The EU–U.S. passenger name record (PNR) agreement—implemented in the wake of 9/11—is an information-sharing program requiring that key pieces of data on travelers to the U.S. be provided to American authorities prior to their arrival in the U.S. This information must be provided under U.S. law, and in May 2004, the EU and the U.S. entered into a formal agreement stating that airlines operating U.S.-bound flights would provide U.S. authorities with travelers’ data contained in their reservation systems before a flight’s departure.
The PNR agreement has been a robust counterterrorism tool, and U.S. authorities used PNR data more than 3,000 times in 2008 and 2009 to thwart several high-profile terrorist plots.[1] In October 2009, the self-confessed Mumbai attack plotter David Headley was arrested in Chicago after American authorities accessed his PNR data from a flight Headley had booked from the U.S. to Germany. Headley has also since pled guilty to a separate plot to murder journalists from the Danish Morgenavisen Jyllands-Posten newspaper, which published a cartoon depiction of the Prophet Muhammad in 2005.
Despite the PNR’s proven record of success in frustrating terrorist plots in the U.S. and Europe, the European Parliament continues to challenge the EU–U.S. PNR deal on the basis of unfounded concerns about U.S. data protection standards. Under new powers granted to it by the Lisbon Treaty, the European Parliament refused to give its consent to the 2007 renegotiated PNR agreement, and EU and U.S. officials are now locked in negotiations for a fourth iteration of the deal. However, Parliament looks unlikely to give its consent once again, and the Obama Administration is likely to be left regretting the support it has shown for the EU’s Lisbon Treaty.
European Parliament: A Long Record of Obstructionism
The U.S. Air Transportation Safety Act of 2002 legally mandates that PNR data be made available to U.S. authorities in advance of planes arriving from abroad. Formal agreement was reached between EU and American authorities in 2004. Soon after this agreement was reached, the European Parliament formally lodged a case with the European Court of Justice, and in May 2006 the agreement was annulled on a technicality. A second interim agreement was provisionally reached, and in July 2007, the EU and the U.S. formally settled a new seven-year deal. To address Parliament’s concerns, the U.S. reduced the pieces of shareable information it requested from 34 to 19.
Although this new agreement has provisionally been in force since 2007—and working successfully—the European Parliament has not given its formal consent, which is required for the accord to be formally enforced. In May 2010, the Parliament again declined an approval vote on the deal.
In January 2011, the Obama Administration entered into negotiations for a fourth iteration of the PNR agreement. However, this Administration has found itself just as frustrated by Parliament’s demands as the Bush Administration was. A draft of the latest agreement was leaked in May, along with the opinion of the European Commission’s legal service, which questions the legality of the draft. This leak can only be designed to undermine the PNR agreement, although the European Commission has rightly argued that the legality of any agreement should be tested through proper legal channels—not in the media.
A Counterterrorism Success
The European Parliament’s objections are difficult to understand as the anniversary of the 9/11 terrorist attacks approaches—especially in light of the number of potential terrorist attacks thwarted and American and European lives that have potentially been saved as a result of the PNR. Many officials have attested to the value of PNR, including Assistant Secretary for the Department of Homeland Security’s Office of Policy David Heyman;[2] former U.S. Secretary of Homeland Security Michael Chertoff;[3] and even Baroness Cathy Ashton of Upholland, the current EU foreign minister.[4]
Parliament’s objections revolve around the issue of the protection of personal data, which is strongly legislated for in EU law and protected under the EU’s Charter of Fundamental Rights. Specifically, the EU Parliament objects to the length of time personal records are kept and the degree of redress available to European citizens in cases of data misuse.
These objections are wrongheaded. First, it is wrong to assume that the U.S. does not respect data privacy merely because it does not subscribe to the EU’s much-maligned Charter of Fundamental Rights. The EU has no basis to impose its data-protection laws on the U.S., and the European Parliament should respect the U.S.’s legal tradition, which is both fair and democratic. Second, the current agreement plans to retain data in full form for just five years, after which it will be anonymized for further storage.
Protect Existing Agreements
Rather than trying to renegotiate a brand new agreement with the EU, the Obama Administration should insist that the European Parliament approve the 2007 EU–U.S. PNR Agreement without modification. The EU should, in fact, consider extending the agreement for an additional seven years in light of the substantial evidence supporting its critical role in countering terrorism.
The Administration must further protect the bilateral deals that it has signed with new EU members of the Visa Waiver Program (VWP), including the Czech Republic, Estonia, Hungary, Latvia, Lithuania, Slovakia, and Malta. When these countries entered the VWP, they also agreed to provide PNR data to the U.S. as a condition of accession. Any significant changes to the PNR agreement could threaten these bilateral deals.
Information Sharing Must Continue to Stop Terrorists
The United States must remain vigilant against terrorism. Since 9/11, there have been at least 39 foiled plots against the U.S., which Heritage Foundation analysts claim is a result of enhanced information sharing and intelligence gathering.[5] The ability to analyze the personal and financial data of passengers prior to departure (in conjunction with U.S. and international intelligence databases) gives analysts and law enforcement officials additional opportunities to spot red flags and ultimately to screen out potential terrorists.
Timothy Kirkhope, MEP, the European Conservatives and Reformists Group home affairs spokesman, has called on the European Parliament to use its powers responsibly.[6] He is correct. The European Parliament should approve the 2007 PNR agreement, which has passed the ultimate test of real-world effectiveness.
Sally McNamara is Senior Policy Analyst in European Affairs in the Margaret Thatcher Center for Freedom, a division of the Kathryn and Shelby Cullom Davis Institute for International Studies, at The Heritage Foundation.
