Interim Agreement Between the European Union and the United States Regarding the Transfer of Passenger Name Record Data, 348-351 [06-9980]
Download as PDF
<![CDATA[
348
Federal Register / Vol. 72, No. 2 / Thursday, January 4, 2007 / Notices
includes a provision exempting these
Area Maritime Security (AMS)
Committees from the Federal Advisory
Committee Act (FACA), Public Law 92–
436, 86 Stat. 470 (5 U.S.C. App.2).
The South Texas Area Maritime
Security (STAMS) Committee assists the
Captain of the Port(COTP)/Federal
Maritime Security Coordinator (FMSC)
in the review and update of the STAMS
Plan for the Corpus Christi Area of
Responsibility. Such matters may
include, but are not limited to:
Identifying critical port infrastructure
and operations; Identifying risks
(threats, vulnerabilities, and
consequences); Determining mitigation
strategies and implementation methods;
Developing and describing the process
to continually evaluate overall port
security by considering consequences
and vulnerabilities, how they may
change over time, and what additional
mitigation strategies can be applied; and
Providing advice to, and assisting the
COTP/FMSC in, reviewing and updating
the STAMS Plan.
STAMS Committee Membership
Applicants should have at least 5
years of experience related to maritime
or port security operations. The STAMS
Committee has ten members, made up
of at least one individual from the
Corpus Christi, Rio Grande Valley, Port
of Port Lavaca-Point Comfort and
Victoria Barge Canal, Port Security
Working Groups (PSWG). We are
seeking to fill one vacancy each from
the Victoria Barge Canal, Rio Grande
Valley and Corpus Christi PSWG areas
with this solicitation. Applicants may
be required to pass an appropriate
security background check prior to
appointment to the committee.
Members’ term of office will be for 5
years, however, a member is eligible to
serve an additional term of office.
Members will not receive any salary or
other compensation for their service on
the STAMS Committee. In support of
the Coast Guard’s policy on gender and
ethnic diversity, we encourage qualified
women and members of minority groups
to apply.
mstockstill on PROD1PC61 with NOTICES
Request for Applications
Those seeking membership are not
required to submit formal applications
to the local COTP/FMSC, however,
because we do have an obligation to
ensure that a specific number of
members have the prerequisite maritime
security experience, we encourage the
submission of resumes highlighting
VerDate Aug<31>2005
15:51 Jan 03, 2007
Jkt 211001
experience in the maritime and security
industries.
J.H. Korn,
Captain, U.S. Coast Guard, Corpus Christi
Captain of the Port/Federal Maritime Security
Coordinator.
[FR Doc. E6–22425 Filed 1–3–07; 8:45 am]
BILLING CODE 4910–15–P
DEPARTMENT OF HOMELAND
SECURITY
Bureau of Customs and Border
Protection
Interim Agreement Between the
European Union and the United States
Regarding the Transfer of Passenger
Name Record Data
Bureau of Customs and Border
Protection; DHS.
ACTION: General notice.
AGENCY:
SUMMARY: This Notice is intended to
update a General Notice published in
the Federal Register on July 9, 2004,
advising that the Department of
Homeland Security, Customs and
Border Protection, had issued a
document on May 11, 2004 (referred to
as the ‘‘Undertakings’’) containing
representations regarding the manner in
which it would handle certain
Passenger Name Record data relating to
flights between the United States and
European Union member states. This
Notice describes updates and
adjustments to the Undertakings to
reflect changes in the law and
circumstances surrounding these data
transfers.
EFFECTIVE DATES:
This Notice is effective
January 4, 2007.
FOR FURTHER INFORMATION CONTACT:
Michael Scardaville, (202) 282–8321.
SUPPLEMENTARY INFORMATION: On July 9,
2004, a Notice was published in the
Federal Register (69 FR 41543;
corrected at 69 FR 44082 on July 23,
2004), advising that the Department of
Homeland Security (DHS), Customs and
Border Protection (CBP), had issued a
document on May 11, 2004 (referred to
as the ‘‘Undertakings’’) containing
representations regarding the manner in
which CBP would handle certain
Passenger Name Record (PNR) data
relating to flights between the United
States and European Union (EU)
member states. When they were issued,
these Undertakings were understood to
provide the foundation for the European
Community (EC) to enter into an
agreement with the United States that
permitted the transfer of PNR data to
CBP consistent with applicable EC law.
PO 00000
Frm 00023
Fmt 4703
Sfmt 4703
However, through a diplomatic note
presented on July 3, 2006, the EC
terminated the agreement as of
September 30, 2006, as a consequence of
the determination of the European Court
of Justice that the agreement had been
concluded on an inapplicable basis
under European Union law.
On October 19, 2006, the United
States and the EU concluded an
agreement to last until July 31, 2007.
This agreement was accompanied by a
letter of the United States updating and
adjusting the Undertakings to reflect
changes in the law and circumstances
surrounding this data transfer. The letter
was discussed extensively with the EU,
and the EU has acknowledged it without
objection. Copies of the agreement and
letter are contained in this notice. All
representations contained in the
Undertakings, as published on July 9
and 23, 2004 are to be interpreted
consistently with the October 19, 2006
agreement and its accompanying letter.
