Interim Agreement Between the European Union and the United States Regarding the Transfer of Passenger Name Record Data, 348-351 [06-9980]

Download as PDF 348 Federal Register / Vol. 72, No. 2 / Thursday, January 4, 2007 / Notices includes a provision exempting these Area Maritime Security (AMS) Committees from the Federal Advisory Committee Act (FACA), Public Law 92– 436, 86 Stat. 470 (5 U.S.C. App.2). The South Texas Area Maritime Security (STAMS) Committee assists the Captain of the Port(COTP)/Federal Maritime Security Coordinator (FMSC) in the review and update of the STAMS Plan for the Corpus Christi Area of Responsibility. Such matters may include, but are not limited to: Identifying critical port infrastructure and operations; Identifying risks (threats, vulnerabilities, and consequences); Determining mitigation strategies and implementation methods; Developing and describing the process to continually evaluate overall port security by considering consequences and vulnerabilities, how they may change over time, and what additional mitigation strategies can be applied; and Providing advice to, and assisting the COTP/FMSC in, reviewing and updating the STAMS Plan. STAMS Committee Membership Applicants should have at least 5 years of experience related to maritime or port security operations. The STAMS Committee has ten members, made up of at least one individual from the Corpus Christi, Rio Grande Valley, Port of Port Lavaca-Point Comfort and Victoria Barge Canal, Port Security Working Groups (PSWG). We are seeking to fill one vacancy each from the Victoria Barge Canal, Rio Grande Valley and Corpus Christi PSWG areas with this solicitation. Applicants may be required to pass an appropriate security background check prior to appointment to the committee. Members’ term of office will be for 5 years, however, a member is eligible to serve an additional term of office. Members will not receive any salary or other compensation for their service on the STAMS Committee. In support of the Coast Guard’s policy on gender and ethnic diversity, we encourage qualified women and members of minority groups to apply. mstockstill on PROD1PC61 with NOTICES Request for Applications Those seeking membership are not required to submit formal applications to the local COTP/FMSC, however, because we do have an obligation to ensure that a specific number of members have the prerequisite maritime security experience, we encourage the submission of resumes highlighting VerDate Aug<31>2005 15:51 Jan 03, 2007 Jkt 211001 experience in the maritime and security industries. J.H. Korn, Captain, U.S. Coast Guard, Corpus Christi Captain of the Port/Federal Maritime Security Coordinator. [FR Doc. E6–22425 Filed 1–3–07; 8:45 am] BILLING CODE 4910–15–P DEPARTMENT OF HOMELAND SECURITY Bureau of Customs and Border Protection Interim Agreement Between the European Union and the United States Regarding the Transfer of Passenger Name Record Data Bureau of Customs and Border Protection; DHS. ACTION: General notice. AGENCY: SUMMARY: This Notice is intended to update a General Notice published in the Federal Register on July 9, 2004, advising that the Department of Homeland Security, Customs and Border Protection, had issued a document on May 11, 2004 (referred to as the ‘‘Undertakings’’) containing representations regarding the manner in which it would handle certain Passenger Name Record data relating to flights between the United States and European Union member states. This Notice describes updates and adjustments to the Undertakings to reflect changes in the law and circumstances surrounding these data transfers. EFFECTIVE DATES: This Notice is effective January 4, 2007. FOR FURTHER INFORMATION CONTACT: Michael Scardaville, (202) 282–8321. SUPPLEMENTARY INFORMATION: On July 9, 2004, a Notice was published in the Federal Register (69 FR 41543; corrected at 69 FR 44082 on July 23, 2004), advising that the Department of Homeland Security (DHS), Customs and Border Protection (CBP), had issued a document on May 11, 2004 (referred to as the ‘‘Undertakings’’) containing representations regarding the manner in which CBP would handle certain Passenger Name Record (PNR) data relating to flights between the United States and European Union (EU) member states. When they were issued, these Undertakings were understood to provide the foundation for the European Community (EC) to enter into an agreement with the United States that permitted the transfer of PNR data to CBP consistent with applicable EC law. PO 00000 Frm 00023 Fmt 4703 Sfmt 4703 However, through a diplomatic note presented on July 3, 2006, the EC terminated the agreement as of September 30, 2006, as a consequence of the determination of the European Court of Justice that the agreement had been concluded on an inapplicable basis under European Union law. On October 19, 2006, the United States and the EU concluded an agreement to last until July 31, 2007. This agreement was accompanied by a letter of the United States updating and adjusting the Undertakings to reflect changes in the law and circumstances surrounding this data transfer. The letter was discussed extensively with the EU, and the EU has acknowledged it without objection. Copies of the agreement and letter are contained in this notice. All representations contained in the Undertakings, as published on July 9 and 23, 2004 are to be interpreted consistently with the October 19, 2006 agreement and its accompanying letter. The letter reflects changes in U.S. law