New Report Shows Why Americans Must Join With Europeans To Protect Privacy, ACLU Says

International Report Charts U.S. Attempts to Export Bad Privacy Laws and Weaken European Privacy Protections

FOR IMMEDIATE RELEASE

NEW YORK — A new report issued today by European civil liberties groups reveals that the Bush Administration is trying to force Europe to adopt its own misguided and privacy-threatening approach to stopping terrorism through invasive data tracking systems, the American Civil Liberties Union said today.

“Americans who care about freedom need to know what effect our government’s policies are having in Europe – and how those policies are likely to come back to haunt us,” said Barry Steinhardt, Director of the ACLU’s Technology and Liberty Program.

European anti-privacy forces are pushing to set up their own system for access to travel records, Steinhardt noted. They and other countries will expect reciprocity from the United States, and personal information about Americans will join the worldwide stream of multilateral data-sharing under such a regime.

The European report, Transferring Privacy: The Transfer of Passenger Records and the Abdication of Privacy Protection, was simultaneously released today in London by the advocacy group Privacy International and in Brussels by the European Digital Rights Initiative. Non-governmental organizations from Europe and the United States including the ACLU also met today in Brussels with European Commission officials to discuss the privacy implications of the Bush Administration’s demand for European data.

As the report describes in detail, the Bush Administration is attempting to enlist the cooperation of Europe in its attempt to build the airline passenger profiling system CAPPS II (Computer Assisted Passenger Prescreening System), which is built around a secret process of background checks and risk ratings for every person who flies. But the American government demands have run up against European privacy laws, which are far more comprehensive than anything in force in the United States today.

“Unlike the primitive privacy protections that Americans still live under, European privacy law does not permit its citizens’ personal information to be traded willy-nilly,” Steinhardt said. “When it comes to how we handle privacy, America should be moving toward Europe – not forcing them to move toward us.”

The report called the U.S. effort “another clear case of what is becoming known as ‘policy laundering,’ in which government officials use the requirements of other jurisdictions as justification to obtain or enhance powers clearly wished for but otherwise unobtainable. EU member states are now clamoring to gain access to passenger records, something previously prohibited but now being considered due to vague law and overzealous agencies in the United States.”

In an addendum to the report, the ACLU said that the Bush Administration’s request for European data goes well beyond what is needed for the airline security purposes it claims to be pursuing and well beyond anything directed by Congress.

“This report charts the whole shabby story of the Bush Administration’s efforts force the European Commission to cooperate with its misguided CAPPS II program,” Steinhardt said.

According to the European report, the agreement conflicts with European privacy rules in a number of ways, including:

• The Europeans declared U.S. privacy protections “adequate,” a finding required under EU law for sharing data, despite the fact that the United States clearly does not meet the criteria for such a finding;
• Although the EU legal regime only permits data transfer for combating terrorism, the European Commission allowed the United States to use information for ordinary crimes as well;
• The Commission announced that the December 2003 agreement did not permit the United States to use European data for CAPPS II, and that would be negotiated separately. A few weeks later, however, the U.S. Department of Homeland Security declared that European records will be used to test CAPPS II and EU documents confirm this to be the case. This announcement came before a Congressionally mandated study of the likely privacy implications and effectiveness of CAPPS has even been completed;
• The Commission accepted a U.S. offer to retain European data for 3.5 years, far in excess of what EU regulations permit.

The Transferring Privacy report, including the ACLU addendum, is online at /node/25088

The EU-US Agreement on data sharing is online at http://www.statewatch.org/news/2004/feb/01eu-us-pnr-agreement.htm

The Opinion of the Article 29 Working Group of the European Commission on the EU-US Agreement is online at http://europa.eu.int/comm/internal_
market/privacy/docs/wpdocs/2004/wp87_en.pdf (Article 29 is an independent European Advisory body on data protection and privacy. Its members include Privacy Commissioners of various nations.)

An ACLU feature on the privacy problems with the CAPPS 2 profiling program is online at www.aclu.org/capps