The congress report is subject to the FOIA

6.7.2004   

DE

Official Journal of the European Union

L 235/11


COMMISSION DECISION

dated May 14, 2004

on the adequacy of the protection of the personal data contained in the Passenger Name Records, which are transmitted to the United States Bureau of Customs and Border Protection

(Notified under document number K (2004) 1914)

(Text with EEA relevance)

(2004/535 / EG)

THE COMMISSION OF THE EUROPEAN COMMUNITIES,

based on the Treaty establishing the European Community,

based on Directive 95/46 / EC of the European Parliament and of the Council of 24 October 1995 on the protection of natural persons with regard to the processing of personal data and on the free movement of data (1), in particular on Article 25 paragraph 6,

Whereas:

(1)

According to Directive 95/46 / EC, the member states must ensure that the transfer of personal data to a third country only takes place if this third country guarantees an adequate level of protection and the legal provisions of the member states for the implementation of other provisions of the directive are met before the transfer takes place .

(2)

The Commission is entitled to determine that a third country ensures adequate data protection. In this case, Member States can transfer personal data without the need for additional guarantees.

(3)

According to Directive 95/46 / EC, when assessing the level of data protection, all circumstances that play a role in a data transfer or a category of data transfers are to be taken into account, and in particular a number of other important data transfers and listed in Article 25 (2) of the directive Features.

(4)

The “Passenger Name Record” (PNR) in air traffic is a data record with travel details for the individual passenger; it contains all the information required for processing and checking for the airlines involved in the booking and for the other airlines involved. For the purpose of this decision, the terms “passenger” and “passengers” include the members of the crew. “Airlines involved in the booking” means an airline with which the passenger made original reservations, or additional reservations, after commencing travel. “Affiliate Airline” is any airline to which the booking airline has made a reservation request for a passenger for one or more flights.

(5)

The United States Bureau of Customs and Border Protection (CBP) of the Department of Homeland Security (DHS) requires all airlines operating overseas passenger flights to the United States or overseas from the United States that you grant him electronic access to the PNR, provided that this PNR is recorded and stored in the automatic booking / check-in systems of the airlines.

(6)

The legal basis for the required transfer of personal data from the PNR to the CBP is a law enacted in the USA in November 2001 (2) and implementing regulations (3) which the CBP has enacted on the basis of this law.

(7)

These legal provisions concern the improvement of the security situation in the USA as well as the conditions under which persons are allowed to enter and leave the USA, matters which the USA can regulate in the exercise of its state sovereignty. In addition, the conditions do not conflict with any international commitments entered into by the United States. The United States is a democratic state based on the rule of law and has traditionally held a high value on civil liberties. The legitimacy of the legislative process and the strength and independence of the judiciary in the United States are beyond question. In addition, the freedom of the press is a strong guarantee against violations of fundamental rights.

(8)

The Community fully supports the United States in the fight against terrorism within the provisions of Community law. Community law provides a necessary balance between security concerns and data protection issues. For example, Article 13 of Directive 95/46 / EC enables Member States to enact legal provisions that restrict certain requirements of the aforementioned Directive, provided that such a restriction is for the security of the state, national defense, public security or prevention, investigation, detection and Prosecution of criminal offenses is required.

(9)

The data transfers concern certain data controllers, namely airlines operating flights between the Community and the USA, and a single recipient in the USA, namely the CBP.

(10)

Any agreement to create a legal basis for the transmission of PNR to the US, in particular this decision, should be limited in time. A term of three and a half years has been agreed. The framework conditions can change significantly during this period. The Community and the US agree that a review of the agreements will be required.

(11)

The processing of personal data from the PNR transmitted to the CBP by the CBP is subject to the conditions set out in the “Declaration of Commitment of the Department of Homeland Security, Bureau of Customs and Border Protection (CBP)” (hereinafter referred to as the “Declaration of Commitment”) dated May 11, 2004 and the laws of the United States set out in this commitment.

(12)

As for US domestic law, the Freedom of Information Act (FOIA) is relevant in that it regulates the conditions under which the CBP may oppose a disclosure request and keep the PNR confidential. In addition, the law regulates the disclosure of PNR to the data subjects, which is closely linked to the data subject's right to information. It applies to nationals of the United States and foreigners without distinction.

(13)

As far as the declaration of commitment is concerned, individual obligations are - or have already been - incorporated into laws, ordinances, directives or other instructions in accordance with Paragraph 44 in the USA and have thus already or will have different degrees of legal effects. The letter of commitment will be published in full in the Federal Register under the jurisdiction of DHS. It represents a serious and well-considered political commitment by the DHS, and compliance with it is subject to joint US and community review. Legal, administrative and political action could be taken against non-compliance with the obligations as required, whereby persistent disregard would ultimately lead to the suspension of the effect of the present decision.