and experience since the Undertakings were issued and is consistent with existing relevant provisions of U.S. law. Both the agreement and the Undertakings shall terminate on July 31, 2007, unless extended. Dated: December 19, 2006. Stewart Baker, Assistant Secretary for Policy. Text of agreement: AGREEMENT Between the European Union and the United States of America on the Processing and Transfer of Passenger Name Record (PNR) Data by Air Carriers to the United States Department of Homeland Security THE EUROPEAN UNION AND THE UNITED STATES OF AMERICA, DESIRING to prevent and combat terrorism and transnational crime effectively as a means of protecting their respective democratic societies and common values, RECOGNISING that, in order to safeguard public security and for law enforcement purposes, rules should be laid down on the transfer of Passenger Name Record (‘‘PNR’’) data by air carriers to the Department of Homeland Security (hereinafter ‘‘DHS’’). For the purposes of this Agreement, DHS means the Bureau of Customs and Border Protection, U.S. Immigration and Customs Enforcement and the Office of the Secretary and the entities that directly support it, but does not include other components of DHS such as the Citizenship and Immigration Services, Transportation Security Administration, E:\FR\FM\04JAN1.SGM 04JAN1 mstockstill on PROD1PC61 with NOTICES Federal Register / Vol. 72, No. 2 / Thursday, January 4, 2007 / Notices United States Secret Service, the United States Coast Guard, and the Federal Emergency Management Agency, RECOGNISING the importance of preventing and combating terrorism and related crimes, and other serious crimes that are transnational in nature, including organized crime, while respecting fundamental rights and freedoms, notably privacy, HAVING REGARD to U.S. statutes and regulations requiring each air carrier operating passenger flights in foreign air transportation to or from the United States to provide DHS with electronic access to PNR data to the extent they are collected and contained in the air carrier’s automated reservation/departure control systems (hereinafter ‘‘reservation systems’’), HAVING REGARD to Article 6(2) of the Treaty on European Union on respect for fundamental rights, and in particular to the related right to the protection of personal data, HAVING REGARD to relevant provisions of the Aviation Transportation Security Act of 2001, the Homeland Security Act of 2002, the Intelligence Reform and Terrorism Prevention Act of 2004 and Executive Order 13388 regarding cooperation between agencies of the United States government in combating terrorism, HAVING REGARD to the Undertakings as published in the U.S. Federal Register 1 and implemented by DHS, NOTING that the European Union should ensure that air carriers with reservation systems located within the European Union arrange for transmission of PNR data to DHS as soon as this is technically feasible but that, until then, the U.S. authorities should be allowed to access the data directly, in accordance with the provisions of this Agreement, AFFIRMING that this Agreement does not constitute a precedent for any future discussions or negotiations between the United States and the European Union, or between either of the Parties and any State regarding the processing and transfer of PNR or any other form of data, HAVING REGARD to the commitment of both sides to work together to reach an appropriate and mutually satisfactory solution, without delay, on the processing of Advance Passenger Information (API) data from the European Union to the United States, NOTING that in reliance on this Agreement, the EU confirms that it will not hinder the transfer of PNR data between Canada and the United States 1 Vol. 69, No 131, p. 41543. VerDate Aug<31>2005 15:51 Jan 03, 2007 Jkt 211001 and that the same principle will be applied in any similar agreement on the processing and transfer of PNR data, HAVE AGREED AS FOLLOWS (1) In reliance upon DHS’s continued implementation of the aforementioned Undertakings as interpreted in the light of subsequent events, the European Union shall ensure that air carriers operating passenger flights in foreign air transportation to or from the United States of America process PNR data contained in their reservation systems as required by DHS. (2) Accordingly, DHS will electronically access the PNR data from air carriers’ reservation systems located within the territory of the Member States of the European Union until there is a satisfactory system in place allowing for transmission of such data by the air carriers. (3) DHS shall process PNR data received and treat data subjects concerned by such processing in accordance with applicable U.S. laws and constitutional requirements, without unlawful discrimination, in particular on the basis of nationality and country of residence. (4) The implementation of this Agreement shall be jointly and regularly reviewed. (5) In the event that an airline passenger information system is implemented in the European Union or in one or more of its Member States that requires air carriers to provide authorities with access to PNR data for persons whose travel itinerary includes a flight to or from the European Union, DHS shall, in so far as practicable and strictly on the basis of reciprocity, actively promote the cooperation of airlines within its jurisdiction. (6) For the purpose of applying this Agreement, DHS is deemed to ensure an adequate level of protection for PNR data transferred from