Europe's data watchdog has raised “a number of concerns” over the controversial data sharing arrangement between the EU and the US over passenger information.
The passenger name record (PNR) system was introduced in the wake of the 9/11 attacks on the US, and a formal system for informing US customs officials of the names of passengers on planes arriving into the US has been operating since 2007.
However, the European Parliament has never approved the agreement amid fierce opposition.
Negotiations over a new system began in January 2011 – although many in Europe still regard US demands as unworkable under EU laws.
Now the European Data Protection Supervisor (EDPS) has added his weight to those concerns. “Any legitimate agreement providing for the massive transfer of passengers' personal data to third countries must fulfil strict conditions," said Peter Hustinx, EDPS.
"Unfortunately, many concerns expressed by the EDPS and the national data protection authorities of the member states have not been satisfied,” he added.
The current PNR allows US authorities to retain passenger data for up to 15 years.
The EDPS argues that data should be deleted immediately after it has been analysed or after a maximum of six months; it also argues that too much sensitive information is shared with the US.
The EDPS statement makes it unlikely that the Parliament could ratify the current PNR arrangements, and may force the two parties into further negotiations.
The US authorities have so far remained implacable in their insistence on obtaining details on in-coming passengers because of national security fears.