Critics of the agreement allowing European passengers' personal data to be shared with US authorities have just under a month to reshape the accord before it comes into force, said Stavros Lambrinidis, vice president of the European Parliament's civil liberties committee.
"There is a battle to make this agreement respectful of European citizens' civil liberties, and it's not over," he said in a telephone interview.
The European Parliament has no direct say in the shaping of an agreement that will give US customs, the US Department of Homeland Security and other agencies including the US Central Intelligence Agency free access to airlines' passenger databases to help them prevent potential terrorist attacks.
However, some national parliaments will get the chance.
"There are about six or seven countries that have to debate this agreement. There is still a chance to change it," Lambrinidis said.
The US government demanded access to information about everyone flying to the US from the EU in the wake of the terrorist attacks in September 2001.
However, by complying with the demand, airlines would have been breaching strict European data protection laws, so the US and EU drafted an exemption clause from the laws, which they claim was respectful of European citizens' data.
The European Court of Justice annulled that agreement last year and gave the two sides until the end of July to come up with an alternative.
Failure to do so would leave European airlines exposed to massive fines and the possible loss of landing slots in the US if they don't continue to hand over the data, or legal action on data protection grounds in the EU if they do.
"It's clear that there has to be an agreement but not one like this," Lambrinidis said.
The agreement that was reached during a phone call between German Interior Minister Wolfgang Schaeuble, EU justice and home affairs commissioner Franco Frattini and US Secretary for Homeland Security Michael Chertoff late June 2007 reduces the fields of data to be shared from 34 at present to 19.
These fields include information such as name, credit-card details and travel itinerary. They won't include dietary requirements, which could be used to identify someone's religion.
However, it extends the length of time the US authorities can hold the data from three years to 15 years, and it allows US agencies to dip into the databases at their will.
Europe's data protection supervisor, Peter Hustinx, said his main concern was that the EU would grant American agencies the right to pull up information about Europeans whenever they want. He called for a push mechanism, meaning that database managers for the airlines would have to pass over the data, instead.
Like the temporary accord it replaces, the new agreement promises an eventual switch to a push mechanism.
Under the new agreement, US agencies can pull up the data they want until early next year, when airlines will start pushing it instead. However, the DHS maintains the right to pull the information if airlines don't offer up the data promptly.
The main concern, however, is that the agreement omits any binding undertakings for US authorities to safeguard European citizens' data. The details of this arrangement aren't in the agreement itself but in an exchange of letters that haven't been made public, Lambrinidis said.
Reacting to the agreement, Hustinx said he fears the measure could violate European citizens' rights to privacy.
In addition to allowing US authorities to keep the data for 15 years, there would be "no limitation to what US authorities are allowed to do with the data", Hustinx wrote in a letter to Schaeuble after the German minister clinched the deal.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.