the European Union concerning passenger flights in foreign air transportation to or from the United States. (7) This Agreement shall enter into force on the first day of the month after the date on which the Parties have exchanged notifications indicating that they have completed their internal procedures for this purpose. This Agreement shall apply provisionally as of the date of signature. Either Party may terminate or suspend this Agreement at any time by notification through diplomatic channels. Termination shall take effect thirty (30) days from the date of notification thereof to the other Party. This Agreement shall expire upon the date of application of any superseding PO 00000 Frm 00024 Fmt 4703 Sfmt 4703 349 agreement and in any event no later than 31 July 2007, unless extended by mutual written agreement. This Agreement is not intended to derogate from or amend legislation of the United States of America or the European Union or its Member States. This Agreement does not create or confer any right or benefit on any other person or entity, private or public. This Agreement shall be drawn up in duplicate in the English language. It shall also be drawn up in the Czech, Danish, Dutch, Estonian, Finnish, French, German, Greek, Hungarian, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Slovak, Slovenian, Spanish and Swedish languages, and the Parties shall approve these language versions. Once approved, the versions in these languages shall be equally authentic. Done at Washington D.C. on 19 October 2006 and at Luxembourg on 16 October 2006. For the United States of America Michael Chertoff, Secretary, Department of Homeland Security. For the European Union Erkki Tuomioja, Minister for Foreign Affairs, President of the Council of the European Union. Text of U.S. letter: Via Electronic Delivery ATTN: Director General Jonathan Faull, European Commission B–1049 Bruxelles, Belgium 22. ATTN: Ms. Irma Ertman, Presidency of the Council of the European Union Ministry of Foreign Affairs, P.O Box 176, Laivastokatu, FIN–00161 Helsinki, Finland. Dear Jonathan and Irma: This letter is intended to set forth our understandings with regard to the interpretation of a number of provisions of the Passenger Name Record (PNR) Undertakings issued on May 11, 2004 by the Department of Homeland Security (DHS). For the purposes of this letter, DHS means the Bureau of Customs and Border Protection, U.S. Immigration and Customs Enforcement and the Office of the Secretary and the entities that directly support it, but does not include other components of DHS such as the Citizenship and Immigration Services, Transportation Security Administration, United States Secret Service, the United States Coast Guard, and the Federal Emergency Management Agency. We look forward to further reviewing these and other issues in the context of future discussions toward a comprehensive, reciprocal agreement based on common principles. E:\FR\FM\04JAN1.SGM 04JAN1 mstockstill on PROD1PC61 with NOTICES 350 Federal Register / Vol. 72, No. 2 / Thursday, January 4, 2007 / Notices Sharing and Disclosure of PNR The Intelligence Reform and Terrorism Prevention Act of 2004 required the President to establish an Information Sharing Environment ‘‘that facilitates the sharing of terrorism information.’’ Following this enactment, on October 25, 2005 the President issued Executive Order 13388, directing that DHS and other agencies ‘‘promptly give access to * * * terrorism information to the head of each other agency that has counterterrorism functions’’ and establishing a mechanism for implementing the Information Sharing Environment. Pursuant to Paragraph 35 of the Undertakings (which states that ‘‘No statement in these Undertakings shall impede the use or disclosure of PNR data in any criminal judicial proceedings or as otherwise required by law’’ and allows DHS to ‘‘advise the European Commission regarding the passage of any U.S. legislation which materially affects the statements made in these Undertakings’’), the U.S. has now advised the EU that the implementation of the Information Sharing Environment required by the Act and the Executive Order described above may be impeded by certain provisions of the Undertakings that restrict information sharing among U.S. agencies, particularly all or portions of paragraphs 17, 28, 29, 30, 31, and 32. In light of these developments and in accordance with what follows, the Undertakings should be interpreted and applied so as to not impede the sharing of PNR data by DHS with other authorities of the U.S. government responsible for preventing or combating of terrorism and related crimes as set forth in Paragraph 3 of the Undertakings. DHS will therefore facilitate the disclosure (without providing unconditional direct electronic access) of PNR data to U.S. government authorities exercising a counterterrorism function that need PNR for the purpose of preventing or combating terrorism and related crimes in cases (including threats, flights, individuals, and routes of concern) that they are examining or investigating. DHS will ensure that such authorities respect comparable standards of data protection to that applicable to DHS, in particular in relation to purpose limitation, data retention, further disclosure, awareness and training, security standards and sanctions for abuse, and procedures for information, complaints and rectification. Prior to commencing facilitated disclosure, each receiving authority will confirm in writing to DHS VerDate