UPDATE: Transatlantic Turbulence – The European Union and United States Debate Over Passenger Data

 

By Irfan Tukdi

Update by Dana Rubin

 

Dana Rubin is the Reference/Educational Services Librarian at NYU Law School Library. She received her J.D. from Fordham University School of Law and her M.L.S. from Queens College. Prior to joining NYU Law, Dana worked as an attorney focusing on consumer rights and privacy.

 

Note: This research guide takes the form of an annotated outline and is intended to serve as a starting point for exploring the legal issues raised by the PNR debate (passenger flight manifests and other passenger data commonly referred to as PNR data). The guide includes references to the relevant statutory materials, government documentation, legal scholarship, and pertinent news.  Sources in each sub-section are organized by breadth of treatment and chronology as appropriate.

 

Published September 2016

(Previously updated in March 2014)

See the Archive Version!

 

Introduction

SECTION 1:  EU DATA PRIVACY

1.1 HISTORY AND BACKGROUND

1.2 ORGANISATION FOR ECONOMIC COOPERATION AND DEVELOPMENT'S (OECD) GUIDELINES ON THE PROTECTION OF PRIVACY AND TRANSBORDER FLOWS OF PERSONAL DATA

1.3 COUNCIL OF EUROPE'S 1981 CONVENTION FOR THE PROTECTION OF INDIVIDUALS WITH REGARD TO AUTOMATIC PROCESSING OF PERSONAL DATA

1.4 DIRECTIVE 95/46/EC

Effect on International Relations

1.5 DIRECTIVE 2002/58/EC

1.6 EU Directive on Passenger Name Record (PNR)

SECTION 2:  DATA PRIVACY IN THE UNITED STATES

2.1 HISTORY AND BACKGROUND OF DATA PRIVACY

2.2 FREEDOM OF INFORMATION ACT OF 1966

2.3 PRIVACY ACT OF 1974

SECTION 3: US ANTI-TERROR LEGISLATION AND THE RESULTING PNR DEBATE

3.1 DOMESTIC SECURITY

Homeland Security Act of 2002

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001

Enhanced Border Security and Visa Entry Reform Act of 2002

Maritime Transportation Security Act of 2002

Information Awareness Office

3.2 US AVIATION LEGISLATION

Air Commerce Act

Federal Aviation Act

Aviation and Transportation Security Act

Air Transportation Safety and System Stabilization Act

Computer Assisted Passenger Screening (CAPS)

Computer-Assisted Passenger Prescreening System (CAPPS II)

Sources Critical of CAPPS II

Sources Supporting CAPPS II and Passenger Profiling

3.3 PNR (PASSENGER NAME RECORD) DISPUTE

US Perspective on Collection of PNR Data

EU Perspective on US Privacy Standards

SECTION 4: PARLIAMENT’S CHALLENGE AND THE RESULTING ECJ DECISION

SECTION 5: POTENTIAL MODELS FOR A GLOBAL AGREEMENT ON DATA PRIVACY

5.1 MULTILATERAL MODELS:  WTO

5.2 BILATERAL MODELS:  TAX, INVESTMENT, AND ANTI-TRUST AGREEMENTS

 

Introduction

The notion that the September 11, 2001 (“9/11”) terrorist attacks dramatically changed America is uncontestable.  Years after the fall of the twin towers, the effects of the attacks (and more recent terror attacks in Europe) are prevalent in our daily lives: national security promises to be the decisive issue in the upcoming presidential election[1] and debates on immigration reform dominate conversations.[2]  More important, however, the attacks have forced citizens to barter civil liberties for increased domestic security.[3]

 

While these tradeoffs have been highly contentious, the period immediately following the attacks produced an environment of swelling national unity.[4]  This newfound cooperative spirit facilitated the swift passage of broad, sweeping legislation to address the nation’s security concerns.[5] However, numerous critics voiced concerns at the breadth of the anti-terrorism legislation and argued that it posed a threat to civil liberties.  The broadest and most controversial enactment of the post 9/11 era is the Uniting and Strengthening America by Providing Appropriate Tools Required to Obstruct Terrorism Act (“Patriot Act”).[6] The Patriot Act greatly expanded federal law enforcement agents’ power to combat terrorism.  Specifically, the Act broadened federal agents’ authority to wire-tap, seize personal documents including phone bills, emails, business files, and even library records.  The Act was the primary battleground in the domestic order vs. liberty debate.[7] The Patriot Act expired in 2015, and was replaced a day later with the Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline Over Monitoring Act of 2015 (“USA FREEDOM Act of 2015”).[8] The USA FREEDOM Act reinstated several Patriot Act provisions, and modified others.[9]

 

The Patriot Act, however, is only one of a series of laws enacted after the 9/11 attacks to bolster domestic security.[10] It is also, regrettably, not the only one that has poses grave threats to civil liberties.  Though the Patriot Act is rarely cited as an example of legislative restraint, it was signed into law almost two months after the attacks.  Congress responded much more swiftly, however, with legislation aimed at revamping the federal aviation security legislative framework and protecting the tattered airline industry from further harm.  A mere two weeks after the attacks, Congress enacted the Air Transportation Safety and System Stabilization Act (ATSSSA), and in the following months the Aviation and Transportation Security Act (ATSA) was signed into law.[11] The ATSSSA provided airlines with access to substantial short-term funding in the form of loans and grants and established a Victims Compensation Fund for individuals injured in the attacks and for the survivors of those who were killed.[12]  The ATSA authorizes the creation of the Transportation and Security Administration and charges this new federal agency with developing new aviation security procedures and guidelines.  The ATSA further mandates that airlines traveling to or from the United States provide passenger flight manifests and other passenger data (commonly referred to as PNR data) including passengers’ names, credit card information, and even meal preferences  to the Bureau of Customs and Border Protection (CBP).[13]  Airlines failing to comply with the ATSA’s disclosure requirements face stiff monetary fines and the possibility of losing landing privileges at US airports.[14]  Because Europeans are the largest single group of foreign travelers to the US, CBP focused on securing European airlines’ compliance with the new rules.[15] This proved to be more difficult than expected because the ATSA’s disclosure requirements squarely conflict with the European Union Directive 95/46 regarding data privacy and implementing laws of the member states.[16]  Indeed, the EU representatives recognized and valued the underlying goals of the US’s anti-terrorism legislation, but nonetheless insisted on compatibility with European laws.[17] As such, the European Commission embarked on what would become a two year negotiation with CPB officials to arrive at an agreement which would clarify the disclosure requirements for European airlines while ensuring compliance with EU law.[18]  After close to two years of negotiations with the CBP, the European Commission arrived at a three part resolution: a set of Undertakings adopted by CBP,[19] an adequacy determination by the Commission,[20] and the actual agreement between the Commission and CBP.[21]  The Commission’s solution was not well received by European civil liberties groups.