The letter reflects changes in U.S. law
and experience since the Undertakings
were issued and is consistent with
existing relevant provisions of U.S. law.
Both the agreement and the
Undertakings shall terminate on July 31,
2007, unless extended.
Dated: December 19, 2006.
Stewart Baker,
Assistant Secretary for Policy.
Text of agreement:
AGREEMENT
Between the European Union and the
United States of America on the
Processing and Transfer of Passenger
Name Record (PNR) Data by Air
Carriers to the United States
Department of Homeland Security
THE EUROPEAN UNION AND THE
UNITED STATES OF AMERICA,
DESIRING to prevent and combat
terrorism and transnational crime
effectively as a means of protecting their
respective democratic societies and
common values,
RECOGNISING that, in order to
safeguard public security and for law
enforcement purposes, rules should be
laid down on the transfer of Passenger
Name Record (‘‘PNR’’) data by air
carriers to the Department of Homeland
Security (hereinafter ‘‘DHS’’). For the
purposes of this Agreement, DHS means
the Bureau of Customs and Border
Protection, U.S. Immigration and
Customs Enforcement and the Office of
the Secretary and the entities that
directly support it, but does not include
other components of DHS such as the
Citizenship and Immigration Services,
Transportation Security Administration,
E:\FR\FM\04JAN1.SGM
04JAN1
mstockstill on PROD1PC61 with NOTICES
Federal Register / Vol. 72, No. 2 / Thursday, January 4, 2007 / Notices
United States Secret Service, the United
States Coast Guard, and the Federal
Emergency Management Agency,
RECOGNISING the importance of
preventing and combating terrorism and
related crimes, and other serious crimes
that are transnational in nature,
including organized crime, while
respecting fundamental rights and
freedoms, notably privacy,
HAVING REGARD to U.S. statutes
and regulations requiring each air
carrier operating passenger flights in
foreign air transportation to or from the
United States to provide DHS with
electronic access to PNR data to the
extent they are collected and contained
in the air carrier’s automated
reservation/departure control systems
(hereinafter ‘‘reservation systems’’),
HAVING REGARD to Article 6(2) of
the Treaty on European Union on
respect for fundamental rights, and in
particular to the related right to the
protection of personal data,
HAVING REGARD to relevant
provisions of the Aviation
Transportation Security Act of 2001, the
Homeland Security Act of 2002, the
Intelligence Reform and Terrorism
Prevention Act of 2004 and Executive
Order 13388 regarding cooperation
between agencies of the United States
government in combating terrorism,
HAVING REGARD to the
Undertakings as published in the U.S.
Federal Register 1 and implemented by
DHS,
NOTING that the European Union
should ensure that air carriers with
reservation systems located within the
European Union arrange for
transmission of PNR data to DHS as
soon as this is technically feasible but
that, until then, the U.S. authorities
should be allowed to access the data
directly, in accordance with the
provisions of this Agreement,
AFFIRMING that this Agreement does
not constitute a precedent for any future
discussions or negotiations between the
United States and the European Union,
or between either of the Parties and any
State regarding the processing and
transfer of PNR or any other form of
data,
HAVING REGARD to the commitment
of both sides to work together to reach
an appropriate and mutually satisfactory
solution, without delay, on the
processing of Advance Passenger
Information (API) data from the
European Union to the United States,
NOTING that in reliance on this
Agreement, the EU confirms that it will
not hinder the transfer of PNR data
between Canada and the United States
1 Vol.
69, No 131, p. 41543.
VerDate Aug<31>2005
15:51 Jan 03, 2007
Jkt 211001
and that the same principle will be
applied in any similar agreement on the
processing and transfer of PNR data,
HAVE AGREED AS FOLLOWS
(1) In reliance upon DHS’s continued
implementation of the aforementioned
Undertakings as interpreted in the light
of subsequent events, the European
Union shall ensure that air carriers
operating passenger flights in foreign air
transportation to or from the United
States of America process PNR data
contained in their reservation systems
as required by DHS.
(2) Accordingly, DHS will
electronically access the PNR data from
air carriers’ reservation systems located
within the territory of the Member
States of the European Union until there
is a satisfactory system in place
allowing for transmission of such data
by the air carriers.
(3) DHS shall process PNR data
received and treat data subjects
concerned by such processing in
accordance with applicable U.S. laws
and constitutional requirements,
without unlawful discrimination, in
particular on the basis of nationality and
country of residence.
(4) The implementation of this
Agreement shall be jointly and regularly
reviewed.
(5) In the event that an airline
passenger information system is
implemented in the European Union or
in one or more of its Member States that
requires air carriers to provide
authorities with access to PNR data for
persons whose travel itinerary includes
a flight to or from the European Union,
DHS shall, in so far as practicable and
strictly on the basis of reciprocity,
actively promote the cooperation of
airlines within its jurisdiction.
(6) For the purpose of applying this
Agreement, DHS is deemed to ensure an
adequate level of protection for PNR
data transferred from the European
Union concerning passenger flights in
foreign air transportation to or from the
United States.
(7) This Agreement shall enter into
force on the first day of the month after
the date on which the Parties have
exchanged notifications indicating that
they have completed their internal
procedures for this purpose. This
Agreement shall apply provisionally as
of the date of signature. Either Party
may terminate or suspend this
Agreement at any time by notification
through diplomatic channels.
