In a surprising turnaround, members of the European Parliament's civil liberties committee voted on Tuesday to endorse a controversial data transfer agreement with the U.S.
The so-called PNR (passenger name register) agreement requires airlines to pass on passenger data, including name, contact details, payment information, itinerary, email and phone numbers, to the U.S. Department of Homeland Security.
The parliamentarian charged with evaluating the deal, Sophie in't Veld, had called for turning the deal down, amid concerns that European citizens' data would not be given sufficient protection. An independent report carried out by legal professors said that the draft text of the new agreement (which would replace the current deal dating from 2007) does not guarantee independence of supervision, and that individuals' rights and judicial review would not be enforceable.
Under the new agreement, PNR data would be "depersonalized" after six months and would be moved into a "dormant database" after five years. But the information would still be held for a further 15 years before being fully "anonymized."
Opponents of the deal say many of these terms are vague and difficult to interpret, leaving the door open for abuse. Furthermore, although the original deal specified that the data could only be used to fight serious crime or terrorism, under the new text, it could be used on a case-by case basis if so ordered by a U.S. court. This has led to fears about "mission-creep."
The committee approved the deal with 31 votes in favor, 23 against and one abstention, with many politicians saying that even a flawed deal was better than no deal. Following the vote, In't Veld alleged that her colleagues had been "held to ransom" by the U.S. authorities, who threatened to suspend visa-free travel to the U.S. if the deal was rejected.
"It was quite a close vote and I think it came down to a small number of MEPs who are too scared to say no to the U.S. in these transatlantic agreements especially in the way we deal with the U.S. on privacy issues," said Green parliamentarian Jan Phillipp Albrecht.
The agreement will be put to a vote by the whole European Parliament on April 19.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.