 

Seemingly fueled by the outcry from privacy protection interest groups and Working Party 29’s adverse report on the Undertakings, the European Parliament challenged the legal validity of the agreement in a complaint filed with the European Court of Justice (ECJ).  The Parliament’s protest about data protection inadequacy was somewhat sidestepped by the ECJ.  The Court found, on somewhat of a technicality, that the Commission did not have the authority to come to an agreement regarding the transfer of PNR data.[22]  The Court stated that though the agreement was based on the Data Protection Directive which falls under the EU’s First Pillar[23] —that governs social and economic policies—the agreement with the US should have fallen into the authority of the Third Pillar—which governs criminal matters.[24]  The agreement was subsequently annulled.  Attempts at renegotiation between the US and the EU regarding PNR data continued but failed to meet the October 1, 2006 deadline imposed by the ECJ to arrive at a new agreement.[25] However, days later on October 6, a “temporary arrangement”[26] lasting until July 31, 2007 was agreed upon.  The new agreement already is not without much of the same criticism that inundated the previous agreement and will undoubtedly need further negotiations and revisions.[27] A new EU-US Passenger Name Record agreement was proposed in 2011 and adopted in 2012.[28] The United Kingdom opted in to the EU-US PNR agreement in 2012.[29] In 2015, the European Council approved a compromised text with the European Parliament on an EU PNR directive.[30]

 

The revelation in 2013 that the National Security Agency (NSA) had conducted vast surveillance operations on foreign citizens and governments[31] has impacted relations between the U.S. and several European countries. This could have an effect on future data transfer agreements.[32]

 

Section 1: EU Data Privacy

 

1.1   History and Background

o   Colin Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Cornell University Press 1992) (discussing the “pressure to globalize data protection”).

o   David H. Flaherty, Protecting Privacy in Surveillance Societies (University of North Carolina Press 1989) (discussing the early history of data protection in Germany, Sweden, France, Canada, and the United States).

o   Frits W. Hondius, Emerging Data Protection in Europe (Elsevier Science & Technology Books 1975) (focusing on computer privacy).

o   Francesca Bignami, Transgovernmental Networks vs. Democracy: The Case of the European Information Privacy Network, 26 Mich. J. Int'l L. 807 (2005) (discussing the regulation of international data transfer).

o   Patrick E. Cole, New Challenges to the U.S. Multinational Corporation in the European Economic Community: Data Protection Laws, 17 N.Y.U. J. Int'l L. & Pol. 893 (1985) (analyzing effect of European data privacy laws on international business).

o   Gail Lasprogata, et al., Regulation of Electronic Employee Monitoring: Identifying Fundamental Principles of Employee Privacy Through a Comparative Study of Data Privacy Legislation in the European Union, United States and Canada, 2004 Stan. Tech. L. Rev. 4 (2004) (surveying “regulation of electronic employee monitoring in the European Union (EU), the United States, and Canada and attempts to reconcile conflicting legal standards regarding workplace privacy as they are evolving in the wake of technological advances and managerial needs”).

o   Graham Pearce & Nicholas Platten, Orchestrating Transatlantic Approaches to Personal Data Protection: A European Perspective, 22 Fordham Int'l L.J. 2024 (1999) (noting that differences between the EU’s and the U.S.’s view on data privacy arises from different views about the role of government and what amount of private self-regulation is adequate in protecting privacy).

o   Paul M. Schwartz, European Data Protection Law and Restrictions on International Data Flows, 80 Iowa L. Rev. 471 (1995) (describing the European privacy standard and issues of international data protection).

o   Mike Ewing, Comment, The Perfect Storm: The Safe Harbor and the Directive on Data Protection, 24 Hous. J. Int'l L. 315 (2002) (outlining history of European data privacy).

 

o   European Commission, Data Protection (current website of European Commission detailing history and studies of data protection).

·       Data Protection – Legislative Documents

·       Commission Decisions on the Adequacy of the Protection of Personal Data in Third Countries

·       Latest Privacy News

o   The Global Encyclopaedia of Data Protection Regulations. (Jan Holvast et al. eds. 1999).

 

1.2  Organization for Economic Cooperation and Development's (OECD) Guidelines on the    Protection of Privacy and Transborder Flows of Personal Data

·       Summary: The Organization for Economic Cooperation and Development is an international body whose mission is to coordinate and develop international economic, social, and environmental policies.  The Guidelines were formulated to harmonize privacy legislation while ensuring the uninterrupted flow of data.

 

·       Sources:

o   1979 Parliament Resolution, O.J. C 140/34 (1979).

o   Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, OECD Doc. 58 (Sept. 23, 1980), available here.

o   Explanatory Memorandum to Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, PP7-14, OECD Doc. C(80)58(Final) (1980), reprinted in 20 I.L.M. 422.

o   OECD, Policy Issues in Data Protection and Privacy: Concepts and Perspectives: Proceedings of the OECD Seminar 24th to 26th June 1974 (OECD Publications Center 1974).

o   Colin Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Cornell University Press 1992) (discussing the difficulty in negotiating and agreeing upon the OECD Guidelines).

o   G. B. F. Niblett, Digital Information and the Privacy Problem (Organisation for Economic Cooperation and Development, 1971).

o   Robert G. Boehmer & Todd S. Palmer, The 1992 EC Data Protection Proposal: an Examination of its Implications for U.S. Business and U.S. Privacy Law, 31 Am. Bus. L.J. 265 (1993) (comparing and contrasting Convention with OECD guidelines).

o   Hon. Justice Michael Kirby, Legal Aspects of Transborder Data Flows, 11 Computer/L.J. 233 (1991) (discussing motivation and debate leading to creation of OECD guideline).

o   P. Howard Patrick, Privacy Restrictions on Transnational Data Flows: A Comparison of the Council of Europe Draft Convention and the OECD Guidelines, 21 Jurimetrics J. 405 (1981).

o   Hon. Justice Michael Kirby, The History, Achievement and Future of the 1980 OECD Guidelines on Privacy, 1 International Data Privacy Law 6 (2011) (history on the formulation of the Guidelines on the thirtieth anniversary).

o   The OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data was updated in 2013, C(80)58/FINAL, as amended on 11 July 2013 by C(2013)79, http://www.oecd.org.

