The Telegraph has raised new privacy considerations for travelers in 2007:
Britons flying to America could have their credit card and email accounts inspected by the United States authorities following a deal struck by Brussels and Washington.
By using a credit card to book a flight, passengers face having other transactions on the card inspected by the American authorities. Providing an email address to an airline could also lead to scrutiny of other messages sent or received on that account.
[…]
“There is no guarantee that a bank or internet provider would tell an individual that material about them was being subpoenaed,” an American lawyer said.
“Then there are problems, such as where the case would take place and whether an individual has time to hire a lawyer, even if they wanted to challenge it.”
Initially, such material could be inspected for seven days but a reduced number of US officials could view it for three and a half years. Should any record be inspected during this period, the file could remain open for eight years.
The European high courts had previously struck down an agreement, as I’ve mentioned before, so this is the latest incarnation. Apparently “data protection” laws (e.g. privacy rights) had been interpreted as the legal basis to search travelers personal information for national security purposes. It seems to me some people might call that the opposite of data protection. The US response to the decision against their interpretation was harsh, which led to a series of meetings between the two sides to find a compromise:
Reaching a new deal had been an EU priority to ensure airlines could continue to legally submit 34 pieces of data about passengers flying from Europe to the United States. Such data — including passengers’ names, addresses and credit-card details — must be transferred to U.S. authorities within 15 minutes of a flight’s departure for the United States.
Washington had warned that airlines failing to share passenger data faced fines of up to $6,000 per passenger and the loss of landing rights.
During the negotiations, EU officials stressed they shared Washington’s concerns about terrorism, but demanded strict data protection guarantees in return for more routine sharing of passengers’ personal details among U.S. government law enforcement officials.
Washington and Brussels have already faced off over the U.S. administration’s use of secret CIA detention centers in Europe to interrogate terror suspects.
European governments are also annoyed over a secret deal between the U.S. Treasury and the Belgium-based money transfer company SWIFT, which has for years secretly supplied U.S. authorities with massive amounts of personal data for use in anti-terror investigations, violating EU privacy rules.
Yes, the terms now in effect are a compromise position. The US had originally required things like storing the data for 50 years, if you can believe that, so coupled with threats of huge fines and grounded planes I’m not sure what wiggle room the EU had to work with. What might have happened if the EU Parliament had not stepped in to protect privacy of its citizens at all? I also wonder whether Europeans will blissfully ignore this loss of privacy to American data mining organizations (thanking the Americans for saving the world from terror), or if they will see this as yet another brick in the wall that threatens to divide them from Washington in matters of public policy, global commerce, and human rights.