Termination shall take effect thirty (30)
days from the date of notification
thereof to the other Party. This
Agreement shall expire upon the date of
application of any superseding
PO 00000
Frm 00024
Fmt 4703
Sfmt 4703
349
agreement and in any event no later
than 31 July 2007, unless extended by
mutual written agreement.
This Agreement is not intended to
derogate from or amend legislation of
the United States of America or the
European Union or its Member States.
This Agreement does not create or
confer any right or benefit on any other
person or entity, private or public.
This Agreement shall be drawn up in
duplicate in the English language. It
shall also be drawn up in the Czech,
Danish, Dutch, Estonian, Finnish,
French, German, Greek, Hungarian,
Italian, Latvian, Lithuanian, Maltese,
Polish, Portuguese, Slovak, Slovenian,
Spanish and Swedish languages, and
the Parties shall approve these language
versions. Once approved, the versions
in these languages shall be equally
authentic.
Done at Washington D.C. on 19 October
2006 and at Luxembourg on 16 October 2006.
For the United States of America
Michael Chertoff,
Secretary, Department of Homeland Security.
For the European Union
Erkki Tuomioja,
Minister for Foreign Affairs, President of the
Council of the European Union.
Text of U.S. letter:
Via Electronic Delivery
ATTN: Director General Jonathan Faull,
European Commission
B–1049 Bruxelles, Belgium 22.
ATTN: Ms. Irma Ertman, Presidency of
the Council of the European Union
Ministry of Foreign Affairs, P.O Box
176, Laivastokatu, FIN–00161
Helsinki, Finland.
Dear Jonathan and Irma:
This letter is intended to set forth our
understandings with regard to the
interpretation of a number of provisions
of the Passenger Name Record (PNR)
Undertakings issued on May 11, 2004 by
the Department of Homeland Security
(DHS). For the purposes of this letter,
DHS means the Bureau of Customs and
Border Protection, U.S. Immigration and
Customs Enforcement and the Office of
the Secretary and the entities that
directly support it, but does not include
other components of DHS such as the
Citizenship and Immigration Services,
Transportation Security Administration,
United States Secret Service, the United
States Coast Guard, and the Federal
Emergency Management Agency. We
look forward to further reviewing these
and other issues in the context of future
discussions toward a comprehensive,
reciprocal agreement based on common
principles.
E:\FR\FM\04JAN1.SGM
04JAN1
mstockstill on PROD1PC61 with NOTICES
350
Federal Register / Vol. 72, No. 2 / Thursday, January 4, 2007 / Notices
Sharing and Disclosure of PNR
The Intelligence Reform and
Terrorism Prevention Act of 2004
required the President to establish an
Information Sharing Environment ‘‘that
facilitates the sharing of terrorism
information.’’ Following this enactment,
on October 25, 2005 the President
issued Executive Order 13388, directing
that DHS and other agencies ‘‘promptly
give access to * * * terrorism
information to the head of each other
agency that has counterterrorism
functions’’ and establishing a
mechanism for implementing the
Information Sharing Environment.
Pursuant to Paragraph 35 of the
Undertakings (which states that ‘‘No
statement in these Undertakings shall
impede the use or disclosure of PNR
data in any criminal judicial
proceedings or as otherwise required by
law’’ and allows DHS to ‘‘advise the
European Commission regarding the
passage of any U.S. legislation which
materially affects the statements made
in these Undertakings’’), the U.S. has
now advised the EU that the
implementation of the Information
Sharing Environment required by the
Act and the Executive Order described
above may be impeded by certain
provisions of the Undertakings that
restrict information sharing among U.S.
agencies, particularly all or portions of
paragraphs 17, 28, 29, 30, 31, and 32.
In light of these developments and in
accordance with what follows, the
Undertakings should be interpreted and
applied so as to not impede the sharing
of PNR data by DHS with other
authorities of the U.S. government
responsible for preventing or combating
of terrorism and related crimes as set
forth in Paragraph 3 of the
Undertakings.
DHS will therefore facilitate the
disclosure (without providing
unconditional direct electronic access)
of PNR data to U.S. government
authorities exercising a counterterrorism function that need PNR for the
purpose of preventing or combating
terrorism and related crimes in cases
(including threats, flights, individuals,
and routes of concern) that they are
examining or investigating. DHS will
ensure that such authorities respect
comparable standards of data protection
to that applicable to DHS, in particular
in relation to purpose limitation, data
retention, further disclosure, awareness
and training, security standards and
sanctions for abuse, and procedures for
information, complaints and
rectification. Prior to commencing
facilitated disclosure, each receiving
authority will confirm in writing to DHS
VerDate Aug<31>2005
15:51 Jan 03, 2007
Jkt 211001
that it respects those standards. DHS
will inform the EU in writing of the
implementation of such facilitated
disclosure and respect for the applicable
standards before the expiration of the
Agreement.