 

1.3  Council of Europe's 1981 Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data

·       Summary:  The objective of the Convention is to strengthen legal protections of individuals with regard to their personal data.

 

·       Sources:

o   Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, January, 1981, art. 1, Europ. T. S. No. 108.

o   Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, Explanatory Report, opened for signature Jan. 28, 1981, Europ. T.S. No. 108 § 18

o   Draft Explanatory Report on the Draft Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, Council of Europe, CJ-CD (80) 1, Addendum (Jan. 1980), reprinted in 19 I.L.M. 299, 300.

o   Resolution on the Protection of the Privacy of Individuals vis-à-vis Electronic Data Banks in the Private Sector, Res. (73)22, Council of Europe, Comm. of Ministers, 224th mtg. (1973); Resolution on the Protection of the Privacy of Individuals vis-à-vis Electronic Data Banks in the Public Sector, Res. (74)29, Council of Europe, Comm. of Ministers, 224th mtg. (1974) (precursors to the Convention for the Protections of Individuals).

o   Robert G. Boehmer & Todd S. Palmer, The 1992 EC Data Protection Proposal: an Examination of its Implications for U.S. Business and U.S. Privacy Law, 31 Am. Bus. L.J. 265 (1993) (comparing and contrasting Convention with OECD guidelines).

o   Frank Cali, Europol's Data Protection Mechanisms: What do They Know and Whom are They Telling?, 10 Touro Int'l L. Rev. 189 (2000) (describing the Convention as the basis for current European data protection).

o   Rosario Imperiali d'Afflitto, European Union Directive on Personal Privacy Rights and Computerized Information, 41 Vill. L. Rev. 305 (1996) (noting that the Convention propagated data protection laws throughout Europe).

o   Mike Ewing, Comment, The Perfect Storm: The Safe Harbor and the Directive on Data Protection, 24 Hous. J. Int'l L. 315 (2002) (describing the Convention and the OECD Guidelines as some of the “first European attempts to consolidate and harmonize national data protection legislation”).

o   Cécile de Terwangne, The Work of Revision of the Council of Europe Convention 108 for the Protection of Individuals as Regards the Automatic Processing of Personal Data, International Review of Law, Computers & Technology (2013) (proposed revisions to Convention 108 and its additional protocol by the Committee of the Convention).

 
1.4  Directive 95/46/EC

·       Summary: The EU Data Protection Directive became effective in 1998. Directives enact EU policy objectives. “They require member states to enact or change relevant national law to achieve those objectives while allowing enough flexibility to retain national legal traditions. Therefore, directives are the most prevalent form of EU law.” Nancy J. King & Brian J. King, Creating Incentives for Sustainable Buildings: A Comparative Law Approach Featuring the United States and the European Union, 23 Va. Envtl. L.J. 397 (2005). In 2012 the European Commission revealed a draft of a European Protection Regulation to replace the Data Protection Directive. In April 2016, the Council and Parliament adopted a new Regulation and Directive on Data Protection. The official texts were published on May 4, 2016.

 

·       Sources:

o   Council Directive 95/45/EC of the European Parliament and of the Council of the European Union of Oct. 24, 1995 – Part 1; Part 2.

o   Legislative History of Data Privacy Directive, Eur. Parl. Doc. (COD/1990/0288)

o   Council Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, COM (92) 422 final-SYN 287 (Brussels, Oct. 15, 1992).

o   Proposal for a Council Directive Concerning the Protection of Individuals in Relation to the Processing of Personal Data, 1990 O.J. (C 277) 3.

o   Report from the Commission: First Report on the Implementation of the Data Protection Directive (95/46/EC) COM (2003) 265 final (Brussels, Oct. 15, 2003).

o   Christopher Kuner, European Data Privacy Law and Online Business (Oxford University Press 2003) (analyzing the effect of the data protection directive on e-commerce).

o   Peter P. Swire & Robert E. Litan, None Of Your Business: World Data Flows, Electronic Commerce, and the European Privacy Directive (Brookings Institution Press 1998) (examining aspects of the data protection directive in detail).

o   Data Protection Directive and Medical Research across Europe (Deryck Beyleveld et al. eds., 2005) (the data protection directive’s affect on medical data privacy).

o   Fiona M. Carlin, The Data Protection Directive: The Introduction of Common Privacy Standards, E.L. Rev. 1996, 21(1), 65-70 (1996) (introducing provisions of the data protection directive).

o   Fred H. Cate, The EU Data Protection Directive, Information Privacy, and the Public Interest, 80 Iowa L. Rev. 431 (1995) (examining the scope and basic protections offered by the data protection directive).

o   Andrew Charlesworth, Information Privacy Law in the European Union: E Pluribus Unum or Ex Uno Plures?, 54 Hastings L. J. 931 (2003) (discussing the Commission of the European Union’s 2002 review of the Data Privacy Directive).

o   Christopher Kuner, Privacy, Security and Transparency: Challenges for Data Protection Law in a New Europe, 16 Eur. Bus. L. Rev. 1 (2005).

o   Jeffrey B. Ritter et al., Emerging Trends in International Privacy Law, 15 Emory Int'l L. Rev. 87 (2001) (examining several global models of data privacy).

o   Spiros Simitis, From the Market to the Polis: The EU Directive on the Protection of Personal Data, 80 Iowa L. Rev. 445 (1995) (outlining history of the data protection directive).

o   Michael W. Heydrich, Note, A Brave New World: Complying with the European Union Directive on Personal Privacy Through the Power of Contract, 25 Brook. J. Int'l L. 407 (1999) (evaluating contractual exceptions to the EU directive).

o   Tracie B. Loring, Comment, An Analysis of the Informational Privacy Protection Afforded by the European Union and the United States, 37 Tex. Int'l L.J. 421 (2002) (discussing origins of EU and US privacy law and the possibility of the EU Data Protection Directive serving as a model for other countries).

o   The ‘Privacy’ Game, Wall St. J., June 21, 1999, at A26 (calling the EU data protection directive “nonsensical and probably unenforceable”).

o   Glenn R. Simpson, Businesses Criticize U.S.-EU Privacy Pact As Hurdle to Global E-Commerce Efforts, Wall St. J., April 6, 2000, at A24 (claiming that the data protection directive impedes trans-Atlantic business).

o   Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation), COM(2012) 11 final (Brussels, January 25, 2012).

o   Reform of EU Data Protection Rules, Eur. Comm’n (last updated Oct. 5, 2016).

