commitment to use the data strictly to fight terrorism and serious criminal offences".

_Browning_ recalls that the dialogue with EU and airlines has begun immediately after US law was passed in November 2001 [reference to US Patriot Act, SE]. Since 1995, more than 200 airlines have "voluntarily provided PNR data" to US customs, including EU-, Asian, Latin American and North American carriers. The US law requires carriers to push information to our department. Carriers let the US government pull the data they need. The targeting system was built to answer carriers’ demands of not having to filter their PNR data. On the issue of access, he said that 300 employees of CBP have access to data for up to seven days, after that, access to data is limited to 40 employees. CBP's interest is to "know who, when and why someone went into the system and to audit the process after that". He rejects the idea that there was any discrimination on grounds of nationality, since the law requires that "anyone who is traveling to, through, from or within the US” provide PNR data". CBP does not do historical checks on older itineraries. He insists that data was only processed "if it is consistent with the original purpose". If there is retention of data, it is only for au auditing purposes and to answer complaints.

_O'Connor Kelly_ excuses herself for being only on the job for 12 days, however, "all systems will be reviewed" with the aim of minimizing data, making sure that it is used for the initial purpose only and not for any commercial use, and that there is no "data "escaping from the system". She insists that there is "equal treatment" for US- and non-US citizens. She is also working on "full and comprehensive access to their data" by concerned individuals, thanks to the help of ombudsmen.

_McHale_ is answering the question on accessibility for the TSA: CAPPS-II is still in development, currently in the test phase, but will be a completely automated system aiming at doing "risk assessment" within minutes [the time between a ticket sale at the airport and immediate boarding, SE], this means that "no individuals" have access to CAPPS-II. It's protected by dual firewalls around the system. He recalls that PNR does not contain any fields that could be considered" sensitive" according to Art. 8, that such info could only be indirectly inferred from fields such as "General remarks". He admits that each airline enters data differently, so that it is not easy to say a priori which fields are important and which are not. Thus, working on filters becomes also problematic. The TSA is working with the European Commission on this issue.

_Boogard Quack_ closes the hearing by underlining the political nature of the issue and promises that MEPs will "closely monitor" further developments.