(14)

The regulations according to which the CBP will process the passenger data from the PNR based on the laws of the United States and the declaration of commitment meet the basic requirements for an adequate level of protection for natural persons.

(15)

As far as the principle of purpose limitation is concerned, the personal data of passengers contained in the PNR transmitted to the CBP are used for a specified purpose and then only further used or forwarded insofar as this is compatible with the purpose of the original transmission. PNR data will only be used for the purpose of preventing and combating terrorism and related crimes, other serious, by their nature transnational crimes, including international organized crime, and escape from arrest warrants or detention in connection with those crimes.

(16)

For the principles of data quality and proportionality, which must be viewed in the context of the important public interest in which the PNR data is transmitted, the PNR data submitted to the U.S. CBP are not subsequently changed by this authority. A maximum of 34 PNR categories will be submitted and the US authorities will only set further requirements after consulting the Commission. Additional personal data that is required directly on the basis of certain PNR data is only obtained from non-governmental bodies in a legally permissible manner. Generally, PNRs are deleted after 3 years and 6 months at the latest; This does not apply to data that has been accessed for specific investigations or that has been otherwise manually accessed.

(17)

As far as the principle of transparency is concerned, the CBP will inform travelers about the purpose of the data transfer and data processing and provide them with information about the person responsible for processing in the third country and other information.

(18)

As far as the principle of security is concerned, the CBP will take technical and organizational security measures that are appropriate to the risks associated with the processing.

(19)

The rights to information and correction are recognized: The data subject can request a copy of the PNR data and request the correction of incorrect data. The exemptions envisaged are broadly comparable to the restrictions that Article 13 of Directive 95/46 / EC allows Member States to do.

(20)

The data will only be passed on on a case-by-case basis to other state authorities - including foreign ones - with counter-terrorism or enforcement tasks for purposes that meet the promised restriction of purpose. A further transmission can also take place if the disclosure is necessary to protect the vital interests of the person concerned or other persons, in particular in the case of significant health risks, furthermore in connection with criminal proceedings or due to other legal requirements. Authorities that receive such data may only use this data for these purposes due to the express disclosure provisions, and they may not forward the data without the consent of the CBP. No other foreign, federal, state or local agency has direct electronic access to PNR data held in CBP databases. The CBP will refuse to disclose PNR to the general public, relying on the exemptions in the relevant provisions of the FOIA.

(21)

The CBP does not use sensitive data within the meaning of Article 8 of Directive 95/46 / EC and undertakes to put in place tools to delete such data and not to use the data in the meantime until a filter system is put into operation that removes them from the filters out PNR transmitted to the United States.

(22)

As far as the enforcement mechanisms are concerned, which are intended to ensure compliance with these principles by the CBP, the employees of the CBP receive appropriate training and information, as well as the possibility of sanctions against individual employees. In general, the Chief Privacy Officer of the DHS, who is an official of the DHS but who is largely organizationally autonomous and has to report annually to Congress, will ensure that the CBP complies with data protection. Persons whose PNR data has been transmitted can contact the CBP with complaints either directly or through the data protection authorities in the member states or, if no solution is found, to the Chief Privacy Officer of the DHS. The DHS Privacy Office will deal immediately with the complaints that the data protection authorities of the member states submit to the Office on behalf of data subjects based in the Community if the data subjects have come to the conclusion that their data protection complaints are unsatisfactory from the CBP or DHS Privacy Office were treated. Compliance with the declaration of commitment is checked annually by the CBP in cooperation with the DHS and a team led by the Commission.

(23)

In the interests of transparency and in order to ensure that the competent authorities of the Member States are able to guarantee the protection of individuals when their personal data are being processed, without prejudice to the establishment of an adequate level of protection, the particular circumstances under which the suspension is to be set out certain data streams is justified.

(24)

The Group for the Protection of Individuals with regard to the Processing of Personal Data, established under Article 29 of Directive 95/46 / EC, has issued opinions on the level of protection guaranteed by the US authorities for passenger data, which the Commission has given during negotiations with the DHS as a guide. The Commission took note of these comments when drawing up this decision (4).

(25)

The measures provided for in this Decision are in accordance with the opinion of the Committee set up under Article 31 (1) of Directive 95/46 / EC,

HAS ADOPTED THIS DECISION:

article 1

With regard to Article 25 (2) of Directive 95/46 / EC, it is determined that the United States Bureau of Customs and Border Protection (CBP) offers adequate protection for PNR data on flights to the United States on the basis of the declaration of commitment attached or from the United States, transmitted from the Community.