 
Effect on International Relations

·       Fred H. Cate, The Changing Face of Privacy Protection in the European Union and the United States, 33 Ind. L. Rev. 173 (1999) (outlining basic principles and implementation of European and U.S. privacy law).

·       Andrew Charlesworth, Clash of the Data Titans? US and EU Data Privacy Regulation, 6 Eur. Pub. L. 253 (2000).

·       The EC Privacy Directive and the Future of U.S. Business in Europe: A Panel Discussion, 80 Iowa L. Rev. 669 (1995) (panel discussion about reaching a “convergence” in data privacy protection between Europe and the U.S.).

·       Julia M. Fromholz, The European Data Privacy Directive, 15 Berkeley Tech. L.J. 461 (2000) (exploring background of EU directive and comparing EU privacy laws with US privacy laws).

·       Reconciliation of the EU Privacy Directive and U.S. Objections To It, 6 Int’l Cont. Adviser 27 (2000).

·       Priscilla M. Regan, The Globalization of Privacy: Implications of Recent Changes in Europe, 52 Am. J. of Econ. & Sociology 257 (1993) (predicting unavoidable strengthening of US privacy law in response to EU directive).

·       Steven R. Salbu, The European Union Data Privacy Directive and International Relations, 35 Vand. J. Transnat'l L. 655 (2002) (examining the history leading up to the data protection directive and the effects of the directive within Europe and internationally).

·       Gregory Shaffer, The Power of EU Collective Action: the Impact of EU Data Privacy Regulation on US Business Practice, European Law Journal 5 (4) (analyzing dispute between EU and US over adequacy of US data privacy protection).

·       Alexander Zinser, International Data Transfer Out of the European Union: The Adequate Level of Data Protection According to Article 25 of the European Data Protection Directive, 21 J. Marshall J. Computer & Info. L. 547 (2003) (discussing the principles for transfer of data to third countries).

·       Amy Monahan, Note, Deconstructing Information Walls: The Impact of the European Data Directive on U.S. Businesses, 29 Law & Pol'y Int'l Bus. 275 (1998) (examining US and European approaches to data privacy, considers impact of EU directive, and calls for legislative data protection reform in the US).

·       Patrick J. Murray, Comment, The Adequacy Standard Under Directive 95/46/Ec: Does U.S. Data Protection Meet This Standard?, 21 Fordham Int'l L.J. 932 (1998) (analyzing development of data protection in Europe and the U.S. in the public and private sectors).

·       Paul Rose, Comment, A Market Response to the European Union Directive on Privacy, 4 UCLA J. Int'l L. & Foreign Aff. 445 (1999) (arguing for the resolution of privacy concerns not by comprehensive legislation but market forces).

·       Gregory Shaffer, Globalization and Social Protection: The Impact of EU and International Rules in the Ratcheting Up of U.S. Privacy Standards, 25 Yale J. Int'l L. 1 (2000) (noting that the EU standard of privacy inevitably reaches far beyond Europe).

·       Gary E. Clayton, Eurocrats Try to Stop Data at the Border, Wall St. J., Nov. 2, 1998, at A34 (claiming that some of the side-effects of the directive are absurd).

·       Bob Sherwood, Over the Border, Against the Rules: DATA TRANSFER: Many Organisations Are Regularly Breaking EU Regulations on Data Protection Without Even Knowing It, Fin. Times, Oct. 21, 2002, at 20 (noting the difficulty in preventing illegal data transfer that occurs during day-to-day business activities).

·       Christopher Wolf & Winston Maxwell, So Close, Yet So Far Apart: The EU and U.S. Visions of a New Privacy Framework, 26 Antitrust 8 (2012).

·       EU-U.S. Joint Statement on Data Protection by European Commission Vice-President Viviane Reding and U.S. Secretary of Commerce John Bryson, MEMO/12/192 (March 19, 2012).

·       Paul M. Schwartz, The EU-U.S. Privacy Collision: A Turn to Institutions and Procedures, 126 Harv. L. Rev. 1966 (2013).

·       Data Protection Regulations and International Data Flows: Implications for Trade and Development, U.N. Conf. on Trade and Dev. (2016), unctad.org/en/PublicationsLibrary/dtlstict2016d1_en.pdf.

 

1.5  `Directive 2002/58/EC

·       SummaryThe 2002 EU E-Privacy Directive seeks to protect the privacy rights of individuals with respect to personal data processing in the electronic communication sector. In April 2016 the European Commission launched a public consultation to evaluate and review the E-Privacy Directive.

 

·       Sources:

o   Directive 2002/58/EC of the European Parliament and of the Council, 2004 O.J. (L 201) (EC)

o   Christopher Kuner, European Data Privacy Law and Online Business (Oxford University Press 2003) (analyzing the effect of the Privacy Directive on e-commerce).

o   Peter P. Swire & Robert E. Litan, None Of Your Business: World Data Flows, Electronic Commerce, and the European Privacy Directive (Brookings Institution Press 1998) (examining aspects of the Privacy Directive in detail).

o   Frederic Debusseré, The EU E-Privacy Directive: A Monstrous Attempt to Starve the Cookie Monster?, 13 Int'l J.L. & Info. Tech. 70 (2005) (noting that the privacy directive replaced Directive 97/66/EC and was not immediately adopted by all EU member states).

o   Chuan Sun, The European Union Privacy Directive and its Impact on the U.S. Privacy Protection Policy: A Year 2003 Perspective, 2 Nw. J. Tech. & Intell. Prop. 5 (2003) (describing data privacy directive and how it differs from Safe Harbor laws).

o   Directive 2009/136/EC of the European Parliament and of the Council, 2009 O.J. (L 337) (amending Directive 2002/58/EC).

o   Commission Regulation (EU) No 611/2013, 2013 O.J. (L173) (applicable to the notification of personal data breaches under Directive 2002/58/EC).

o   #ePrivacyEU: Towards a Future Proof Legal Framework for Online Privacy, Eur. Comm’n Factsheet (11/04/2016), https://ec.europa.eu.

o   European Commission Launches Public Consultation on e-Privacy Directive, Priv. & Info. Sec. L. Blog (Apr. 13, 2016), https://www.huntonprivacyblog.com.

