What is the religion of the NCT dream members

live now:

After the second EU-US basic agreement on data transfer with the "Privacy Shield" failed, the massive transfer of air passenger data is now under scrutiny by the EU Court of Justice. The chances for the suing privacy advocates are good.

From Erich Moechel

After the hearing in the EU Parliament on Thursday it is clear that one of the most important points of the EU digital agenda will probably not be clarified in this legislative period. The data of Europeans, which are processed on a massive scale by US corporations, are still routinely analyzed by the NSA. From EU Justice Commissioner Didier Reynders to Max Schrems (NOYB) it was agreed that only legal changes in the USA promise real data protection.

Another agreement such as the “Safe Harbor” rejected by the European Court of Justice (ECJ) and the “Privacy Shield” suspended in July are not planned, Reynders said and announced a new, provisional solution for December. Two promising lawsuits against the retention of passenger data (PNR) and their transfer to the USA are currently being processed by the ECJ. He had already canceled an almost identical PNR agreement with Canada in 2017.

Public domain

Max Schrems was connected to the hearing via a video link. He was greeted like an old friend by the chairman of the judicial committee. The entire video stream of the session.

Eyewash ended for the time being

At the beginning of 2019, the commission started negotiations with the USA on the basis of the "Privacy Shield" on alternate direct access to data from providers by law enforcement officers.

The hearing in the Justice Committee of Parliament was opened by Justice Commissioner Reynders with the announcement that there would be no further such agreement after “Safe Harbor” and “Privacy Shield”. In doing so, he indirectly agreed with the critics, who had always described both agreements as legal eye-wiping. Instead, the Standard Contractual Clauses (SCC) would be adapted by December to comply with the decision of the ECJ, said Reynders. These SCCs are model contracts of the EU Commission that can be used for all data transfers to other EU countries. However, only if it can be assumed that the data is adequately protected as a result.

He was followed by the chairman of the European data protection authorities, the Austrian data protection officer Andrea Jelinek, who examined the problem from a regulatory point of view, and then Max Schrems was welcomed in the committee like an old acquaintance. Schrems pointed out that these standard contractual clauses could well be used for a smaller portion of the data transfers, such as hotel bookings, that were not covered by US surveillance laws.

“No-Spy Agreement” is needed

The PNR agreement with Canada was suspended by the ECJ in July 2017. For the most part, it contains identical provisions to those in the agreement with the USA.

The majority of the European data transmitted and stored in the USA fall under Section 702 of the “Foreign Intelligence Surveillance Act” (FISA), according to Schrems. Either way, there would be no avoiding a kind of “no-spy agreement” with the USA. FISA, parts of the "Patriot Act" and the notorious Presidential Order 12333, which was used by the NSA as the legal basis for tapping the internal data exchange between Google's data centers, affect all data flows between Europe and the USA. The passenger data of air travelers from the EU are also systematically deducted.

These data sets are particularly informative for frequent flyers because they are far more extensive and detailed than is generally assumed. As they are stored for more than five years, they provide complete profiles of flight movements and habits of individual individuals. All conceivable data from credit card numbers to seat numbers on the plane, bookings of rental cars, length of stay and meal preferences, from vegan to halal, are recorded. This data retention over five years was the primary reason why the ECJ declared the agreement with Canada to be invalid in 2017.

Public domain

Although the agreement with Canada has been rejected, the associated EU directive on the retention of air passenger data is still in force. Article 12 stipulates a storage period of five years for all data from all flight movements. According to the ECJ, permanent storage is only permitted for those data sets of people against whom there is a reasonable suspicion of serious crimes such as membership in a terrorist or criminal organization.

Clear facts

The report of the transatlantic working group on NSA espionage from December 2013 showed that only the internal regulations of the US secret services apply to the handling of EU data.

Even the report of the transatlantic working group, which was set up after Edward Snowden's first revelations at the end of 2013, left hardly any questions unanswered. Neither initial suspicions nor violations of the law or specific criminal proceedings had to be present, according to the US at the time. The only criterion for the rasterization of this data is solely “the assumption that the query will provide information for the secret services”.

The FISA secret court grants wholesale approvals, so “targeted” search queries concern billions of data records from all over the world. The German NGO "Gesellschaft für Freiheitsrechte" (Gesellschaft für Freiheitsrechte) had sued against the PNR agreement before a German court, which had referred the suit to the ECJ for clarification. The Austrian NGO "Epicenter Works" filed a lawsuit at the same time. "The German courts were a little faster than their Austrian colleagues," said Thomas Lohninger from Epicenter.works to ORF.at. As a result, it was decided to pause the lawsuit in Austria until the ECJ ruled on this matter. The additional recording of all intra-European flights, which the former Interior Minister Herbert Kickl had tried hard to do - this was provided as a mere option in the PNR Directive - has now been repealed in Austria.