Early Access Period for PNR
While Paragraph 14 limits the number
of times PNR can be pulled, the
provision puts no such restriction on
the ‘‘pushing’’ of data to DHS. The push
system is considered by the EU to be
less intrusive from a data privacy
perspective. The push system does not
confer on airlines any discretion to
decide when, how or what data to push,
however. That decision is conferred on
DHS by U.S. law. Therefore, it is
understood that DHS will utilize a
method of pushing the necessary PNR
data that meets the agency’s needs for
effective risk assessment, taking into
account the economic impact upon air
carriers.
In determining when the initial push
of data is to occur, DHS has discretion
to obtain PNR more than 72 hours prior
to the departure of a flight so long as
action is essential to combat an offense
enumerated in Paragraph 3.
Additionally, while there are instances
in which the U.S. government may have
specific information regarding a
particular threat, in most instances the
available intelligence is less definitive
and may require the casting of a broader
net to try and uncover both the nature
of the threat and the persons involved.
Paragraph 14 is therefore understood to
permit access to PNR outside of the 72
hour mark when there is an indication
that early access is likely to assist in
responding to a specific threat to a
flight, set of flights, route, or other
circumstances associated with offenses
described in Paragraph 3 of the
Undertakings. In exercising this
discretion, DHS will act judiciously and
with proportionality.
DHS will move as soon as practicable
to a push system for the transfer of PNR
data in accordance with the
Undertakings and will carry out no later
than the end of 2006 the necessary tests
for at least one system currently in
development if DHS’s technical
requirements are satisfied by the design
to be tested. Without derogating from
the Undertakings and in order to avoid
prejudging the possible future needs of
the system any filters employed in a
push system, and the design of the
system itself must permit any PNR data
in the airline reservation or departure
control systems to be pushed to DHS in
exceptional circumstances where
augmented disclosure is strictly
necessary to address a threat to the vital
PO 00000
Frm 00025
Fmt 4703
Sfmt 4703
interests of the data subject or other
persons.
Data Retention
Several important uses for PNR data
help to identify potential terrorists; even
data that is more than 3.5 years old can
be crucial in identifying links among
terrorism suspects. The Agreement will
have expired before Paragraph 15 of the
Undertakings requires the destruction of
any data, and questions of whether and
when to destroy PNR data collected in
accordance with the Undertakings will
be addressed by the United States and
the European Union as part of future
discussions.
The Joint Review
Given the extensive joint analysis of
the Undertakings conducted in
September 2005 and the expiration of
the agreement prior to the next Joint
Review, the question of how and
whether to conduct a joint review in
2007 will be addressed during the
discussions regarding a future
agreement.
Data Elements
The frequent flyer field may offer
addresses, telephone numbers, e-mail
addresses; all of these, as well as the
frequent flyer number itself, may
provide crucial evidence of links to
terrorism. Similarly, information about
the number of bags carried by a
passenger may have value in a
counterterrorism context. The
Undertakings authorize DHS to add data
elements to the 34 previously set forth
in Attachment ‘‘A’’ of the Undertakings,
if such data is necessary to fulfill the
purposes set forth in paragraph 3.
With this letter the U.S. has consulted
under Paragraph 7 with the EU in
connection with item 11 of Attachment
A regarding DHS’s need to obtain the
frequent flier number and any data
element listed in Attachment A to the
Undertakings wherever that element
may be found.
Vital Interests of the Data Subject or
Others
Recognizing the potential importance
of PNR data in the context of infectious
disease and other risks to passengers,
DHS reconfirms that access to such
information is authorized by paragraph
34, which provides that the
Undertakings must not impede the use
of PNR for the protection of the vital
interests of the data subject or of other
persons or inhibit the direct availability
of PNR to relevant authorities for the
purposes set forth in Paragraph 3 of the
Undertakings. ‘‘Vital interests’’
encompasses circumstances in which
E:\FR\FM\04JAN1.SGM
04JAN1
Federal Register / Vol. 72, No. 2 / Thursday, January 4, 2007 / Notices
the lives of the data subject or of others
could be at stake and includes access to
information necessary to ensure that
those who may carry or may have been
exposed to a dangerous communicable
disease can be readily identified,
located, and informed without delay.
Such data will be protected in a manner
commensurate with its nature and used
strictly for the purposes for which it was
accessed.
Program-Other Needs; 97.036, Public
Assistance Grants; 97.039, Hazard Mitigation
Grant Program.)
R. David Paulison,
Under Secretary for Federal Emergency
Management and Director of FEMA.
[FR Doc. E6–22520 Filed 1–3–07; 8:45 am]
351
Assistance Grants; 97.039, Hazard Mitigation
Grant Program.)
R. David Paulison,
Under Secretary for Federal Emergency
Management and Director of FEMA.
[FR Doc. E6–22519 Filed 1–3–07; 8:45 am]
BILLING CODE 9110–10–P
BILLING CODE 9110–10–P
DEPARTMENT OF THE INTERIOR
Geological Survey
Federal Emergency Management
Agency
Notice of an Open Meeting of the
Advisory Committee on Water
Information (ACWI)
[FEMA–1671–DR]
Sincerely yours,
Stewart Baker,
Assistant Secretary for Policy.