 

1.6  EU Directive on Passenger Name Record (PNR)

 

 

Section 2: Data Privacy in the United States
 
2.1  History and Background of Data Privacy

·       Robert M. Gellman, Fragmented, Incomplete, and Discontinuous: The Failure of Federal Privacy Regulatory Proposals and Institutions, 6 Software L.J. 199 (1993) (outlining history of data protection within the US and noting that the US had previously been the most innovative in addressing the concept of data privacy).

·       Fred H. Cate, The Changing Face of Privacy Protection in the European Union and the United States, 33 Ind. L. Rev. 173 (1999) (noting that Congress has “virtually ignored” privacy issues for decades).

·       Paul M. Schwartz, Privacy and Participation: Personal Information and Public Sector Regulation in the United States, 80 Iowa L. Rev. 553 (1995) (discussing the difference between the ‘participatory information’ protection of the EU and the ‘information seclusion’ protection of the US).

 

2.2  Freedom of Information Act of 1966

·       Summary: The Freedom of Information Act (FOIA) is a federal statute that provides that individuals with the right to request access to federal agency records. The FOIA was amended by the Electronic Freedom of Information Act Amendments of 1996 (E-FOIA).  E-FOIA grants the public access to government documents via computer communications.

 

·       Sources:

o   Freedom of Information Act, 5 U.S.C. §552 (1976).

o   FOIA Legislative History, (detailing legislative history of the FOIA, including its 1974, 1976, 1986, 1996, and 2002 amendments).

o    US Department of State Website, (provides general information about the FOIA and the E-FOIA and provides direct access to commonly requested documents pursuant to the act).

o   Herbert N. Foerstel, Freedom of Information and the Right to Know: The Origins and Applications of the Freedom of Information Act (Greenwood Press 1999) (examining the development and usability of the FOIA).

o   Christopher M. Mason, Comment, Developments Under the Freedom of Information Act—1981, 1982 Duke L.J. 423 (1982) (general overview of the FOIA).

o   Kristen Elizabeth Uhl, Comment, The Freedom of Information Act Post-9/11: Balancing the Public's Right to Know, Critical Infrastructure Protection, and Homeland Security, 53 Am. U. L. Rev. 261 (2003) (describing the FOIA and its evolution from 1966, and the “erosion” of the public’s access to government information under the Bush administration).

 

2.3  Privacy Act of 1974

·       Summary: The Privacy Act attempts to “regulate the collection, maintenance, use, and dissemination of personal information by federal executive branch agencies.”

 

·       Sources:

o   Privacy Act of 1974, 5 U.S.C. §552a (1994).

o   Legislative History of the Privacy Act See House Comm. on Gov't Operations and Senate Comm. on Gov't Operations, S. 3418, 94th Cong. (2d Sess., 1976) (Public Law 93-579) (the entire legislative history of the Privacy Act can be found in this source book).

o   Justin D. Franklin & Robert F. Bouchard, Guidebook to the Freedom of Information and Privacy Acts (Thomson West 1986).

o   James Beverage, The Privacy Act of 1974: An Overview, 1976 Duke L.J. 301 (1976).

o   Todd R. Coles, Does the Privacy Act of 1974 Protect Your Right to Privacy? An Examination of the Routine Use Exemption, 40 Am. U. L. Rev. 957 (1991) (examining if the routine use exemption undermines the safeguarding of individual privacy intended by the Privacy Act).

o   US Department of Justice Website (providing an overview of the history, objectives, and provisions of the Privacy Act).

 

Section 3: US Anti-Terror Legislation and the Resulting PNR Debate
 
3.1  Domestic Security

 

Homeland Security Act of 2002

·       Summary: The Homeland Security Act (HSA) of 2002 consolidated many of the federal agencies responsible for border and transportation security into a single department, the Department of Homeland Security (DHS).  The principal sub-departments of DHS include:  Transportation Security Agency (TSA), and Immigration, Customs Enforcement (ICE), and Bureau of Customs and Border Protection (CBP).  The CPB, in turn, includes the inspections service of the former Immigration and Naturalization Services (INS), the U.S. Border Patrol, the inspections service of the U.S. Customs Service, and the border-related inspection programs of the Animal and Plant Health Inspection Service (APHIS).

 

·       Sources

o   Homeland Security Act of 2002, Pub. L. No. 107-296, 116 Stat. 2135.

o   Homeland Security Act

o   Homeland Security Act: Analysis

o   Press Release, The White House, Executive Order Establishing Office of Homeland Security (Oct. 8, 2001) (Executive Order establishing the Office of Homeland Security and the Homeland Security Council)

o   US Coast Guard Website (providing a comprehensive, searchable collection of pertinent legislative history documents in text and .pdf formats)

o   Donald F. Kettl, Department of Homeland Security's First Year: A Report Card (The Century Foundation 2004) (evaluating effectiveness of DHS and problems it encountered in its first year).

o   Jonathan Thessin, Department of Homeland Security, 40 Harv. J. on Legis. 513 (2003) (detailed analysis of the HSA).

o   Darren W. Stanhouse, Comment, Ambition and Abdication: Congress, the Presidency, and the Evolution of the Department of Homeland Security, 29 N.C. J. Int'l L. & Com. Reg. 691 (2004) (noting the possibility of abuse of power that arises from the HSA).

o   Jackie Calmes, Senate Approves Homeland Bill With 90-9 Vote, Wall St. J., Nov. 20, 2002, at A6 (announcing the creation of the new homeland-security department).

o   Newt Gingrich, Congress's Tangled Purse Strings, Wall St. J., June 10, 2002, at A16 (praising the proposal to create a DHS but pointing out that structural reform is needed to make it effective).

o   Nicholas Kulish, House Panel Votes Down Parts Of Homeland-Security Plan, Wall St. J., July 12, 2002, at A4 (describing the challenges in restructuring agencies into the new DHS).

o   Washington's Mega-Merger, The Economist, Nov. 23, 2002 (predicting challenges the DHS will face such as logistical issues, budget problems, and conflicts with civil libertarians).

 

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001

 

 

Support for the Patriot Act:

·       Press Release, U.S. Department of Justice, Fact Sheet: USA Patriot Act Improvement and Reauthorization Act of 2005 (Mar. 6, 2006) (announcing the reauthorization of the Patriot Act—H.R. 3199—with several amendments).

·       Press Release, Department of Homeland Security, Fact Sheet: The USA Patriot Act - A Proven Homeland Security Tool (Dec. 14, 2005) (citing specific examples of where the Patriot Act has been successful).