Aug<31>2005 15:51 Jan 03, 2007 Jkt 211001 that it respects those standards. DHS will inform the EU in writing of the implementation of such facilitated disclosure and respect for the applicable standards before the expiration of the Agreement. Early Access Period for PNR While Paragraph 14 limits the number of times PNR can be pulled, the provision puts no such restriction on the ‘‘pushing’’ of data to DHS. The push system is considered by the EU to be less intrusive from a data privacy perspective. The push system does not confer on airlines any discretion to decide when, how or what data to push, however. That decision is conferred on DHS by U.S. law. Therefore, it is understood that DHS will utilize a method of pushing the necessary PNR data that meets the agency’s needs for effective risk assessment, taking into account the economic impact upon air carriers. In determining when the initial push of data is to occur, DHS has discretion to obtain PNR more than 72 hours prior to the departure of a flight so long as action is essential to combat an offense enumerated in Paragraph 3. Additionally, while there are instances in which the U.S. government may have specific information regarding a particular threat, in most instances the available intelligence is less definitive and may require the casting of a broader net to try and uncover both the nature of the threat and the persons involved. Paragraph 14 is therefore understood to permit access to PNR outside of the 72 hour mark when there is an indication that early access is likely to assist in responding to a specific threat to a flight, set of flights, route, or other circumstances associated with offenses described in Paragraph 3 of the Undertakings. In exercising this discretion, DHS will act judiciously and with proportionality. DHS will move as soon as practicable to a push system for the transfer of PNR data in accordance with the Undertakings and will carry out no later than the end of 2006 the necessary tests for at least one system currently in development if DHS’s technical requirements are satisfied by the design to be tested. Without derogating from the Undertakings and in order to avoid prejudging the possible future needs of the system any filters employed in a push system, and the design of the system itself must permit any PNR data in the airline reservation or departure control systems to be pushed to DHS in exceptional circumstances where augmented disclosure is strictly necessary to address a threat to the vital PO 00000 Frm 00025 Fmt 4703 Sfmt 4703 interests of the data subject or other persons. Data Retention Several important uses for PNR data help to identify potential terrorists; even data that is more than 3.5 years old can be crucial in identifying links among terrorism suspects. The Agreement will have expired before Paragraph 15 of the Undertakings requires the destruction of any data, and questions of whether and when to destroy PNR data collected in accordance with the Undertakings will be addressed by the United States and the European Union as part of future discussions. The Joint Review Given the extensive joint analysis of the Undertakings conducted in September 2005 and the expiration of the agreement prior to the next Joint Review, the question of how and whether to conduct a joint review in 2007 will be addressed during the discussions regarding a future agreement. Data Elements The frequent flyer field may offer addresses, telephone numbers, e-mail addresses; all of these, as well as the frequent flyer number itself, may provide crucial evidence of links to terrorism. Similarly, information about the number of bags carried by a passenger may have value in a counterterrorism context. The Undertakings authorize DHS to add data elements to the 34 previously set forth in Attachment ‘‘A’’ of the Undertakings, if such data is necessary to fulfill the purposes set forth in paragraph 3. With this letter the U.S. has consulted under Paragraph 7 with the EU in connection with item 11 of Attachment A regarding DHS’s need to obtain the frequent flier number and any data element listed in Attachment A to the Undertakings wherever that element may be found. Vital Interests of the Data Subject or Others Recognizing the potential importance of PNR data in the context of infectious disease and other risks to passengers, DHS reconfirms that access to such information is authorized by paragraph 34, which provides that the Undertakings must not impede the use of PNR for the protection of the vital interests of the data subject or of other persons or inhibit the direct availability of PNR to relevant authorities for the purposes set forth in Paragraph 3 of the Undertakings. ‘‘Vital interests’’ encompasses circumstances in which E:\FR\FM\04JAN1.SGM 04JAN1 Federal Register / Vol. 72, No. 2 / Thursday, January 4, 2007 / Notices the lives of the data subject or of others could be at stake and includes access to information necessary to ensure that those who may carry or may have been exposed to a dangerous communicable disease can be readily identified, located, and informed without delay. Such data will be protected in a manner commensurate with its nature and used strictly for the purposes for which it was accessed. Program-Other Needs; 97.036, Public Assistance Grants; 97.039, Hazard Mitigation Grant Program.) R. David Paulison, Under Secretary for Federal Emergency Management and Director of FEMA. [FR Doc. E6–22520 Filed 1–3–07; 8:45 am] 351 Assistance Grants; 