Samenvatting
Efforts in the post-9/11 world to identify terrorists and serious transnational criminals have created new impetus for the collection and processing of increasing quantities of data. In particular, a vast array of data on international travelers is used for security purposes, ranging from basic identity and passport information to biometrics and personal data gathered from airlines' reservation and check-in systems, to sensitive information on health and criminal records. The use of the data and the systems designed to collect them are currently most developed in the United States, although the European Union (EU) is also introducing or has proposed similar systems and practices.
The appeal of data-intensive security screening takes various forms. Data can be collected in advance of travel, allowing scrutiny of individuals to occur at an earlier stage and allowing more time for screening. Traveler data also allows governments to increase the intensity of the controls they exercise, making use of more detailed information about individuals, and reallocating resources towards those deemed to be most "risky." Governments once based the intensity of screening primarily on a traveler's nationality ("sorting countries"), but new sources of information allow them to focus more directly on personal characteristics ("sorting individuals"). Broadly, therefore, data processing is supposed to help border guards and immigration agencies maintain more effective control over cross-border movement, without hampering mobility.
However, data sharing and data processing raise a host of legal and political questions related to individuals' privacy and data-protection rights. They have created the need for transparent legal frameworks to regulate what governments do with the information and what rights they provide to the individuals whose data they use. This was the purpose of a series of agreements negotiated over the past few years between the European Union and the United States regarding passenger name record (PNR) data and other kinds of information.
Information-sharing agreements are still, however, in flux. The EU position on data protection has evolved and in the future the European Commission is expected to push for a more comprehensive data-protection framework. Meanwhile, the EU-US PNR agreement is also due to be renegotiated, and as more states develop the capacity and the inclination to process personal information for security purposes, new agreements will become necessary. Furthermore, discussions about the possible conclusion of a comprehensive transatlantic data-protection agreement are becoming more concrete, and the European Commission has already presented a draft mandate for negotiations.
Several different issues arise from governments' use (and sometimes misuse) of travelers' data, and these are reflected to varying extents in data-sharing agreements. First, there is a concern that governments may justify the collection and processing of sensitive personal information as part of their efforts to combat terrorism and serious transnational crime, but subsquently use that data for broader and less urgent functions, such as for more minor crimes or even immigration-related offenses.
Second, the United States currently uses certain types of data, particularly PNR, not merely to seek information about specific individuals suspected of wrongdoing, but also to statistically analyze passengers' characteristics or behavior to identify persons who may pose a security risk. Given that individuals identified through this process may face tangible consequences -- for example, being wrongly denied travel or subjected to repeated screening -- the use of statistical models in this way could violate the presumption of innocence, due process, and nondiscrimination. A third, related concern is that some of the information shared is inaccurate. Individuals may be harmed by these mistakes, but they are rarely compensated. Finally, a lack of transparency can make it difficult for individuals to understand how their data are used.
Negotiating information-sharing agreements in this complex legal and institutional terrain has not been easy. As the new negotiating period approaches for both a transatlantic data-protection agreement, and a separate PNR agreement, challenges lie ahead. As a result, some of the diplomatic tensions that surfaced in previous negotiations are likely to reemerge.
Differences between the United States and the European Union arise from several sources. Perhaps most important is that while both sides subscribe to similar basic principles when it comes to data protection and privacy, they have different legal and institutional structures and different approaches to implementing these principles, making common procedures and process difficult. Judicial redress and data minimization are areas of potential conflict, with some essentially procedural differences potentially paving the way to fundamental disagreements about actual policies.
Notwithstanding important differences and even bitter debates, the EU-US dialogue on data sharing has made significant progress. However, as the European Union and the United States enter the next phase of negotiations, the following recommendations will remain pertinent:
* Border-control policies should become more "friendly" to travelers and citizens, taking into account their legitimate interests. The right to compensation and judicial redress should also be central to efforts to guard against abuse, while helping to ensure that security controls are used to promote citizens' interests.
* Data processing and its consequences should be opened up to greater public scrutiny and debate. Regular assessements should be required to investigate privacy and data protection and the ways that relevant technologies are used. In this respect, the European Union can look to positive examples in the United States. Policymakers should also examine how these reporting exercises can facilitate effective political scrutiny of technologies.
* Technologies have a strong role to play in border control. However, technology is more than just a neutral instrument and its use often impacts on sociey in a more fundamental way. Hence, technologies deserve thorough attention and should not be adopted blindly.