·       Tracey T. Gonzalez, Individual Rights Versus Collective Security: Assessing the Constitutionality of the USA Patriot Act, 11 U. Miami Int'l & Comp. L. Rev. 75 (2003) (concluding that the Patriot Act adequately balances national security with protecting individual privacy).

·       John Ashcroft, Attorney General, The Patriot Act: Wise Beyond Its Years, Wall St. J., Oct. 26, 2004, at A24 (stating that the Patriot Act is a “phenomenal success”).

·       Eric Posner & John Yoo, The Patriot Act Under Fire, Wall St. J., Dec. 9, 2003, at A26 (arguing that the Patriot Act’s “changes are modest and are worth the small, if any, reduction in civil liberties”).

 

Critiques of the Patriot Act:

·       David Cole & James X. Dempsey, Terrorism and the Constitution: Sacrificing Civil Liberties in the Name of National Security (The New Press 2006) (alleging that the Patriot Act repeats many of the mistakes of past governments).

·       Stephen J. Schulhofer, Rethinking The Patriot Act: Keeping America Safe And Free (Century Foundation Press 2005) (arguing that “although some Patriot Act provisions are essential and do provide protections for civil liberties, some of the powers conferred are too broad and insufficiently attentive to interests of transparency and accountability”).

·       Kevin Bankston & Megan E. Gray, Government Surveillance and Data Privacy Issues: Foundations and Developments, 3 NO. 8 Privacy & Info. L. Rep. 1 (2003) (arguing that the Patriot Act passed with “practically no debate over its potentially disastrous impact on civil liberties”).

·       Erwin Chemerinsky, Civil Liberties and the War on Terrorism, 45 Washburn L.J. 1 (2005) (criticizing executive and legislative responses to the September 11th terrorist attacks).

·       Christopher P. Raab, Fighting Terrorism in an Electronic Age:  Does the Patriot Act Unduly Compromise our Civil Liberties?, 2006 Duke L. & Tech. Rev. 3 (2006) (concluding that the multiple provisions of the Patriot Act are overbroad and in need of revision).

·       Stephen J. Schulhofer, The New World of Foreign Intelligence Surveillance, 17 Stan. L. & Pol'y Rev. 531 (2006) (pointing out lack of accountability within the Patriot Act).

·       John W. Whitehead & Steven H. Aden, Forfeiting "Enduring Freedom" for "Homeland Security": A Constitutional Analysis of the USA PATRIOT Act and the Justice Department's Anti-Terrorism Initiatives, 51 Am. U. L. Rev. 1081 (2002) (asserting that aspects of the Patriot Act is unconstitutional).

·       Edward Alden, Ashcroft Takes to Road to Defend Security Law: The Patriot Act, Aimed at Pursuing Terror Suspects in the US, has Become a Victim of its Own Success, Fin. Times, Aug. 20, 2003 (noting that two years after the 9/11 attacks, the Patriot Act if facing more criticism and pressure).

·       Susan N. Herman, The USA Patriot Act and the Submajoritarian Fourth Amendment, 41 Harv. C.R.-C.L. L. Rev. 67 (2006) (arguing that “the Patriot Act destroys essential checks and balances” (citing Susan N. Herman, The USA Patriot Act and the US Department of Justice: Losing Our Balances?, Jurist, Dec. 3, 2001)).

·       Ann Beeson & Jameel Jaffer, ACLU, Unpatriotic Acts: The Power of the FBI to Rifle Through Your Records and Personal Belongings Without Telling You (2003)

·       Nancy Chang, Ctr. for Constitutional Rights, The USA Patriot Act: What's So Patriotic About Trampling the Bill of Rights? (2001).

·       Bart Forsyth, Banning Bulk: Passage of the USA FREEDOM Act and Ending Bulk Collection, 72 Wash. & Lee L. Rev. 1307 (2015) (discussing and evaluating the need for reform of bulk collection of data and the passage of the USA FREEDOM Act).

 

Enhanced Border Security and Visa Entry Reform Act of 2002

 

 
Maritime Transportation Security Act of 2002

 

 
Information Awareness Office

·       Summary: The Information Awareness Office was established by the Defense Advanced Research Projects Agency (DARPA) in January 2002, and began funding the development of the now defunct Total Information Awareness program, subsequently renamed the Terrorism Information Awareness program .The TIA program researched tracking and storing personal information of millions of Americans to identify potential terrorists.  The prospect of mass “dataveillance” brought about criticisms and concerns that the TIA violated civil liberties and the right to privacy.

 

·       Sources:

o   Electronic Privacy Information Center, "Terrorism" Information Awareness (TIA), (introducing TIA program with links to the TIA Report to Congress, then-director Pointdexter’s 2002 speech about TIA, and description of the TIA system).

o   Seth F. Kreimer, Watching the Watchers: Surveillance, Transparency, and Political Freedom in the War on Terror, 7 U. Pa. J. Const. L. 133 (2004) (describing history of domestic data surveillance).

 

3.2  US Aviation Legislation
 
Air Commerce Act

 

 
Federal Aviation Act

 

 
Aviation and Transportation Security Act

 

 

Air Transportation Safety and System Stabilization Act

 

 
Computer Assisted Passenger Screening (CAPS)

 

 

 

 

Computer-Assisted Passenger Prescreening System (CAPPS II)

 

 

 

Sources Critical of CAPPS II

·       Charu A. Chandrasekhar, Note, Flying While Brown: Federal Civil Rights Remedies to Post-9/11 Airline Racial Profiling of South Asians, 10 Asian L.J. 215 (2003) (arguing against racial profiling).

·       Stephen W. Dummer, Comment, Secure Flight and Data Veillance, a New Type of Civil Liberties Erosion: Stripping Your Rights When You Don't Even Know It, 75 Miss. L.J. 583 (2006) (noting intrusive nature of CAPPS II data parameters).

·       Leigh A. Kite, Note, Red Flagging Civil Liberties and Due Process Rights of Airline Passengers: Will a Redesigned CAPPS II System Meet the Constitutional Challenge?, 61 Wash. & Lee L. Rev. 1385 (2004) (noting CAPPS II’s potential for infringing civil liberties of innocent travelers).

·       David Armstrong & Joseph Pereira, Flight Risks: Nation's Airlines Adopt Aggressive Measures For Passenger Profiling—In Shift, FBI Gives Carriers Access to Its Watchlists; Database Plays New Role—A Pilot Banishes Mr. Ali, Wall St. J., Oct. 23, 2001, at A1 (citing examples of possible profiling against Arab-Americans).

·       Matthew L. Wald, Government Is 'Reshaping' Airport Screening System, N.Y. Times, July 16, 2004, at A21 (quoting an ACLU official as stating that they did not want the government to use the CAPPS II System to help turn the United States "into a society where everybody is treated like a suspect and everybody is investigated").

 

Sources Supporting CAPPS II and Passenger Profiling

·       Heather MacDonald, Hijacked by the `Privocrats', Wall St. J., Aug. 5, 2004, at A10 (claiming that CAPPS II is an “innocuous identity verification system”).

·       Sam H. Verhovek, Americans Give in to Race Profiling, N.Y. Times, Sept. 23, 2001, at 1A (discussing a perceived increase in anti-Arab racial profiling by average Americans).

·       Henry Weinstein, Racial Profiling Gains Support as Search Tactic, L.A. Times, Sept. 24, 2001, at A1 (discussing increased support for racial profiling post-9/11).

 

3.3 PNR (Passenger Name Record) Dispute

 

o   Electronic Privacy Information Center, EU-US Airline Passenger Data Disclosure, available at http://www.epic.org/privacy/intl/passenger_data.html (detailed history of PNR data conflict).Caitlin Friedemann, Council Decision Regarding Agreement Between the European Community and the United States on the Use of Passenger Name Record Data, 11 Colum. J. Eur. L. 207 (2004/2005).

o   Arnulf S. Gubitz, The U.S. Aviation and Transportation Security Act of 2001 in Conflict with the E.U. Data Protection Laws: How Much Access to Airline Passenger Data Does the United States Need to Combat Terrorism?, 39 New Eng. L. Rev. 431 (2005).

o   Pablo Mendes de Leon, The Fight Against Terrorism Through Aviation: Data Protection Versus Data Protection, 31 Air & Space L. 320 (2006).

o   Anthony A. Santangelo & Thomas J. Whalen, United States Regulation of Non-US Airlines Operating to the United States, 30 Air & Space L. 330 (2005).

o   Megan Roos, Note, Safe on the Ground, Exposed in the Sky: The Battle Between the United States and the European Union Over Passenger Name Information, 14 Transnat'l L. & Contemp. Probs. 1137 (2005) (describing the PNR conflict).

o   Robert Block, U.S. Reaches Tentative Deal With EU Over Passenger Data, Wall St. J., Dec. 17, 2003, at D3 (noting US concessions to ensure the ability to screen passenger data).

o   Elaine Fahey, Law and Governance as Checks and Balances in Transatlantic Security: Rights, Redress, and Remedies in EU-US Passenger Name Records and the Terrorist Finance Tracking Program, 2013 32 Y.B. Eur. Law 368 (assessing the legal remedies and redress available under the PNR Agreement).

 

US Perspective on Collection of PNR Data

 

EU Perspective on US Privacy Standards

 

Section 4: Parliament’s Challenge and the Resulting ECJ Decision

·       Summary: The European Parliament strongly objected to the transfer of Passenger Name Record (PNR) data to U.S. Customs claiming that it infringed on the rights to privacy of European citizens and that the US did not have adequate data protection standards.  The ECJ found for the Parliament and annulled the agreement, but not on the basis of privacy concerns.  Instead the ECJ held that the Commission did not legally have the authority to come to the PNR agreement in the first place.

 

·       Sources:

o   ECJ Annulment of Council Decision regarding transfer of PNR data, CJE/06/46 (May 30, 2006)

o   Press Release, The Court annuls the Council decision concerning the conclusion of an agreement between the European Community and the United States of America on the processing and transfer of personal data and the commission decision on the adequate protection of those data (May 30, 2006)

o   European Parliament Resolution on Transfer of Personal Data by Airlines to the U.S. Immigration Service, 2003 O.J. C 61, 381 (Mar. 13, 2003) (European Parliament resolution on transfer of personal data by airlines in the case of transatlantic flights.).

o   Communication from the Commission to the Council and the Parliament, Transfer of Air Passenger Name Record (PNR) Data: A Global EU Approach, COM/2003/826 Final (Brussels, 16 Dec. 2003) (response to Parliament’s objection to PNR transfer).

o   Speech by Frits Bolkestein Member of the European Commission in charge of the Internal Market and Taxation EU/US talks on transfers of airline passengers' personal data Address to European Parliament Committee on Citizens' Freedoms and Rights, Justice and Home Affairs, SPEECH/03/396 (Brussels, 9th September 2003) (criticizing four aspects of transfer of personal data: purpose limitation, scope of data, data storage periods, and insufficiently legally binding to satisfy Directive).

o   Francesca Bignami, Transgovernmental Networks vs. Democracy: The Case of the European Information Privacy Network, 26 Mich. J. Int'l L. 807 (2005) (describing Parliament’s role in challenging the PNR transfer agreement).

o   Caitlin Friedemann, Council Decision Regarding Agreement Between the European Community and the United States on the Use of Passenger Name Record Data, 11 Colum. J. Eur. L. 207 (2004/2005) (recounting Parliaments concerns that the U.S. provides inadequate protection of data, has rules that are “ambiguous and overbroad,” and has no legal basis in EU law).

o   Give us Those Data; Airline Security, Economist, June 3, 2006 (noting that the ECJ’s decision was based on a legal technicality, rather than for any privacy protection reasons).

o   Plan to Collect Passenger Data Meets Objections, Wall St. J., April 1, 2004, at D3 (noting Parliament’s objection to transfer of passenger data).

o   ECJ Interpretation of Directive 95/46. (See Arnulf S. Gubitz, The U.S. Aviation and Transportation Security Act of 2001 in Conflict with the E.U. Data Protection Laws: How Much Access to Airline Passenger Data Does the United States Need to Combat Terrorism?, 39 New Eng. L. Rev. 431 (2005); Erika Szyszczak, III. Social Policy, 55 ICLQ 475 (2006))

o   Case C-465/00, Rechnungshof v. Osterreichischer Rundfunk [2003] E.C.J. CELEX LEXIS 209 (case involving disclosing employees’ names and salaries to the Austrian Court of Audit for publication).

o   Case C-101/01, Linqvist [2003] ECR I-12971 (case involving criminal charges brought against Swedish woman who published names, telephone numbers, and other personal information about her colleagues online).

o   Case C-362/14, Maximillian Schrems v. Data Protection Commissioner [2015] EU: C:2015:650 (case invalidating the Safe Harbor Agreement due to the lack of adequate protection of personal data in the US).

