The US Government has just been prosecuted over the agreement on the Passenger Name Record (PNR) of airlines, which has been in place between the EU and the US since 2012.
Although the PNR agreement was supposed to limit the US Government’s use of data, the Department of Homeland Security (DHS) would be able to easily bypass the agreement because of the extensive access the DHS has to databases of companies which aggregate travel records from across the travel industry. The DHS could thus retrieve data from the US offices of Europe-based companies like Amadeus, which store their data and keep records of European travellers’ intra-EU movements.
Does the Commission not consider that, in allowing this, travel companies are constantly violating Directive 95/46/EC on the protection of personal data?
Moreover, there would be no log to show who accessed what data and from where. It would therefore be impossible to audit the DHS, especially as the DHS legally is not bound by the US Privacy Act on the issue.
If this poses a problem, what measures does the Commission intend to take to solve it?