Article 2

This decision concerns the adequacy of the protection provided by the CBP with regard to the requirements of Article 25 (1) of Directive 95/46 / EC; This does not affect other provisions and restrictions on the processing of personal data in the Member States established to implement other provisions of the Directive.

Article 3

1. Without prejudice to their right to take measures to enforce national rules adopted pursuant to provisions other than those of Article 25 of Directive 95/46 / EC, the competent authorities in the Member States may exercise their right to protect natural persons suspend the transfer of data to the CBP when processing your personal data,

a)

if a competent US authority determines that the CBP is not complying with applicable data protection regulations, or

b)

If there is a high probability that the protective regulations contained in the appendix will be violated, there is reason to assume that the CBP will not take or will not take appropriate measures in good time to resolve the case in question, the continuation of the data transfer to the data subjects an imminent one threatens to cause serious damage and the competent authorities in the Member States have made reasonable efforts under the circumstances to notify the CBP and have given it the opportunity to comment.

2. The suspension will end as soon as it is ensured that the data protection rules are complied with and that the competent authorities in the respective Member States have been informed.

Article 4

1. Member States shall immediately inform the Commission of any action taken under Article 3.

2. Member States and the Commission shall also notify each other of any changes to the data protection rules and of cases where the measures taken by the bodies responsible for compliance with the rules set out in the Annex by the CBP are insufficient to ensure compliance.

3. If the knowledge obtained in accordance with Article 3 and in accordance with paragraphs 1 and 2 of this Article show that the basic requirements for an adequate level of protection for natural persons are no longer guaranteed, or that someone is responsible for compliance with the provisions of the Annex by the CBP If the institution does not perform its task effectively, the CBP will be notified and, if necessary, the procedure referred to in Article 31 (2) of Directive 95/46 / EC will be applied to repeal or suspend this decision.

Article 5

The application of this Decision will be monitored and relevant findings will be communicated to the committee set up under Article 31 of Directive 95/46 / EC; this also includes findings that could affect the assessment in Article 1 of this decision, according to which an adequate level of protection within the meaning of Article 25 of Directive 95/46 / EC is guaranteed for PNR of passengers transmitted to the CBP.

Article 6

Within four months of the notification of this decision, the Member States shall take all measures necessary to implement it.

Article 7

This decision will expire 3 years and 6 months from the date of its publication, unless it is extended in accordance with the procedure laid down in Article 31 (2) of Directive 95/46 / EC.

Article 8

This decision is addressed to all Member States.

Brussels, 14 May 2004

For the Commission

Frederik BOLKESTEIN

Member of the Commission


(1) OJ L 281 of 23.11.1995, p. 31. Directive last amended by Regulation (EC) No. 1882/2003 (OJ L 284 of 31.10.2003, p. 1).

(2) Title 49, United States Code, section 44909 (c) (3).

(3) Title 19, Code of Federal Regulations, section 122.49b.

(4) Opinion 6/2002 on the transmission of information from passenger lists and other airline data to the United States, adopted by the Working Party on October 24, 2002, available at http://europa.eu.int/comm/internal_market/privacy /docs/wpdocs/2002/wp66_de.pdf

Opinion 4/2003 on the Level of Protection ensured in the US for the Transfer of Passengers' Data, adopted by the Working Party on June 13, 2003, available at http://europa.eu.int/comm/internal_market/privacy/docs /wpdocs/2003/wp78_en.pdf

Opinion 2/2004 on the adequacy of the protection of the personal data contained in the Passenger Name Records (PNR) submitted to the United States Bureau of Customs and Border Protection (US CBP) should, adopted by the data protection group on January 29, 2004, available at: http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2004/wp87_de.pdf


ATTACHMENT

DECLARATION OF COMMITMENT OF THE DEPARTMENT OF HOMELAND SECURITY, BUREAU OF CUSTOMS AND BORDER PROTECTION (CBP)

In support of the intention of the European Commission (hereinafter referred to as “the Commission”) to exercise the powers conferred on it by Article 25 (6) of Directive 95/46 / EC (“the Directive”) and to adopt a decision by which the Bureau of Customs and Border Protection (CBP) of the Department of Homeland Security certifies an adequate level of data protection and thus enables the airlines to transmit passenger data (1) (Passenger Name Record data - PNR), which may fall within the scope of the directive the CBP to:

Legal basis for access to PNR

1.

