The enhanced US border surveillance system - an assessment of US VISIT
Among the many laws passed in the U.S. in the months after the terrorist attacks of September 11 2001, some have significant effects on other countries. This report outlines the case of passenger data records transfers; from the databases of EU carriers into the databases of the U.S. Department of Homeland Security.
These transfers create problems for the privacy protection of all affected people who are not U.S. persons. U.S. privacy law protects U.S. persons; EU privacy law protects personal data in the EU. Once this information is transferred to the U.S., U.S. law applies. The common practice of the European Commission is to establish an agreement on this transfer that includes, among other rights, clear constraints on the use, retention, and further transfer of this data.
The EU negotiated with the U.S. over these data records transfers for most of 2003, and in December 2003 the European Commission announced what it felt was an adequate agreement. In this report we show how the established agreement fails to meet the interests of privacy protection.