EU citizen airline data has been used for "testing" purposes for CAPPS II. The U.S. Congress won't allow CAPPS II to be used on U.S. citizens. So
this is a convenient alternative.
However, things aren't so clear cut, for a number of reasons. At first, the EU forbid the transfer of "Personal Name Record" data to the US. On
Dec. 17th the EU allowed for an exception: CAPPS II. But there was a catch:
EU Commissioner Frits Bolkestein said that US representatives "had committed to "rapid negotiations" for the inclusion of CAPPS II, and as we noted
at the time, "this concession only counts as a concession if the Commission has stopped the US experimenting on foreigners.
Now "experimenting" is odd language, but the point is that the US is only supposed to us it for testing purposes. However, Bolkestein never
negotiated any framework for removing the EU data. This is valuable for US-VISIT and other TIA-like programs.
The EU Commission will hopefully be to take EU court, for breach of Article 25 of the EU Data Protection Directive 95/46/EC. In defending the world,
other countries must not allow the US to walk all over their legislation. An example of this is the pending trade sanctions against the US; is it more
bark than bite?
From the article:
"Andreas Dietl, EU Affairs Director of EDRi, says this amounts to Bolkestein trying to mislead the European Parliament about the nature of the draft
agreement. "It is now clear that the Commission has agreed to the abuse of EU citizen's personal data to test a surveillance system that in its very
nature is against the principles of EU data protection legislation. The claim by the U.S. that the data used for testing purposes will be deleted
thereafter is merely a joke: The data will still be available in the Computerized Reservation System (CRS), where it can be accessed by government
agencies at any time."
[Edited on 15-1-2004 by SkepticOverlord]