Due to the legal provisions (title 49, United States Code, section 44909 (c) (3)) and the corresponding (provisional) implementing regulations (title 19, Code of Federal Regulations, section 122.49b), every airline operating international passenger flights must in or to the United States, grant CBP (formerly US Customs Service) electronic access to PNR data to the extent that it is collected and stored in the airline's computerized reservation / check-in systems ("Reservation Systems").

Use of PNR data by the CBP

2.

Most of the PNR data elements can be obtained by the CBP by examining the ticket and other travel documents of the persons concerned within the framework of its normal border control powers. However, if it can obtain this information in electronic form, the CBP's ability to facilitate the travel of bona fide passengers and to carry out effective pre-screening of passengers for risk assessment purposes will be greatly enhanced.

3.

The CBP uses PNR data exclusively for the purpose of preventing and combating 1. terrorism and related crimes, 2. other serious transnational crimes, including international organized crime, and 3. escape from arrest warrants or detention in connection with the above mentioned offenses. By using PNR data for these purposes, the CBP can concentrate its resources on high-risk areas and thus facilitate and guarantee the travel of bona fide passengers.

Requested data

4.

The data elements required by the CBP are listed in Appendix "A". (These elements are referred to as “PNR Data” for the purposes of this commitment.) While the CBP requires access to all thirty-four (34) data elements listed in Appendix “A”, it does not believe that an individual PNR record will be used in many cases contains all of this data. In cases where a PNR record does not contain all of the listed data elements, the CBP will not attempt to use the airline's booking system to access other PNR data directly that are not listed in Appendix "A".

5.

For the "OSI" and "SSI / SSR" data elements (usually referred to as general comment fields or open data fields), the CBP's automatic system will sort these fields after all other data elements listed in Appendix "A" search. The CBP staff will not be authorized to manually search the full OSI and SSI / SSR fields unless the CBP has identified the person to whom the PNR record relates to be particularly high risk. ) with regard to one or more of the issues listed in paragraph 3.

6.

Additional personal data that is requested directly on the basis of certain PNR data are only processed legally by non-governmental bodies, e.g. B. in the context of mutual legal assistance, and only obtained for the purposes mentioned in paragraph 3. For example, if a PNR data record contains credit card information, data on the relevant account movements can be obtained, provided the relevant legal requirements are met, for example if there is a subpoena to a "grand jury" or a court order, or other legal requirements are met. Access to data via e-mail accounts that result from a PNR data record is also linked to the legal requirements applicable in the USA, i. i.e., depending on the type of data requested, to court summons, orders, arrest warrants or other legal proceedings.

7.

The CBP will coordinate with the European Commission to revise the list of required PNR data elements (Appendix "A") before undertaking such a revision if it finds that airlines have added PNR fields to their systems that the CBP will significantly improve its risk assessment capabilities, or if circumstances indicate that a previously not required PNR field is required for the limited purposes described in paragraph 3 of this commitment.

8.

The CBP can pass on data en bloc to the Transportation Security Administration (TSA) so that the TSA can test its computer-assisted prior-checking procedure CAPPS II (Computer Assisted Passenger Prescreening System II). Such disclosure will only take place after PNR data from US domestic flights has been approved for testing. PNR data passed on in accordance with this provision will not be kept by the TSA or by any other party directly involved in the test for longer than necessary, nor will it be passed on to third parties (2). The processing purpose is strictly limited to testing the CAPPS-II system and its interfaces; it is intended to have no practical effect other than in emergencies in which a known terrorist or a person with proven links to the terrorist environment has been identified. In accordance with the provision in paragraph 10 about an automatic filtering procedure, the CBP will filter out and delete “sensitive” data before it forwards PNR data en bloc to the TSA in accordance with this paragraph.

Treatment of "sensitive" data

9.

The CBP will not use "sensitive" data (i.e., personal data that shows racial or ethnic origin, political opinion, religious or ideological beliefs, or trade union membership, and health or sex life data) from the PNR as described below.

10.

The CBP will introduce an automated system as soon as possible to filter out and delete certain "sensitive" PNR codes and names that the CBP has defined in consultation with the European Commission.

11.

Until such automatic filters can be used, the CBP undertakes not to use any “sensitive” PNR data and to delete “sensitive” data elements from PNR data that may be passed on in accordance with paragraphs 28 to 34 (3).

Procedure for accessing PNR data

12.

If the CBP pulls PNR data directly from the airline's reservation system (or sends it directly from there) to identify people who are potentially subject to border control, the CBP staff will only access PNR data (or accept and use those affecting individuals whose itinerary includes a flight to or from the (4) United States.

