Monday was Data Protection Day. Find out how you can
win the textbook on data
protection.
Eurodac keeps asylum seekers' fingerprints. Information is also
shared as a result of Europol, Eurojust and the Prüm Treaty.
The European Union, though, thinks there is room for another set
of mass databases to collect information about us all. But this one
is different. Instead of tracking people to deal with those
suspected of crimes it will be used to predict who is likely to be
a criminal.
The proposed Council Framework Decision on the use of Passenger
Name Record for law enforcement purposes would result in the use of
information on us gleaned from airlines to attempt to predict who
is likely to be a criminal. The process is called profiling, and is
highly controversial.
Airlines would have to pass over almost all the information that
they hold on passengers, including travel agencies used, seat
reservations and allocations, credit cards used to book flights as
well as names and details of travel. The information would be about
every traveller going outside the EU or entering it and would be
kept for 13 years.
The purpose of collecting all this data would be to find people
who fit into so-called categories of risk. It would be collected by
a new unit, a Passenger Information Unit, set up to deal with the
collection of the information in each country.
The PIU would analyse the information "in order to identify the
persons requiring further examination" for the possibility that
they might be involved in terrorism or organised crime or be
associated with such persons. Having decided which of the
travellers merited such further examination the PIU would pass the
details to whoever is responsible in that country for the
prevention of terrorism or organised crime.
Where the PIU also thinks that the data would be relevant to
another Member State it would be able to pass the information on to
the authorities in that State.
The collection of all this data for this purpose would be a
major development affecting individual privacy of travellers into
and from the EU and serious concerns are being voiced by European
Privacy regulators about the sheer size of the database, its
long-term retention and the use to which the information could be
put.
Merely fitting the same profile of known criminals does not make
you one of them. The traveller who uses the same travel agent as a
people trafficker may well have done so in complete ignorance of
the sinister connection.
There are also legal concerns as to how this proposal fits with
the institutional changes being brought about following the Treaty
of Lisbon. At the moment important parts of this new system would
be outside EU data protection law but in the longer term the effect
of the Treaty may alter that.
That matters because if all the collection and processing of the
information is covered by mainstream EU law then normal data
protection principles and protections apply, and in the UK it will
be covered by the UK's data protection laws. . If this does not
happen then the arrangements for protecting people's privacy rights
will not be as clear or as accessible to ordinary people.
It would be better if the EU waited to see if the US – already a
keen practitioner of profiling – actually finds that the techniques
being used are successful. If this proves to be the case and
European Governments decide to go ahead, it should wait until the
data protections for citizens are clear before creating yet another
new collection of information about us all.
By Rosemary Jay, Head of the Information Law team at Pinsent
Masons, the law firm behind OUT-LAW.COM. Find out how to win a copy of Rosemary's book, Data Protection
Law and Practice.