[FR Doc. 06–9980 Filed 1–3–07; 8:45 am]
DEPARTMENT OF HOMELAND
SECURITY
SUMMARY: Notice is hereby given of the
2007 annual meeting of the ACWI. This
meeting is to discuss broad policyrelated topics relating to national water
initiatives; and the development and
dissemination of water information,
through reports from eight ACWI
subgroups. The agenda will include an
update on the next phase of the National
Water Quality Monitoring Network for
U.S. Coastal Waters and their
Tributaries, as well as consideration of
a proposed new Subcommittee on
Ground Water. The ACWI has been
established under the authority of the
Office of Management and Budget
Memorandum M92–01 and the Federal
Advisory Committee Act. The purpose
of the ACWI is to provide a forum for
water information users and
professionals to advise the Federal
Government of activities and plans that
may improve the effectiveness of
meeting the Nation’s water information
needs. Member organizations help to
foster communications between the
Federal and non-Federal sectors on
sharing water information.
Membership represents a wide range
of water resources interests and
functions. Representation on the ACWI
includes all levels of government,
academia, private industry, and
professional and technical societies.
Member organizations designate their
representatives and alternates.
Membership is limited to a maximum of
35 organizations.
DATES: The formal meeting will convene
at 8:30 a.m. on January 17, 2007, and
will adjourn on January 18, 2007 at 4:30
p.m.
ADDRESSES: Crowne Plaza Dulles
Airport, 2200 Centreville Road,
Herndon, Virginia 20170.
FOR FURTHER INFORMATION CONTACT: Ms.
Toni M. Johnson (Executive Secretary),
Chief, Water Information Coordination
Program, U.S. Geological Survey, 12201
Sunrise Valley Drive, MS 417 National
Center, Reston, VA 20192. Telephone:
BILLING CODE 9114–14–P
DEPARTMENT OF HOMELAND
SECURITY
Washington; Amendment No. 1 to
Notice of a Major Disaster Declaration
Federal Emergency Management
Agency
AGENCY:
[FEMA–1670–DR]
ACTION:
Federal Emergency
Management Agency, DHS.
New York; Amendment No. 1 to Notice
of a Major Disaster Declaration
Federal Emergency
Management Agency, DHS.
ACTION: Notice.
AGENCY:
SUMMARY: This notice amends the notice
of a major disaster declaration for the
State of New York (FEMA–1670–DR),
dated December 12, 2006, and related
determinations.
DATES:
Effective Date: December 22,
2006.
mstockstill on PROD1PC61 with NOTICES
Magda Ruiz, Recovery Division, Federal
Emergency Management Agency,
Washington, DC 20472, (202) 646–2705.
SUPPLEMENTARY INFORMATION: The notice
of a major disaster declaration for the
State of New York is hereby amended to
include the Individual Assistance
program for the following areas among
those areas determined to have been
adversely affected by the catastrophe
declared a major disaster by the
President in his declaration of December
12, 2006:
Broome and Chenango Counties for
Individual Assistance (already designated for
Public Assistance.)
(The following Catalog of Federal Domestic
Assistance Numbers (CFDA) are to be used
for reporting and drawing funds: 97.030,
Community Disaster Loans; 97.031, Cora
Brown Fund Program; 97.032, Crisis
Counseling; 97.033, Disaster Legal Services
Program; 97.034, Disaster Unemployment
Assistance (DUA); 97.046, Fire Management
Assistance; 97.048, Individuals and
Households Housing; 97.049, Individuals and
Households Disaster Housing Operations;
97.050, Individuals and Households
15:51 Jan 03, 2007
Jkt 211001
SUMMARY: This notice amends the notice
of a major disaster declaration for the
State of Washington (FEMA–1671–DR),
dated December 12, 2006, and related
determinations.
DATES:
Effective Date: December 22,
2006.
FOR FURTHER INFORMATION CONTACT:
Magda Ruiz, Recovery Division, Federal
Emergency Management Agency,
Washington, DC 20472, (202) 646–2705.
The notice
of a major disaster declaration for the
State of Washington is hereby amended
to include the Public Assistance
program for the following areas among
those areas determined to have been
adversely affected by the catastrophe
declared a major disaster by the
President in his declaration of December
12, 2006:
SUPPLEMENTARY INFORMATION:
FOR FURTHER INFORMATION CONTACT:
VerDate Aug<31>2005
Notice.
Chelan, Jefferson, and Pacific Counties for
Public Assistance. Cowlitz, Grays Harbor,
King, Lewis, Pierce, Skagit, Skamania,
Snohomish, and Wahkiakum Counties for
Public Assistance (already designated for
Individual Assistance.)
(The following Catalog of Federal Domestic
Assistance Numbers (CFDA) are to be used
for reporting and drawing funds: 97.030,
Community Disaster Loans; 97.031, Cora
Brown Fund Program; 97.032, Crisis
Counseling; 97.033, Disaster Legal Services
Program; 97.034, Disaster Unemployment
Assistance (DUA); 97.046, Fire Management
Assistance; 97.048, Individuals and
Households Housing; 97.049, Individuals and
Households Disaster Housing Operations;
97.050 Individuals and Households
Program—Other Needs, 97.036, Public
PO 00000
Frm 00026
Fmt 4703
Sfmt 4703
E:\FR\FM\04JAN1.SGM
04JAN1
]]>Agencies
[Federal Register Volume 72, Number 2 (Thursday, January 4, 2007)]
[Notices]
[Pages 348-351]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 06-9980]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Bureau of Customs and Border Protection
Interim Agreement Between the European Union and the United
States Regarding the Transfer of Passenger Name Record Data
AGENCY: Bureau of Customs and Border Protection; DHS.
