Page last updated at 11:30 GMT, Friday, 29 June 2007 12:30 UK

Q&A: EU passenger data row

In 2004, the European Union and the US agreed that airlines leaving Europe for the US would provide a range of information about every passenger.

The agreement came about after detailed negotiations with the US about the data that would be provided, how it would be used, who would see it and how long it would be kept.

The agreement was annulled by the European Court of Justice in May 2006 and was replaced by a temporary deal in October 2006. A long-term agreement was reached in June 2007.

What information is provided?

The US is interested in information on each passenger held in the ticket reservation database.

This includes such things as information about the booking of the ticket, the passenger, and some things about his or her travelling companions and travelling history.

Frequent flyer miles, credit card number, e-mail address and telephone number could all be present, depending on how the ticket was booked and paid for.

Requests for a special meal will show up too, unless they indicate the passenger's race or religion. In this case, the data is not meant to be provided.

There are also "open text" fields where the travel agent may enter general information about a passenger's tastes and preferences, but data from this area is only meant to be transferred when it is relevant for security purposes.

If US officials want more information about a traveller's bank or e-mail account, they can apply for it through the courts.

How does the 2007 agreement differ from the 2004 agreement?

In the original deal, the US gained access to 34 data fields in the reservation database, but that figure has apparently been reduced to 19.

At the same time, the US won the right to retain the data for much longer - up to 15 years, instead of three-and-a-half years - and has more freedom to share the information between various US agencies.

There is also a change in the way the US Customs and Border Protection (CBP) obtains the data. Originally it had direct access to the reservation databases, and was able to pull out the information it wanted. But the new deal contains a "clear commitment" to a system where the airlines pull out the data and push it to the US authorities.

How is the information used?

The US initially demanded the data in the wake of 9/11 and primarily uses it for anti-terrorism purposes. However, it insists on the right to use the data for other purposes, such as disease control.

The US authorities attempt to identify passengers who could present a security risk, by comparing their reservation data profile - of missed flights, tickets bought at the last minute, seating preferences etc - with profiles deemed to be suspicious.

The Department of Homeland Security said in December 2006 that it was using a computer system, the Automated Targeting System, which assigns people travelling to the US a numeric score.

Any traveller whose score reaches a certain level will be subjected to a full interview, or barred from entering the country.

Does the new deal comply with EU data protection regulations?

The EU's data protection supervisor, Peter Hustinx, said on 27 June 2007, as the deal with the US was being finalised, that he had "serious doubts whether the outcome of these negotiations will be fully compatible with European fundamental rights".

He said he was concerned that the deal would not be legally binding on the US, that there were insufficient limitations on what the US was allowed to do with the data, that the data would be kept for too long, and that there was no "robust legal mechanism" for EU citizens to challenge misuse of their personal information.

The EU's Article 29 Data Protection Working Party, which includes national data protection chiefs from each member state, said the old list of 34 data items was too long, so the EU may welcome the fact that it has been shortened.

However, an MEP who wrote a report on the subject for the European Parliament, Sophia in't Veld, has voiced suspicions that the reduction in data fields may have been achieved by merging some of them - so that what used to be counted as two data fields are now counted as one.

What does the European Union think of the Automated Targeting System?

Justice Commissioner Franco Frattini told the European Parliament in December that the information given by the Department of Homeland Security (DHS) about the ATS indicated that it violated the undertakings given by the DHS on the use of European passenger data.

Why did the European Court of Justice annul the old deal?

It said the Commission had been wrong to give the deal a basis in the body of EU law dealing with the internal market.

It said the data was used for security reasons rather than commercial reasons, and should therefore be founded on the body of law dealing with co-operation between member states in justice and home affairs.

The case was taken to the court by the European Parliament, but the court did not examine the MEPs' complaints about violation of privacy.

A side-effect of the court's ruling, changing the legal basis of the agreement, is that the parliament no longer has the power to vote it down.

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific