- Home /
- News /
- 2007 /
- September /
- EU-US: US changes the privacy rules to exemption access to personal data
EU-US: US changes the privacy rules to exemption access to personal data
01 September 2007
- USA to give exemptions for the Department of Home Security from its Privacy Act
- USA to give exemptions for the "Arrival and Departure System" (ADIS) from its Privacy Act
- Did the EU know that the US was planning to introduce these exemptions?
No sooner is the ink dry on the 28 June 2007 EU-USA PNR (passenger name record) agreement than the USA announced changes its Privacy law to give exemptions to the Department of Homeland Security (DHS) and the Automated Targeting System (ATS) from responding to request for personal information held. Both use PNR data gathered on travellers to and from the USA.
The DHS (and all the agencies that share its data) exemptions are from giving access to personal data gathered for:
"immigrant and non-immigrant pre-entry, entry, status management and exit processes"
which will include PNR data on EU citizens.
The scope covers:
"national security, law enforcement, immigration and intelligence activities".
The proposed change also covers revealing other agencies to whom the data is passed to and/or data provided by
"foreign governments":
US Department of Homeland Security: Notice of proposed rulemaking, 15 August 2007
The new exemptions relate to the new "Arrival and Departure System" (ADIS) that the USA is to introduce. ADIS is intended to authorise people to travel only after PNR and API (Advance Passenger Information) data has been checked and cleared by US agency watchlists:
"The Department of Homeland Security (DHS) is republishing the Privacy Act system of records notice for the Arrival and Departure Information System (ADIS) in order to expand its authority and capability to serve additional programs that require information on individuals throughout the immigrant and non-immigrant pre-entry, entry, status management, and exit processes....
The Department of Homeland Security Arrival and Departure Information System (ADIS) consists of centralized computerized records and will be used by DHS and its components. ADIS is the primary repository of data held by DHS for near real-time immigrant and non-immigrant status tracking through pre-entry, entry, status management, and exit processes, based on data collected by DHS or other Federal or foreign government agencies and used in connection with DHS national security, law enforcement, immigration, intelligence, and other DHS mission-related functions, and to provide associated testing, training, management reporting, planning and analysis, or other administrative uses. The information is collected by, on behalf of, in support of, or in cooperation with DHS and its components and may contain personally identifiable information collected by other Federal, state, local, tribal, foreign, or international government agencies."
And why are these exemptions needed:
"DHS is claiming exemption from certain requirements of the Privacy Act for ADIS. Information in ADIS relates to official DHS national security, law enforcement, immigration, and intelligence activities. These exemptions are needed to protect information relating to DHS investigatory and enforcement activities from disclosure to subjects or others related to these activities. Specifically, the exemptions are required to preclude subjects of these activities from frustrating these processes; to avoid disclosure of activity techniques; to protect the identities and physical safety of confidential informants and of immigration and border management and law enforcement personnel; to ensure DHS's ability to obtain information from third parties and other sources; to protect the privacy of third parties; and to safeguard classified information. Disclosure of information to the subject of an inquiry could also permit the subject to avoid detection or apprehension."
As the exemptions are to be applied to everyone going to or leavi