ACTION: General notice.
-----------------------------------------------------------------------
SUMMARY: This Notice is intended to update a General Notice published
in the Federal Register on July 9, 2004, advising that the Department
of Homeland Security, Customs and Border Protection, had issued a
document on May 11, 2004 (referred to as the ``Undertakings'')
containing representations regarding the manner in which it would
handle certain Passenger Name Record data relating to flights between
the United States and European Union member states. This Notice
describes updates and adjustments to the Undertakings to reflect
changes in the law and circumstances surrounding these data transfers.
EFFECTIVE DATES: This Notice is effective January 4, 2007.
FOR FURTHER INFORMATION CONTACT: Michael Scardaville, (202) 282-8321.
SUPPLEMENTARY INFORMATION: On July 9, 2004, a Notice was published in
the Federal Register (69 FR 41543; corrected at 69 FR 44082 on July 23,
2004), advising that the Department of Homeland Security (DHS), Customs
and Border Protection (CBP), had issued a document on May 11, 2004
(referred to as the ``Undertakings'') containing representations
regarding the manner in which CBP would handle certain Passenger Name
Record (PNR) data relating to flights between the United States and
European Union (EU) member states. When they were issued, these
Undertakings were understood to provide the foundation for the European
Community (EC) to enter into an agreement with the United States that
permitted the transfer of PNR data to CBP consistent with applicable EC
law. However, through a diplomatic note presented on July 3, 2006, the
EC terminated the agreement as of September 30, 2006, as a consequence
of the determination of the European Court of Justice that the
agreement had been concluded on an inapplicable basis under European
Union law.
On October 19, 2006, the United States and the EU concluded an
agreement to last until July 31, 2007. This agreement was accompanied
by a letter of the United States updating and adjusting the
Undertakings to reflect changes in the law and circumstances
surrounding this data transfer. The letter was discussed extensively
with the EU, and the EU has acknowledged it without objection. Copies
of the agreement and letter are contained in this notice. All
representations contained in the Undertakings, as published on July 9
and 23, 2004 are to be interpreted consistently with the October 19,
2006 agreement and its accompanying letter. The letter reflects changes
in U.S. law and experience since the Undertakings were issued and is
consistent with existing relevant provisions of U.S. law.
Both the agreement and the Undertakings shall terminate on July 31,
2007, unless extended.
Dated: December 19, 2006.
Stewart Baker,
Assistant Secretary for Policy.
Text of agreement:
AGREEMENT
Between the European Union and the United States of America on the
Processing and Transfer of Passenger Name Record (PNR) Data by Air
Carriers to the United States Department of Homeland Security
THE EUROPEAN UNION AND THE UNITED STATES OF AMERICA,
DESIRING to prevent and combat terrorism and transnational crime
effectively as a means of protecting their respective democratic
societies and common values,
RECOGNISING that, in order to safeguard public security and for law
enforcement purposes, rules should be laid down on the transfer of
Passenger Name Record (``PNR'') data by air carriers to the Department
of Homeland Security (hereinafter ``DHS''). For the purposes of this
Agreement, DHS means the Bureau of Customs and Border Protection, U.S.
Immigration and Customs Enforcement and the Office of the Secretary and
the entities that directly support it, but does not include other
components of DHS such as the Citizenship and Immigration Services,
Transportation Security Administration,
[[Page 349]]
United States Secret Service, the United States Coast Guard, and the
Federal Emergency Management Agency,
RECOGNISING the importance of preventing and combating terrorism
and related crimes, and other serious crimes that are transnational in
nature, including organized crime, while respecting fundamental rights
and freedoms, notably privacy,
HAVING REGARD to U.S. statutes and regulations requiring each air
carrier operating passenger flights in foreign air transportation to or
from the United States to provide DHS with electronic access to PNR
data to the extent they are collected and contained in the air
carrier's automated reservation/departure control systems (hereinafter
``reservation systems''),
HAVING REGARD to Article 6(2) of the Treaty on European Union on
respect for fundamental rights, and in particular to the related right
to the protection of personal data,
HAVING REGARD to relevant provisions of the Aviation Transportation
Security Act of 2001, the Homeland Security Act of 2002, the
Intelligence Reform and Terrorism Prevention Act of 2004 and Executive
Order 13388 regarding cooperation between agencies of the United States
government in combating terrorism,
HAVING REGARD to the Undertakings as published in the U.S. Federal
Register \1\ and implemented by DHS,
NOTING that the European Union should ensure that air carriers with
reservation systems located within the European Union arrange for
transmission of PNR data to DHS as soon as this is technically feasible
but that, until then, the U.S. authorities should be allowed to access
the data directly, in accordance with the provisions of this Agreement,
AFFIRMING that this Agreement does not constitute a precedent for
any future discussions or negotiations between the United States and
the European Union, or between either of the Parties and any State
regarding the processing and transfer of PNR or any other form of data,
HAVING REGARD to the commitment of both sides to work together to
reach an appropriate and mutually satisfactory solution, without delay,
on the processing of Advance Passenger Information (API) data from the
European Union to the United States,
NOTING that in reliance on this Agreement, the EU confirms that it
will not hinder the transfer of PNR data between Canada and the United
States and that the same principle will be applied in any similar
agreement on the processing and transfer of PNR data,
HAVE AGREED AS FOLLOWS
(1) In reliance upon DHS's continued implementation of the
aforementioned Undertakings as interpreted in the light of subsequent
events, the European Union shall ensure that air carriers operating
passenger flights in foreign air transportation to or from the United
States of America process PNR data contained in their reservation
systems as required by DHS.