13.

The CBP will retrieve the passenger data from the reservation systems of the airlines (“pull”) until the airlines are able to put a system into operation for the active transmission of the data (“push”) to the CBP.

14.

The CBP will not collect PNR data for a given flight until 72 hours prior to departure, and the system will not collect PNR data between the first lookup, departure from a location outside of the United States and arrival in the United States or the first time it is accessed and departure from the United States Check three (3) times for any changes to the information. If it becomes possible for the airlines to actively transmit PNR data (“push”), the CBP must receive this data 72 hours before departure; any changes to the PNR data between that time and the arrival of the flight in or departure from the United States must also be reported to the CBP (5). If, as an exception, the CBP receives advance information that suspicious persons might enter the USA, leave the USA or travel through the USA by plane, then the CBP can retrieve PNR data earlier than 72 hours before departure (or a separate transmission demand) so that appropriate criminal prosecution measures can be ensured which are indispensable for the purpose of preventing or combating a terrorist attack or a serious criminal offense of the type referred to in paragraph 3. As far as practicable, the CBP will use the normal law enforcement channels in cases where PNR data must be accessed earlier than 72 hours before departure.

Storage of PNR data

15.

Subject to the approval of the National Archives and Records Administration (44 U.S.C. 2101, et seq.), The CBP will limit online access to PNR data for authorized CBP users (6) to seven (7) days; thereafter, the number of staff members who have access to the PNR data will be further reduced, for a period of three years and six months (3.5 years) from the point in time at which the data was accessed in the booking system the airline was accessed (or transmitted from there). After 3.5 years, the PNR data that was not accessed manually during this period will be destroyed. PNR data that was manually accessed during the original 3.5 year period is transferred to a deleted records file by the CBP (7), where it remains for eight (8) years before being destroyed. However, these deadlines would not apply to PNR data linked to a specific investigation procedure (access to such data would be possible until the file was closed). In the case of PNRs which the CBP accesses directly in the reservation systems of the airlines during the period of validity of this declaration of commitment (or which it receives directly from there), the storage periods specified in this paragraph apply to the CBP, regardless of the possible expiry of this declaration of commitment in accordance with paragraph 46 .

Security of the computer systems of the CBP

16.

Authorized CBP employees have access to PNR via the closed CBP intranet system, which has end-to-end encryption; furthermore, the connection is controlled by the data processing center of the immigration service. PNR data stored in the CBP database are only accessible in read-only mode and only for authorized persons, i.e. This means that the data as such can be reformatted, but the CBP cannot make any substantive changes to it after it has been retrieved from an airline's reservation system.

17.

No other foreign, federal, state or local agency has direct electronic access to PNR data through the CBP databases (including the Interagency Border Inspection System - IBIS).

18.

Details of data access in the CBP databases (e.g. who, where, when (day and time) and any data changes) are automatically recorded and routinely checked by the Office of Internal Affairs in order to prevent unauthorized use of the system.

19.

Only certain employees and employees of the CBP or employees of IT contractors (8) (under the supervision of the CBP) who have been thoroughly checked, who have an active, password-protected account in the CBP computer system and who have a proven professional interest in viewing PNR data are allowed to access PNR data.

20.

CBP employees, CBP employees and employees of CBP contractors are required to complete a full security and privacy training course including an exam every two years. The CBP system control monitors and ensures that all data protection and data security requirements are met.

21.

Unauthorized access by CBP employees to the reservation systems of airlines or the computer system of the CBP in which PNR are stored is punishable by strict disciplinary measures (up to and including dismissal) and can be punished under criminal law (fine, imprisonment for up to one year or both ) (see title 18, United States Code, section 1030).

22.

The CBP policies and regulations also provide for strict disciplinary action (including dismissal) against any CBP employee who discloses information from the CBP computer system without official authorization (title 19, Code of Federal Regulations, section 103.34).

23.

United States servants and employees who share PNR information obtained in the course of their employment may face criminal penalties (fine, imprisonment for up to one year, or both) unless the disclosure is legal permitted (see title 18, United States Code, sections 641, 1030, 1905).

Treatment and protection of PNR data by the CBP

24.

The CBP always treats PNR information regardless of the nationality or the country of residence of the data subject as confidential personal information relevant to law enforcement and as confidential business information of the airline and would not such data, except in the cases described in this declaration of commitment or due to legal obligations to disclose.

25.