97.039, Hazard Mitigation Grant Program.) R. David Paulison, Under Secretary for Federal Emergency Management and Director of FEMA. [FR Doc. E6–22519 Filed 1–3–07; 8:45 am] BILLING CODE 9110–10–P BILLING CODE 9110–10–P DEPARTMENT OF THE INTERIOR Geological Survey Federal Emergency Management Agency Notice of an Open Meeting of the Advisory Committee on Water Information (ACWI) [FEMA–1671–DR] Sincerely yours, Stewart Baker, Assistant Secretary for Policy. [FR Doc. 06–9980 Filed 1–3–07; 8:45 am] DEPARTMENT OF HOMELAND SECURITY SUMMARY: Notice is hereby given of the 2007 annual meeting of the ACWI. This meeting is to discuss broad policyrelated topics relating to national water initiatives; and the development and dissemination of water information, through reports from eight ACWI subgroups. The agenda will include an update on the next phase of the National Water Quality Monitoring Network for U.S. Coastal Waters and their Tributaries, as well as consideration of a proposed new Subcommittee on Ground Water. The ACWI has been established under the authority of the Office of Management and Budget Memorandum M92–01 and the Federal Advisory Committee Act. The purpose of the ACWI is to provide a forum for water information users and professionals to advise the Federal Government of activities and plans that may improve the effectiveness of meeting the Nation’s water information needs. Member organizations help to foster communications between the Federal and non-Federal sectors on sharing water information. Membership represents a wide range of water resources interests and functions. Representation on the ACWI includes all levels of government, academia, private industry, and professional and technical societies. Member organizations designate their representatives and alternates. Membership is limited to a maximum of 35 organizations. DATES: The formal meeting will convene at 8:30 a.m. on January 17, 2007, and will adjourn on January 18, 2007 at 4:30 p.m. ADDRESSES: Crowne Plaza Dulles Airport, 2200 Centreville Road, Herndon, Virginia 20170. FOR FURTHER INFORMATION CONTACT: Ms. Toni M. Johnson (Executive Secretary), Chief, Water Information Coordination Program, U.S. Geological Survey, 12201 Sunrise Valley Drive, MS 417 National Center, Reston, VA 20192. Telephone: BILLING CODE 9114–14–P DEPARTMENT OF HOMELAND SECURITY Washington; Amendment No. 1 to Notice of a Major Disaster Declaration Federal Emergency Management Agency AGENCY: [FEMA–1670–DR] ACTION: Federal Emergency Management Agency, DHS. New York; Amendment No. 1 to Notice of a Major Disaster Declaration Federal Emergency Management Agency, DHS. ACTION: Notice. AGENCY: SUMMARY: This notice amends the notice of a major disaster declaration for the State of New York (FEMA–1670–DR), dated December 12, 2006, and related determinations. DATES: Effective Date: December 22, 2006. mstockstill on PROD1PC61 with NOTICES Magda Ruiz, Recovery Division, Federal Emergency Management Agency, Washington, DC 20472, (202) 646–2705. SUPPLEMENTARY INFORMATION: The notice of a major disaster declaration for the State of New York is hereby amended to include the Individual Assistance program for the following areas among those areas determined to have been adversely affected by the catastrophe declared a major disaster by the President in his declaration of December 12, 2006: Broome and Chenango Counties for Individual Assistance (already designated for Public Assistance.) (The following Catalog of Federal Domestic Assistance Numbers (CFDA) are to be used for reporting and drawing funds: 97.030, Community Disaster Loans; 97.031, Cora Brown Fund Program; 97.032, Crisis Counseling; 97.033, Disaster Legal Services Program; 97.034, Disaster Unemployment Assistance (DUA); 97.046, Fire Management Assistance; 97.048, Individuals and Households Housing; 97.049, Individuals and Households Disaster Housing Operations; 97.050, Individuals and Households 15:51 Jan 03, 2007 Jkt 211001 SUMMARY: This notice amends the notice of a major disaster declaration for the State of Washington (FEMA–1671–DR), dated December 12, 2006, and related determinations. DATES: Effective Date: December 22, 2006. FOR FURTHER INFORMATION CONTACT: Magda Ruiz, Recovery Division, Federal Emergency Management Agency, Washington, DC 20472, (202) 646–2705. The notice of a major disaster declaration for the State of Washington is hereby amended to include the Public Assistance program for the following areas among those areas determined to have been adversely affected by the catastrophe declared a major disaster by the President in his declaration of December 12, 2006: SUPPLEMENTARY INFORMATION: FOR FURTHER INFORMATION CONTACT: VerDate Aug<31>2005 Notice. Chelan, Jefferson, and Pacific Counties for Public Assistance. Cowlitz, Grays Harbor, King, Lewis, Pierce, Skagit, Skamania, Snohomish, and Wahkiakum Counties for Public Assistance (already designated for Individual Assistance.) (The following Catalog of Federal Domestic Assistance Numbers (CFDA) are to be used for reporting and drawing funds: 97.030, Community Disaster Loans; 97.031, Cora Brown Fund Program; 97.032, Crisis Counseling; 97.033, Disaster Legal Services Program; 97.034, Disaster Unemployment Assistance (DUA); 97.046, Fire Management Assistance; 97.048, Individuals and Households Housing; 97.049, Individuals and Households Disaster Housing Operations; 97.050 Individuals and Households Program—Other Needs, 97.036, Public PO 00000 Frm 00026 Fmt 4703 Sfmt 4703 E:\FR\FM\04JAN1.SGM 04JAN1