---------------------------------------------------------------------------
\1\ Vol. 69, No 131, p. 41543.
---------------------------------------------------------------------------
(2) Accordingly, DHS will electronically access the PNR data from
air carriers' reservation systems located within the territory of the
Member States of the European Union until there is a satisfactory
system in place allowing for transmission of such data by the air
carriers.
(3) DHS shall process PNR data received and treat data subjects
concerned by such processing in accordance with applicable U.S. laws
and constitutional requirements, without unlawful discrimination, in
particular on the basis of nationality and country of residence.
(4) The implementation of this Agreement shall be jointly and
regularly reviewed.
(5) In the event that an airline passenger information system is
implemented in the European Union or in one or more of its Member
States that requires air carriers to provide authorities with access to
PNR data for persons whose travel itinerary includes a flight to or
from the European Union, DHS shall, in so far as practicable and
strictly on the basis of reciprocity, actively promote the cooperation
of airlines within its jurisdiction.
(6) For the purpose of applying this Agreement, DHS is deemed to
ensure an adequate level of protection for PNR data transferred from
the European Union concerning passenger flights in foreign air
transportation to or from the United States.
(7) This Agreement shall enter into force on the first day of the
month after the date on which the Parties have exchanged notifications
indicating that they have completed their internal procedures for this
purpose. This Agreement shall apply provisionally as of the date of
signature. Either Party may terminate or suspend this Agreement at any
time by notification through diplomatic channels. Termination shall
take effect thirty (30) days from the date of notification thereof to
the other Party. This Agreement shall expire upon the date of
application of any superseding agreement and in any event no later than
31 July 2007, unless extended by mutual written agreement.
This Agreement is not intended to derogate from or amend
legislation of the United States of America or the European Union or
its Member States. This Agreement does not create or confer any right
or benefit on any other person or entity, private or public.
This Agreement shall be drawn up in duplicate in the English
language. It shall also be drawn up in the Czech, Danish, Dutch,
Estonian, Finnish, French, German, Greek, Hungarian, Italian, Latvian,
Lithuanian, Maltese, Polish, Portuguese, Slovak, Slovenian, Spanish and
Swedish languages, and the Parties shall approve these language
versions. Once approved, the versions in these languages shall be
equally authentic.
Done at Washington D.C. on 19 October 2006 and at Luxembourg on
16 October 2006.
For the United States of America
Michael Chertoff,
Secretary, Department of Homeland Security.
For the European Union
Erkki Tuomioja,
Minister for Foreign Affairs, President of the Council of the European
Union.
Text of U.S. letter:
Via Electronic Delivery
ATTN: Director General Jonathan Faull, European Commission
B-1049 Bruxelles, Belgium 22.
ATTN: Ms. Irma Ertman, Presidency of the Council of the European Union
Ministry of Foreign Affairs, P.O Box 176, Laivastokatu, FIN-00161
Helsinki, Finland.
Dear Jonathan and Irma:
This letter is intended to set forth our understandings with regard
to the interpretation of a number of provisions of the Passenger Name
Record (PNR) Undertakings issued on May 11, 2004 by the Department of
Homeland Security (DHS). For the purposes of this letter, DHS means the
Bureau of Customs and Border Protection, U.S. Immigration and Customs
Enforcement and the Office of the Secretary and the entities that
directly support it, but does not include other components of DHS such
as the Citizenship and Immigration Services, Transportation Security
Administration, United States Secret Service, the United States Coast
Guard, and the Federal Emergency Management Agency. We look forward to
further reviewing these and other issues in the context of future
discussions toward a comprehensive, reciprocal agreement based on
common principles.
[[Page 350]]
Sharing and Disclosure of PNR
The Intelligence Reform and Terrorism Prevention Act of 2004
required the President to establish an Information Sharing Environment
``that facilitates the sharing of terrorism information.'' Following
this enactment, on October 25, 2005 the President issued Executive
Order 13388, directing that DHS and other agencies ``promptly give
access to * * * terrorism information to the head of each other agency
that has counterterrorism functions'' and establishing a mechanism for
implementing the Information Sharing Environment.
Pursuant to Paragraph 35 of the Undertakings (which states that
``No statement in these Undertakings shall impede the use or disclosure
of PNR data in any criminal judicial proceedings or as otherwise
required by law'' and allows DHS to ``advise the European Commission
regarding the passage of any U.S. legislation which materially affects
the statements made in these Undertakings''), the U.S. has now advised
the EU that the implementation of the Information Sharing Environment
required by the Act and the Executive Order described above may be
impeded by certain provisions of the Undertakings that restrict
information sharing among U.S. agencies, particularly all or portions
of paragraphs 17, 28, 29, 30, 31, and 32.