The disclosure of PNR data to the general public is generally subject to the Freedom of Information Act (FOIA) (title 5, United States Code, section 552), which allows anyone (regardless of nationality and residence) to access documents from US federal authorities, provided that these documents (or parts thereof) are not exempted from disclosure by an exemption from the FOIA. These FOIA exemptions allow an authority to withhold documents (or parts of them) if the information is confidential, if the disclosure of the information would clearly constitute an unjustified invasion of privacy or if the information was collected for law enforcement purposes and the disclosure could constitute an unjustified invasion of privacy in the general opinion (title 5, United States Code, sections 552 (b) (4), (6), (7) (C)).

26.

The regulations of the CBP (title 19, Code of Federal Regulations, section 103.12) for the processing of requests for data access (for example to PNR data) according to FOIA expressly state that (apart from a few exceptions for requests by the data subjects) the FOIA disclosure requirements do not apply to CBP records containing 1. confidential business information, 2. privacy information where disclosure would clearly constitute an unjustified invasion of privacy, 3. information collected for law enforcement purposes and being disclosed could constitute an unjustified invasion of privacy, generally speaking (9).

27.

In any legal or administrative process related to a FOIA request for access to airline PNR data, the CBP will rely on the fact that such information is exempt from FOIA disclosure.

Transfer of PNR data to other authorities

28.

Departments of the Department of Homeland Security (DHS) are treated as "third party agencies" subject to the same rules and conditions for the disclosure of PNR data as other government agencies outside of the DHS; This does not apply to transmissions between the CBP and the TSA in accordance with Paragraph 8.

29.

The CBP only supplies PNR data to other government authorities on a case-by-case basis, including those in third countries that are performing counter-terrorism or law enforcement tasks, and only for the purpose of preventing or combating the offenses listed under paragraph 3, within the scope of its discretion. (Authorities to which the CBP passes on such data are hereinafter referred to as "Designated Authorities".)

30.

The CBP will carefully use its discretion with regard to the transfer of PNR data for the stated purposes. The CBP will first check whether the disclosure of the PNR data to another designated authority serves the stated purpose (see paragraph 29). If this is the case, the CBP will examine whether this designated authority is responsible for the prevention, investigation or prosecution of violations of relevant laws or other regulations or for the implementation or enforcement of these laws or regulations, insofar as the CBP has indications for has an actual or potential violation of law. The factual justification of the disclosure must be assessed in the light of all the circumstances presented.

31.

In the event that PNR data is passed on to other designated authorities, the CBP is deemed to be the “owner” of the data. The designated bodies have the following obligations due to the express disclosure provisions: 1. They may only use PNR data for the purposes specified in paragraph 29 and 34 respectively. 2. You must ensure that the PNR information provided is destroyed properly and in accordance with the Designated Body's data retention procedures. 3. You must obtain express permission from the CBP for retransmission. Failure to comply with the transmission conditions may result in an investigation, as well as a report from the DHS Chief Privacy Officer; in addition, the designated body can be excluded from further receipt of PNR data from the CBP.

32.

Any disclosure of PNR data by the CBP is made conditional on the receiving authority treating this data as confidential business information and as law enforcement, confidential personal data of the data subject in accordance with paragraphs 25 and 26, which are deemed to be excluded from disclosure under the Freedom of Information Act (5 USC 552) should be treated exempt. In addition, the receiving authority is informed that it is not permitted to disseminate such information without the express prior approval of the CBP. The CBP will not authorize onward transfers of PNR data for purposes not listed in paragraphs 29, 34 and 35.

33.

Employees of designated authorities who disclose PNR data without the appropriate authorization can be liable to prosecution (title 18, United States Code, sections 641, 1030, 1905).

34.

None of the provisions listed here may stand in the way of the use or disclosure of PNR data to competent authorities if the disclosure is necessary to protect the vital interests of the data subject or other persons, in particular in the case of significant health risks. In these cases, the disclosure is subject to the transmission requirements set out in paragraphs 31 and 32.

35.

None of the provisions listed here may prevent the use or disclosure of PNR data in connection with criminal proceedings or other legal requirements. The CBP will inform the European Commission that any US legislation has been passed that has a material impact on the commitments made in this commitment.

Information, information and objection rights of the passengers concerned

36.

The CBP will inform travelers about the collection of PNR data as well as about the questions in connection with their use (general information about the legal basis for the data collection, about the purpose of the collection, the protection of the data, the transfer of the data, the identity of the relevant staff, the available legal remedies, contact addresses for any questions or concerns, etc .; this information should be provided through the CB's website, travel brochures, etc.).

37.