Agencies

[Federal Register Volume 72, Number 2 (Thursday, January 4, 2007)]
[Notices]
[Pages 348-351]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 06-9980]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Bureau of Customs and Border Protection


Interim Agreement Between the European Union and the United 
States Regarding the Transfer of Passenger Name Record Data

AGENCY: Bureau of Customs and Border Protection; DHS.

ACTION: General notice.

-----------------------------------------------------------------------

SUMMARY: This Notice is intended to update a General Notice published 
in the Federal Register on July 9, 2004, advising that the Department 
of Homeland Security, Customs and Border Protection, had issued a 
document on May 11, 2004 (referred to as the ``Undertakings'') 
containing representations regarding the manner in which it would 
handle certain Passenger Name Record data relating to flights between 
the United States and European Union member states. This Notice 
describes updates and adjustments to the Undertakings to reflect 
changes in the law and circumstances surrounding these data transfers.

EFFECTIVE DATES: This Notice is effective January 4, 2007.

FOR FURTHER INFORMATION CONTACT: Michael Scardaville, (202) 282-8321.

SUPPLEMENTARY INFORMATION: On July 9, 2004, a Notice was published in 
the Federal Register (69 FR 41543; corrected at 69 FR 44082 on July 23, 
2004), advising that the Department of Homeland Security (DHS), Customs 
and Border Protection (CBP), had issued a document on May 11, 2004 
(referred to as the ``Undertakings'') containing representations 
regarding the manner in which CBP would handle certain Passenger Name 
Record (PNR) data relating to flights between the United States and 
European Union (EU) member states. When they were issued, these 
Undertakings were understood to provide the foundation for the European 
Community (EC) to enter into an agreement with the United States that 
permitted the transfer of PNR data to CBP consistent with applicable EC 
law. However, through a diplomatic note presented on July 3, 2006, the 
EC terminated the agreement as of September 30, 2006, as a consequence 
of the determination of the European Court of Justice that the 
agreement had been concluded on an inapplicable basis under European 
Union law.
    On October 19, 2006, the United States and the EU concluded an 
agreement to last until July 31, 2007. This agreement was accompanied 
by a letter of the United States updating and adjusting the 
Undertakings to reflect changes in the law and circumstances 
surrounding this data transfer. The letter was discussed extensively 
with the EU, and the EU has acknowledged it without objection. Copies 
of the agreement and letter are contained in this notice. All 
representations contained in the Undertakings, as published on July 9 
and 23, 2004 are to be interpreted consistently with the October 19, 
2006 agreement and its accompanying letter. The letter reflects changes 
in U.S. law and experience since the Undertakings were issued and is 
consistent with existing relevant provisions of U.S. law.
    Both the agreement and the Undertakings shall terminate on July 31, 
2007, unless extended.

    Dated: December 19, 2006.
Stewart Baker,
Assistant Secretary for Policy.

Text of agreement:

AGREEMENT

Between the European Union and the United States of America on the 
Processing and Transfer of Passenger Name Record (PNR) Data by Air 
Carriers to the United States Department of Homeland Security

    THE EUROPEAN UNION AND THE UNITED STATES OF AMERICA,
    DESIRING to prevent and combat terrorism and transnational crime 
effectively as a means of protecting their respective democratic 
societies and common values,
    RECOGNISING that, in order to safeguard public security and for law 
enforcement purposes, rules should be laid down on the transfer of 
Passenger Name Record (``PNR'') data by air carriers to the Department 
of Homeland Security (hereinafter ``DHS''). For the purposes of this 
Agreement, DHS means the Bureau of Customs and Border Protection, U.S. 
Immigration and Customs Enforcement and the Office of the Secretary and 
the entities that directly support it, but does not include other 
components of DHS such as the Citizenship and Immigration Services, 
Transportation Security Administration,

[[Page 349]]

United States Secret Service, the United States Coast Guard, and the 
Federal Emergency Management Agency,
    RECOGNISING the importance of preventing and combating terrorism 
and related crimes, and other serious crimes that are transnational in 
nature, including organized crime, while respecting fundamental rights 
and freedoms, notably privacy,
    HAVING REGARD to U.S. statutes and regulations requiring each air 
carrier operating passenger flights in foreign air transportation to or 
from the United States to provide DHS with electronic access to PNR 
data to the extent they are collected and contained in the air 
carrier's automated reservation/departure control systems (hereinafter 
``reservation systems''),
    HAVING REGARD to Article 6(2) of the Treaty on European Union on 
respect for fundamental rights, and in particular to the related right 
to the protection of personal data,
    HAVING REGARD to relevant provisions of the Aviation Transportation 
Security Act of 2001, the Homeland Security Act of 2002, the 
Intelligence Reform and Terrorism Prevention Act of 2004 and Executive 
Order 13388 regarding cooperation between agencies of the United States 
government in combating terrorism,
    HAVING REGARD to the Undertakings as published in the U.S. Federal 
Register \1\ and implemented by DHS,
    NOTING that the European Union should ensure that air carriers with 
reservation systems located within the European Union arrange for 
transmission of PNR data to DHS as soon as this is technically feasible 
but that, until then, the U.S. authorities should be allowed to access 
the data directly, in accordance with the provisions of this Agreement,
    AFFIRMING that this Agreement does not constitute a precedent for 
any future discussions or negotiations between the United States and 
the European Union, or between either of the Parties and any State 
regarding the processing and transfer of PNR or any other form of data,
    HAVING REGARD to the commitment of both sides to work together to 
reach an appropriate and mutually satisfactory solution, without delay, 
on the processing of Advance Passenger Information (API) data from the 
European Union to the United States,
    NOTING that in reliance on this Agreement, the EU confirms that it 
will not hinder the transfer of PNR data between Canada and the United 
States and that the same principle will be applied in any similar 
agreement on the processing and transfer of PNR data,

HAVE AGREED AS FOLLOWS

    (1) In reliance upon DHS's continued implementation of the 
aforementioned Undertakings as interpreted in the light of subsequent 
events, the European Union shall ensure that air carriers operating 
passenger flights in foreign air transportation to or from the United 
States of America process PNR data contained in their reservation 
systems as required by DHS.
---------------------------------------------------------------------------

    \1\ Vol. 69, No 131, p. 41543.
---------------------------------------------------------------------------