In light of these developments and in accordance with what follows,
the Undertakings should be interpreted and applied so as to not impede
the sharing of PNR data by DHS with other authorities of the U.S.
government responsible for preventing or combating of terrorism and
related crimes as set forth in Paragraph 3 of the Undertakings.
DHS will therefore facilitate the disclosure (without providing
unconditional direct electronic access) of PNR data to U.S. government
authorities exercising a counter-terrorism function that need PNR for
the purpose of preventing or combating terrorism and related crimes in
cases (including threats, flights, individuals, and routes of concern)
that they are examining or investigating. DHS will ensure that such
authorities respect comparable standards of data protection to that
applicable to DHS, in particular in relation to purpose limitation,
data retention, further disclosure, awareness and training, security
standards and sanctions for abuse, and procedures for information,
complaints and rectification. Prior to commencing facilitated
disclosure, each receiving authority will confirm in writing to DHS
that it respects those standards. DHS will inform the EU in writing of
the implementation of such facilitated disclosure and respect for the
applicable standards before the expiration of the Agreement.
Early Access Period for PNR
While Paragraph 14 limits the number of times PNR can be pulled,
the provision puts no such restriction on the ``pushing'' of data to
DHS. The push system is considered by the EU to be less intrusive from
a data privacy perspective. The push system does not confer on airlines
any discretion to decide when, how or what data to push, however. That
decision is conferred on DHS by U.S. law. Therefore, it is understood
that DHS will utilize a method of pushing the necessary PNR data that
meets the agency's needs for effective risk assessment, taking into
account the economic impact upon air carriers.
In determining when the initial push of data is to occur, DHS has
discretion to obtain PNR more than 72 hours prior to the departure of a
flight so long as action is essential to combat an offense enumerated
in Paragraph 3. Additionally, while there are instances in which the
U.S. government may have specific information regarding a particular
threat, in most instances the available intelligence is less definitive
and may require the casting of a broader net to try and uncover both
the nature of the threat and the persons involved. Paragraph 14 is
therefore understood to permit access to PNR outside of the 72 hour
mark when there is an indication that early access is likely to assist
in responding to a specific threat to a flight, set of flights, route,
or other circumstances associated with offenses described in Paragraph
3 of the Undertakings. In exercising this discretion, DHS will act
judiciously and with proportionality.
DHS will move as soon as practicable to a push system for the
transfer of PNR data in accordance with the Undertakings and will carry
out no later than the end of 2006 the necessary tests for at least one
system currently in development if DHS's technical requirements are
satisfied by the design to be tested. Without derogating from the
Undertakings and in order to avoid prejudging the possible future needs
of the system any filters employed in a push system, and the design of
the system itself must permit any PNR data in the airline reservation
or departure control systems to be pushed to DHS in exceptional
circumstances where augmented disclosure is strictly necessary to
address a threat to the vital interests of the data subject or other
persons.
Data Retention
Several important uses for PNR data help to identify potential
terrorists; even data that is more than 3.5 years old can be crucial in
identifying links among terrorism suspects. The Agreement will have
expired before Paragraph 15 of the Undertakings requires the
destruction of any data, and questions of whether and when to destroy
PNR data collected in accordance with the Undertakings will be
addressed by the United States and the European Union as part of future
discussions.
The Joint Review
Given the extensive joint analysis of the Undertakings conducted in
September 2005 and the expiration of the agreement prior to the next
Joint Review, the question of how and whether to conduct a joint review
in 2007 will be addressed during the discussions regarding a future
agreement.
Data Elements
The frequent flyer field may offer addresses, telephone numbers, e-
mail addresses; all of these, as well as the frequent flyer number
itself, may provide crucial evidence of links to terrorism. Similarly,
information about the number of bags carried by a passenger may have
value in a counterterrorism context. The Undertakings authorize DHS to
add data elements to the 34 previously set forth in Attachment ``A'' of
the Undertakings, if such data is necessary to fulfill the purposes set
forth in paragraph 3.
With this letter the U.S. has consulted under Paragraph 7 with the
EU in connection with item 11 of Attachment A regarding DHS's need to
obtain the frequent flier number and any data element listed in
Attachment A to the Undertakings wherever that element may be found.
Vital Interests of the Data Subject or Others
Recognizing the potential importance of PNR data in the context of
infectious disease and other risks to passengers, DHS reconfirms that
access to such information is authorized by paragraph 34, which
provides that the Undertakings must not impede the use of PNR for the
protection of the vital interests of the data subject or of other
persons or inhibit the direct availability of PNR to relevant
authorities for the purposes set forth in Paragraph 3 of the
Undertakings. ``Vital interests'' encompasses circumstances in which
[[Page 351]]
the lives of the data subject or of others could be at stake and
includes access to information necessary to ensure that those who may
carry or may have been exposed to a dangerous communicable disease can
be readily identified, located, and informed without delay. Such data
will be protected in a manner commensurate with its nature and used
strictly for the purposes for which it was accessed.
Sincerely yours,
Stewart Baker,
Assistant Secretary for Policy.
[FR Doc. 06-9980 Filed 1-3-07; 8:45 am]
BILLING CODE 9114-14-P