Requests from data subjects (also referred to as "directly affected applicants") for a copy of the PNR data stored about them in the CBP's databases will be handled in accordance with the Freedom of Information Act (FOIA). Such requests can either be mailed to the Freedom of Information Act (FOIA) Request, U.S. Customs and Border Protection, 1300 Pennsylvania Avenue, N.W., Washington, D.C. 20229 "or the" Disclosure Law Officer, U.S. Customs and Border Protection, Headquarters, Washington, D.C. ”. For more information on the procedures for applying for data access under the FOIA, see the Code of Federal Regulations, Title 19, Section 103.5. If a directly affected party submits an application, the fact that the CBP actually regards the data as confidential personal data of the data subject and as confidential business information of the airlines will not serve as a pretext for the CBP to withhold the PNR data from the data subject citing FOIA .

38.

In certain exceptional cases, the CBP can exercise its powers under FOIA and refuse or postpone disclosure of the entire PNR (or, more likely, part of it) to the directly affected applicant by referring to title 5, United States Code, section 552 (b) (if, for example, disclosure under FOIA has a general discretion to prejudice any criminal proceedings, or if it exposes law enforcement techniques and procedures in a manner that would generally be considered to create a risk of law enforcement). Under the FOIA, any claimant has the right to challenge the CBP's decision to deny access to information to the administration and court (see 5 U.S.C. 552 (a) (4) (B); 19 CFR 103.7-103.9).

39.

The CBP undertakes to correct data at the request of passengers, crew members, airlines or data protection authorities (if these have been expressly commissioned by the person concerned) in the member states of the EU (10) if the CBP determines that such data is stored in its database and a correction is justified and correctly documented. The CBP will notify any Designated Authority that has received such PNR data of any substantial correction to this PNR data.

40.

Requests for the correction of PNR data stored in CBP databases and complaints by the data subjects about the treatment of their PNR data by the CBP can either be submitted by the data subjects themselves or by the relevant data protection authority (provided they have been expressly commissioned to do so by the data subject) at the Assistant Commissioner, Office of Field Operations, US Bureau of Customs and Border Protection, 1300 Penssylvania Avenue, N.W., Washington, D.C. 20229 ".

41.

If the CBP is unable to resolve a complaint, the complaint can be addressed in writing to the Chief Privacy Officer, Department of Homeland Security, Washington, DC 20528, who will investigate the matter and seek a solution (11).

42.

In addition, the DHS Privacy Office will immediately deal with complaints that the data protection authorities of the EU member states address to it on behalf of EU-based data subjects because the data subjects have come to the conclusion that their data protection complaints regarding PNR data are unsatisfactory from the CBP (in accordance with paragraphs 37 to 41) or by the DHS Privacy Office. The Privacy Office will share its conclusions and inform the relevant data protection authority (s) of any action taken. The DHS Chief Privacy Officer will also address the number, subject matter and resolution of complaints related to the handling of PNR-type personal data in his report to Congress (12).

Compliance with Obligations

43.

CBP and DHS undertake to review the implementation of this declaration of commitment once a year or more frequently, if so agreed by the parties, together with the European Commission and, if necessary, representatives of European law enforcement authorities and / or EU member state authorities (13).

44.

The CBP will publish regulations, guidelines and other instructions containing the commitments made herein to ensure that the servants, employees and contractors of the CBP adhere to these commitments. As already mentioned, violations by the employees, employees or contractors of the CBP against the said instructions of the CBP will be punished with strict disciplinary measures and, if necessary, criminal law.

reciprocity

45.

Should a passenger identification system be introduced in the European Union that obliges airlines to allow authorities access to PNR data of persons whose route includes a flight to or from the EU, the CBP will become the US with strict compliance with the principle of reciprocity - Encourage airlines to cooperate.

Review and period of validity of the declaration of commitment

46.

This declaration of commitment is valid for three years and six months (3.5 years), calculated from the date on which an agreement between the United States and the European Community comes into force that allows airlines to process PNR data for the purpose of forwarding it allowed by the CBP in accordance with the directive. Two years and six months (2.5 years) after this declaration of commitment comes into effect, the CBP, in consultation with the DHS, will start talks with the Commission with the aim of extending this declaration of commitment and all related agreements on mutually acceptable terms. If no such agreement can be reached before this declaration of commitment expires, the declaration of commitment loses its effect.

Establishment of rights or precedents

47.

This declaration of commitment does not establish or transfer any rights or benefits for private or public persons or parties involved.

48.

The provisions of this declaration of commitment do not set a precedent for future discussions with the European Commission, the European Union, with these affiliated institutions or with third parties about the transfer of any kind of data.

May 11, 2004


(1) For the purpose of this declaration of commitment, the words “passenger” and “passengers” include crew members.