    (2) Accordingly, DHS will electronically access the PNR data from 
air carriers' reservation systems located within the territory of the 
Member States of the European Union until there is a satisfactory 
system in place allowing for transmission of such data by the air 
carriers.
    (3) DHS shall process PNR data received and treat data subjects 
concerned by such processing in accordance with applicable U.S. laws 
and constitutional requirements, without unlawful discrimination, in 
particular on the basis of nationality and country of residence.
    (4) The implementation of this Agreement shall be jointly and 
regularly reviewed.
    (5) In the event that an airline passenger information system is 
implemented in the European Union or in one or more of its Member 
States that requires air carriers to provide authorities with access to 
PNR data for persons whose travel itinerary includes a flight to or 
from the European Union, DHS shall, in so far as practicable and 
strictly on the basis of reciprocity, actively promote the cooperation 
of airlines within its jurisdiction.
    (6) For the purpose of applying this Agreement, DHS is deemed to 
ensure an adequate level of protection for PNR data transferred from 
the European Union concerning passenger flights in foreign air 
transportation to or from the United States.
    (7) This Agreement shall enter into force on the first day of the 
month after the date on which the Parties have exchanged notifications 
indicating that they have completed their internal procedures for this 
purpose. This Agreement shall apply provisionally as of the date of 
signature. Either Party may terminate or suspend this Agreement at any 
time by notification through diplomatic channels. Termination shall 
take effect thirty (30) days from the date of notification thereof to 
the other Party. This Agreement shall expire upon the date of 
application of any superseding agreement and in any event no later than 
31 July 2007, unless extended by mutual written agreement.
    This Agreement is not intended to derogate from or amend 
legislation of the United States of America or the European Union or 
its Member States. This Agreement does not create or confer any right 
or benefit on any other person or entity, private or public.
    This Agreement shall be drawn up in duplicate in the English 
language. It shall also be drawn up in the Czech, Danish, Dutch, 
Estonian, Finnish, French, German, Greek, Hungarian, Italian, Latvian, 
Lithuanian, Maltese, Polish, Portuguese, Slovak, Slovenian, Spanish and 
Swedish languages, and the Parties shall approve these language 
versions. Once approved, the versions in these languages shall be 
equally authentic.

    Done at Washington D.C. on 19 October 2006 and at Luxembourg on 
16 October 2006.

For the United States of America
Michael Chertoff,
Secretary, Department of Homeland Security.

For the European Union
Erkki Tuomioja,
Minister for Foreign Affairs, President of the Council of the European 
Union.

Text of U.S. letter:

Via Electronic Delivery

ATTN: Director General Jonathan Faull, European Commission
    B-1049 Bruxelles, Belgium 22.
ATTN: Ms. Irma Ertman, Presidency of the Council of the European Union
    Ministry of Foreign Affairs, P.O Box 176, Laivastokatu, FIN-00161 
Helsinki, Finland.

Dear Jonathan and Irma:
    This letter is intended to set forth our understandings with regard 
to the interpretation of a number of provisions of the Passenger Name 
Record (PNR) Undertakings issued on May 11, 2004 by the Department of 
Homeland Security (DHS). For the purposes of this letter, DHS means the 
Bureau of Customs and Border Protection, U.S. Immigration and Customs 
Enforcement and the Office of the Secretary and the entities that 
directly support it, but does not include other components of DHS such 
as the Citizenship and Immigration Services, Transportation Security 
Administration, United States Secret Service, the United States Coast 
Guard, and the Federal Emergency Management Agency. We look forward to 
further reviewing these and other issues in the context of future 
discussions toward a comprehensive, reciprocal agreement based on 
common principles.

[[Page 350]]

Sharing and Disclosure of PNR

    The Intelligence Reform and Terrorism Prevention Act of 2004 
required the President to establish an Information Sharing Environment 
``that facilitates the sharing of terrorism information.'' Following 
this enactment, on October 25, 2005 the President issued Executive 
Order 13388, directing that DHS and other agencies ``promptly give 
access to * * * terrorism information to the head of each other agency 
that has counterterrorism functions'' and establishing a mechanism for 
implementing the Information Sharing Environment.
    Pursuant to Paragraph 35 of the Undertakings (which states that 
``No statement in these Undertakings shall impede the use or disclosure 
of PNR data in any criminal judicial proceedings or as otherwise 
required by law'' and allows DHS to ``advise the European Commission 
regarding the passage of any U.S. legislation which materially affects 
the statements made in these Undertakings''), the U.S. has now advised 
the EU that the implementation of the Information Sharing Environment 
required by the Act and the Executive Order described above may be 
impeded by certain provisions of the Undertakings that restrict 
information sharing among U.S. agencies, particularly all or portions 
of paragraphs 17, 28, 29, 30, 31, and 32.
    In light of these developments and in accordance with what follows, 
the Undertakings should be interpreted and applied so as to not impede 
the sharing of PNR data by DHS with other authorities of the U.S. 
government responsible for preventing or combating of terrorism and 
related crimes as set forth in Paragraph 3 of the Undertakings.
    DHS will therefore facilitate the disclosure (without providing 
unconditional direct electronic access) of PNR data to U.S. government 
authorities exercising a counter-terrorism function that need PNR for 
the purpose of preventing or combating terrorism and related crimes in 
cases (including threats, flights, individuals, and routes of concern) 
that they are examining or investigating. DHS will ensure that such 
authorities respect comparable standards of data protection to that 
applicable to DHS, in particular in relation to purpose limitation, 
data retention, further disclosure, awareness and training, security 
standards and sanctions for abuse, and procedures for information, 
complaints and rectification. Prior to commencing facilitated 
disclosure, each receiving authority will confirm in writing to DHS 
that it respects those standards. DHS will inform the EU in writing of 
the implementation of such facilitated disclosure and respect for the 
applicable standards before the expiration of the Agreement.