* The use of statistical targeting exercises, their purpose, scope, and efficiency, as well as their potential consequences, remain unclear. The European Union should clarify its position on the use of profiling techniques and policymakers on both sides of the Atlantic should acknowledge (and address) the political issues that their adoption raises.
The appeal of data-intensive security screening takes various forms. Data can be collected in advance of travel, allowing scrutiny of individuals to occur at an earlier stage and allowing more time for screening. Traveler data also allows governments to increase the intensity of the controls they exercise, making use of more detailed information about individuals, and reallocating resources towards those deemed to be most "risky." Governments once based the intensity of screening primarily on a traveler's nationality ("sorting countries"), but new sources of information allow them to focus more directly on personal characteristics ("sorting individuals"). Broadly, therefore, data processing is supposed to help border guards and immigration agencies maintain more effective control over cross-border movement, without hampering mobility.
However, data sharing and data processing raise a host of legal and political questions related to individuals' privacy and data-protection rights. They have created the need for transparent legal frameworks to regulate what governments do with the information and what rights they provide to the individuals whose data they use. This was the purpose of a series of agreements negotiated over the past few years between the European Union and the United States regarding passenger name record (PNR) data and other kinds of information.
Information-sharing agreements are still, however, in flux. The EU position on data protection has evolved and in the future the European Commission is expected to push for a more comprehensive data-protection framework. Meanwhile, the EU-US PNR agreement is also due to be renegotiated, and as more states develop the capacity and the inclination to process personal information for security purposes, new agreements will become necessary. Furthermore, discussions about the possible conclusion of a comprehensive transatlantic data-protection agreement are becoming more concrete, and the European Commission has already presented a draft mandate for negotiations.
Several different issues arise from governments' use (and sometimes misuse) of travelers' data, and these are reflected to varying extents in data-sharing agreements. First, there is a concern that governments may justify the collection and processing of sensitive personal information as part of their efforts to combat terrorism and serious transnational crime, but subsquently use that data for broader and less urgent functions, such as for more minor crimes or even immigration-related offenses.
Second, the United States currently uses certain types of data, particularly PNR, not merely to seek information about specific individuals suspected of wrongdoing, but also to statistically analyze passengers' characteristics or behavior to identify persons who may pose a security risk. Given that individuals identified through this process may face tangible consequences -- for example, being wrongly denied travel or subjected to repeated screening -- the use of statistical models in this way could violate the presumption of innocence, due process, and nondiscrimination. A third, related concern is that some of the information shared is inaccurate. Individuals may be harmed by these mistakes, but they are rarely compensated. Finally, a lack of transparency can make it difficult for individuals to understand how their data are used.
Negotiating information-sharing agreements in this complex legal and institutional terrain has not been easy. As the new negotiating period approaches for both a transatlantic data-protection agreement, and a separate PNR agreement, challenges lie ahead. As a result, some of the diplomatic tensions that surfaced in previous negotiations are likely to reemerge.
Differences between the United States and the European Union arise from several sources. Perhaps most important is that while both sides subscribe to similar basic principles when it comes to data protection and privacy, they have different legal and institutional structures and different approaches to implementing these principles, making common procedures and process difficult. Judicial redress and data minimization are areas of potential conflict, with some essentially procedural differences potentially paving the way to fundamental disagreements about actual policies.
Notwithstanding important differences and even bitter debates, the EU-US dialogue on data sharing has made significant progress. However, as the European Union and the United States enter the next phase of negotiations, the following recommendations will remain pertinent:
* Border-control policies should become more "friendly" to travelers and citizens, taking into account their legitimate interests. The right to compensation and judicial redress should also be central to efforts to guard against abuse, while helping to ensure that security controls are used to promote citizens' interests.
* Data processing and its consequences should be opened up to greater public scrutiny and debate. Regular assessements should be required to investigate privacy and data protection and the ways that relevant technologies are used. In this respect, the European Union can look to positive examples in the United States. Policymakers should also examine how these reporting exercises can facilitate effective political scrutiny of technologies.
* Technologies have a strong role to play in border control. However, technology is more than just a neutral instrument and its use often impacts on sociey in a more fundamental way. Hence, technologies deserve thorough attention and should not be adopted blindly.
* The use of statistical targeting exercises, their purpose, scope, and efficiency, as well as their potential consequences, remain unclear. The European Union should clarify its position on the use of profiling techniques and policymakers on both sides of the Atlantic should acknowledge (and address) the political issues that their adoption raises.
| Originele taal-2 | English |
|---|---|
| Tijdschrift | Unknown Journal |
| Status | Published - 24 mrt 2011 |