(2) For the purposes of this provision, the CBP is not considered a party directly involved in the testing of CAPPS II or a “third party”.

(3) Before the CBP introduces automatic filters (in accordance with paragraph 10), if PNRs that it passes on in accordance with paragraph 35 contain “sensitive” data, it will make every effort to disclose “sensitive” PNR data, taking into account the US laws limit.

(4) This includes transit passengers traveling through the United States.

(5) If airlines agree to actively transmit the PNR data to the CBP, it will discuss with the airlines the possibility of regular active transmission of PNR data, this concerns the period between the first transmission 72 hours before departure from a location outside the United States and arriving in or prior to departure from the United States. The CBP tries to use a procedure for the active transmission of the required PNR data, which meets the authority's need for an effective risk assessment and thereby keeps the economic burden on the airlines as low as possible.

(6) These authorized users of the CBP would include employees who belong to the departments entrusted with evaluation tasks in the branch offices, as well as employees of the National Targeting Center. As already explained, persons entrusted with the maintenance, development or control of the CBP database would also have access to the data for these limited purposes.

(7) The PNR data are not technically deleted when they are transferred to the file for deleted data sets, but are saved as raw data (i.e. in a form that cannot be directly researched and is therefore unusable for “traditional” investigations by the law enforcement authorities). In addition, they are - if absolutely necessary (“need to know”) - only accessible to authorized employees of the Office of Internal Affairs of the CBP (and in some cases, in connection with controls, for the Office of the Inspector General) and for the Personnel of the Office of Information Technology of the CBS responsible for the maintenance of the databases.

(8) Any access by "contractors" to PNR data in the CBP's computer systems would be restricted to persons who have concluded a contract with the CBP for maintenance or development work on its computer system.

(9) The CBP would invoke these exceptions without distinction regardless of the nationality or country of residence of the person concerned.

(10) With regard to "rectification", the CBP would like to make it clear that it will not be able to process individual data in the PNR records of the airlines it is accessing. Rather, a separate data set is generated which is linked to the PNR data set and contains the data element found to be incorrect and the corresponding correction. The CBP will add a note to the passenger's secondary audit record stating that certain PNR information is or may be inaccurate.

(11) The DHS Chief Privacy Officer is independent from all departments of the Department of Homeland Security. According to the law, he has to ensure that personal information is used in accordance with relevant laws (see footnote 13). The decisions of the Chief Privacy Officer are binding on DHS and cannot be overlooked for political reasons.

(12) Pursuant to Section 222 of the Homeland Security Act of 2002 (hereinafter "the Act") (Public Law 107-296 of November 25, 2002), the DHS Privacy Officer is responsible for a "data protection impact assessment"; To this end, it shall examine the impact of proposed regulations of the Ministry on data protection, including the type of personal data collected and the number of persons concerned, and report annually to Congress on the data protection-related activities of the Ministry. Section 222 (5) of the Act also specifically assigns the DHS Privacy Officer the task of dealing with and reporting to Congress on all cases involving breaches of privacy.

(13) Both sides inform each other in advance about the composition of their delegations. You can also involve other authorities responsible for data protection, customs controls and other forms of law enforcement, border security and / or flight security. The parties involved must have passed the security checks that may be required and are obliged to maintain secrecy with regard to the discussions and any documents made available to them. However, the obligation of confidentiality does not prohibit either side from reporting the results of the joint review to their competent authorities, including the US Congress and the European Parliament. Under no circumstances may the participating authorities disclose personal data of those affected. This prohibition also applies to non-public information that results from the documents made available to them, as well as to operational or internal authority information of which they become aware during the joint review. The modalities of the joint review will be determined by mutual agreement on both sides.


APPENDIX "A"

PNR data that the CBP requires from airlines

1.

PNR booking code (Record Locator)

2.

Date of reservation

10.

Entire itinerary for the respective PNR

11.

Frequent flyer entry (limited to miles flown and address (es))

14.

Codeshare information in the PNR

15.

Travel status of the passenger

16.

Information about the split / division of a booking

18.

Information on ticket issuance (ticketing)

19.

General remarks

22.

Date of ticket issue

23.

History of missed flights (no show)

24.

Baggage tag numbers

25.

Passengers with a ticket but without a reservation (go show)

26.

Special service requests (OSI - Special Service Requests)

27.

Special service requests (SSI / SSR - Special Service Requests)

28.

Information about the client (received from)

29.

All changes to the PNR (PNR history)

30.

Number of travelers in the PNR

32.

Ticket for one-way routes