Early Access Period for PNR

    While Paragraph 14 limits the number of times PNR can be pulled, 
the provision puts no such restriction on the ``pushing'' of data to 
DHS. The push system is considered by the EU to be less intrusive from 
a data privacy perspective. The push system does not confer on airlines 
any discretion to decide when, how or what data to push, however. That 
decision is conferred on DHS by U.S. law. Therefore, it is understood 
that DHS will utilize a method of pushing the necessary PNR data that 
meets the agency's needs for effective risk assessment, taking into 
account the economic impact upon air carriers.
    In determining when the initial push of data is to occur, DHS has 
discretion to obtain PNR more than 72 hours prior to the departure of a 
flight so long as action is essential to combat an offense enumerated 
in Paragraph 3. Additionally, while there are instances in which the 
U.S. government may have specific information regarding a particular 
threat, in most instances the available intelligence is less definitive 
and may require the casting of a broader net to try and uncover both 
the nature of the threat and the persons involved. Paragraph 14 is 
therefore understood to permit access to PNR outside of the 72 hour 
mark when there is an indication that early access is likely to assist 
in responding to a specific threat to a flight, set of flights, route, 
or other circumstances associated with offenses described in Paragraph 
3 of the Undertakings. In exercising this discretion, DHS will act 
judiciously and with proportionality.
    DHS will move as soon as practicable to a push system for the 
transfer of PNR data in accordance with the Undertakings and will carry 
out no later than the end of 2006 the necessary tests for at least one 
system currently in development if DHS's technical requirements are 
satisfied by the design to be tested. Without derogating from the 
Undertakings and in order to avoid prejudging the possible future needs 
of the system any filters employed in a push system, and the design of 
the system itself must permit any PNR data in the airline reservation 
or departure control systems to be pushed to DHS in exceptional 
circumstances where augmented disclosure is strictly necessary to 
address a threat to the vital interests of the data subject or other 
persons.

Data Retention

    Several important uses for PNR data help to identify potential 
terrorists; even data that is more than 3.5 years old can be crucial in 
identifying links among terrorism suspects. The Agreement will have 
expired before Paragraph 15 of the Undertakings requires the 
destruction of any data, and questions of whether and when to destroy 
PNR data collected in accordance with the Undertakings will be 
addressed by the United States and the European Union as part of future 
discussions.

The Joint Review

    Given the extensive joint analysis of the Undertakings conducted in 
September 2005 and the expiration of the agreement prior to the next 
Joint Review, the question of how and whether to conduct a joint review 
in 2007 will be addressed during the discussions regarding a future 
agreement.

Data Elements

    The frequent flyer field may offer addresses, telephone numbers, e-
mail addresses; all of these, as well as the frequent flyer number 
itself, may provide crucial evidence of links to terrorism. Similarly, 
information about the number of bags carried by a passenger may have 
value in a counterterrorism context. The Undertakings authorize DHS to 
add data elements to the 34 previously set forth in Attachment ``A'' of 
the Undertakings, if such data is necessary to fulfill the purposes set 
forth in paragraph 3.
    With this letter the U.S. has consulted under Paragraph 7 with the 
EU in connection with item 11 of Attachment A regarding DHS's need to 
obtain the frequent flier number and any data element listed in 
Attachment A to the Undertakings wherever that element may be found.

Vital Interests of the Data Subject or Others

    Recognizing the potential importance of PNR data in the context of 
infectious disease and other risks to passengers, DHS reconfirms that 
access to such information is authorized by paragraph 34, which 
provides that the Undertakings must not impede the use of PNR for the 
protection of the vital interests of the data subject or of other 
persons or inhibit the direct availability of PNR to relevant 
authorities for the purposes set forth in Paragraph 3 of the 
Undertakings. ``Vital interests'' encompasses circumstances in which

[[Page 351]]

the lives of the data subject or of others could be at stake and 
includes access to information necessary to ensure that those who may 
carry or may have been exposed to a dangerous communicable disease can 
be readily identified, located, and informed without delay. Such data 
will be protected in a manner commensurate with its nature and used 
strictly for the purposes for which it was accessed.

Sincerely yours,
Stewart Baker,
Assistant Secretary for Policy.
[FR Doc. 06-9980 Filed 1-3-07; 8:45 am]
BILLING CODE 9114-14-P