EU Looks to Canada on Air Passenger Data as U.S. Resists

The Trump administration is against changing a U.S.-EU airline passenger data exchange program, a State Department official told Bloomberg Law.

The EU now is concentrating on pressuring Canada to redo its passenger name record (PNR) pact with the European bloc, because of concerns about the adequacy of privacy protections for EU personal data. Under PNR agreements, which the EU has with multiple countries, airlines collect data about passengers while booking and checking in for flights for national security and law enforcement purposes.

EU privacy officials are in talks with Canada to update an EU-Canada passenger name record data transfer pact that was invalided by a top European court in July 2017.

If the Europeans increase pressure on the U.S. after negotiations over a deal with Canada are completed, it could cause major U.S. airlines, such as United Continental Holdings Inc., Delta Air Lines Inc., and American Airlines Group Inc., to run into costly compliance issues when deciding which countries’ PNR laws to follow, privacy attorneys said.

The concerns are causing airlines that collect PNR information to “get their arms around what they are going to be complying with and what requirements will apply to them,” Scott Godes, data security and privacy partner at Barnes & Thornburg LLP in Washington, told Bloomberg Law. They struggle with “what they can do to stay in compliance when there are differing views on what will be coming in the future,” he said.

American declined to comment on the U.S.-EU PNR pact. Delta and United didn’t immediately respond to Bloomberg Law’s email requests for comment.

Airlines “abide by the security and facilitation requirements of the countries to and from which they fly,” Alison McAfee, a spokeswoman for Airlines for America, an industry trade group, told Bloomberg Law in an email. When international agreements are involved, airlines “are dependent on the governments satisfactorily concluding such an understanding.” Airlines for America members include United and American, among others.

Once the Canada deal has been hammered out, the EU could move onto passenger data transfer pacts with other nations. The EU’s privacy chief, Andrea Jelinek, in April listed the data protection concerns she had with with the U.S. and Australian PNR deals. Jelinek also said the Canadian PNR data transfer pact has privacy issues similar to those in the U.S. deal.

The State Department is satisfied with its PNR passenger name record system and is willing to pass on technical expertise, lessons learned, and data protection and privacy frameworks with the EU, an agency spokesperson told Bloomberg Law on the condition of anonymity in order to discuss the matter.

U.S. and EU officials can look to the Canadian negotiations as a roadmap for what lies ahead, privacy attorneys said. Americans may learn how strictly the EU will push privacy standards, while their European counterparts may find it is easier to negotiate with Canada than the U.S., they said.

“Historically and from a legal framework perspective, Canada has always been closer to the EU—thus, I believe that negotiations between the EU and Canada would be easier compared to the U.S.,” Jorg Hladjk, data protection counsel at Jones Day in Brussels, told Bloomberg Law. The U.S. has privacy laws that differ from those in the EU and Canada—which share a similar approach to privacy law—and will likely take a different approach than Canada, he said.

“The U.S. is just different and the EU needs to understand that,” Hladjk said.

(Updates with reporting throughout.)

To contact the reporter on this story: Daniel R. Stoller in Washington at dstoller@bloomberglaw.com

To contact the editor responsible for this story: David Mark at dmark@bloomberglaw.com