 

Section 5: Potential Models for a Global Agreement on Data Privacy

 

o   C. Michael Aho, More Bilateral Trade Agreements Would Be A Blunder: What The New President Should Do, 22 Cornell Int'l L.J. 25 (1989).

o   Larry Crump, Global Trade Policy Development in a Two-Track System, 9 J. Int'l Econ. L. 487 (2006).

o   George Norman and Joel P. Trachtman, The Customary International Law Game, 99 Am. J. Int'l L. 541 (2005).

o   Joost Pauwelyn, A Typology Of Multilateral Treaty Obligations: Are WTO Obligations Bilateral or Collective in Nature?, 14 Eur. J. Int'l L. 907 (2003).

o   Joel P. Trachtman, Unilateralism, Bilateralism, Regionalism, Multilateralism, and Functionalism: A Comparison With Reference to Securities Regulation, 4 Transnat'l L. & Contemp. Probs. 69 (1994).

o   Randall Lehner, Note, Protectionism, Prestige, and National Security: The Alliance Against Multilateral Trade in International Air Transport, 45 Duke L.J. 436 (1995).

o   Dennis D. Hirsch, In Search of the Holy Grail: Achieving Global Privacy Rules Through Sector-Based Codes of Conduct, 74 Ohio St. L.J. 1029 (2013)(suggesting the use of single industry codes of conduct that are submitted for approval to relevant regional jurisdictions).

o   Paul De Hert and Vagelis Papakonstantinou, Three Scenarios for International Governance of Data Privacy: Towards an International Data Privacy Organization, Preferably a UN Agency?, 9 I/S: J.L. & Pol’y for Info. Soc’y 271 (2013)(suggesting possible scenarios for the future of international data privacy protection, including the establishment of an international data privacy organization).

 

5.1 Multilateral Models: 

o   Inaamul Haque, Doha Development Agenda: Recapturing the Momentum of Multilateralism and Developing Countries, 17 Am. U. Int'l L. Rev. 1097 (2002).

o   Jiaxiang Hu, The Role of International Law in the Development of WTO Law, 7 J. Int'l Econ. L. 143 (2004).

o   John O. McGinnis, The Appropriate Hierarchy of Global Multilateralism and Customary International Law: The Example of the WTO, 44 Va. J. Int'l L. 229 (2000).

o   John O. McGinnis, The Political Economy of Global Multilateralism, 1 Chi. J. Int'l L. 381 (2000).

o   Richard H. Steinberg, Great Power Management of the World Trading System: A Transatlantic Strategy for Liberal Multilateralism, 29 Law & Pol'y Int'l Bus. 205 (1998).

o   Genc Trnavci, The Virtues and Vices of the World Trade Organization and Proposals for its Reform, 18 Emory Int'l L. Rev. 421 (2004).

o   Xin Zhang , Implementation of the WTO Agreements: Framework and Reform, 23 Nw. J. Int'l L. & Bus. 383 (2003).

o   Sam Klein, The Data is in the Details: Cross-Border Data Flows and the Trans-Pacific Partnership, The Diplomat, Nov. 23, 2015, http://thediplomat.com/2015/11/the-data-is-in-the-details-cross-border-data-flows-and-the-trans-pacific-partnership/ (analyzing the data privacy provisions of the proposed TPP).

o   Susan Ariel Aaronson, What does TPP Mean for the Open Internet, Inst. for Int’l Econ. Pol. (Nov. 16, 2015) (discussing the effect of the TPP on cross-border data flows).

 

5.2 Bilateral Models: Tax, Investment, and Anti-Trust Agreements

o   Senator Max Baucus, A New Trade Strategy: The Case for Bilateral Agreements, 22 Cornell Int'l L.J. 1 (1989) (discussing the benefits of bilateral agreements by sampling current agreements such as the GATT and trade agreements with the ASEAN nations).

o   Calvin A. Hamilton & Paula I. Rochwerger, Trade and Investment: Foreign Direct Investment Through Bilateral and Multilateral Treaties, 18 N.Y. Int'l L. Rev. 1 (2005) (discussing origin and development of Bilateral Investment Treaties)

o   Joseph E. Kramek, Comment, Bilateral Maritime Counter-Drug and Immigrant Interdiction Agreements: Is this the World of the Future?, 31 U. Miami Inter-Am. L. Rev. 121, (2000) (discussing the success of bilateral maritime agreements in preventing illegal trafficking).

o   Kristin E. Hickman, Comment, Should Advance Pricing Agreements be Published?, 19 Nw. J. Int'l L. & Bus. 171 (1998) (modeling advance pricing agreements on successful bilateral tax models).

o   Nina Hachigian, Essential Mutual Assistance in International Antitrust Enforcement, 29 Int'l Law. 117 (1995) (keeping anticompetitive activity in check by adopting bilateral antitrust agreements).

 



[1] See, e.g., Marc Sandalow, Both Parties Make North Korea Policy an Issue, San Francisco Chronicle, Oct. 11, 2006, at A1 (noting that the presidential candidates’ stances on national security will prove to be a significant issue in the 2008 election). Peter Nicholas & Beth Reinhard, The Attacks in Paris: Tragedy Could Shake 2016 Race, Wall Street Journal, Nov. 16, 2015, at A.12 (noting terrorist attacks in Europe could make national security an issue in the US presidential race). 

[2] See, e.g.,  Jenna Johnson & David Weigel, Trump Wants ‘Total’ Ban on Muslims Entering U.S., The Washington Post, Dec. 8, 2015, at A.1 (observing that immigration and anti-Muslim sentiment is playing a key role in the presidential election after recent terror attacks in Europe).  

[3] See e.g., David Cole, Enemy Aliens, 54 Stan. L. Rev. 953, 955 (2002) (noting that "[i]n the wake of September 11, we plainly need to rethink the balance between liberty and security.") (2005); Mathieu Deflem & Shannon McDonough, The Fear of Counterterrorism: Surveillance and Civil Liberties Since 9/11, 52 Society 70 (2015).

[4] See, e.g., Governor George Pataki, How We Should Remember September 11, Time, Sept. 6, 2006, available at http://www.time.com/time/nation/article/0,8599,1533418,00.html (recalling the atmosphere of togetherness following the September 11th attacks).

[5] See Frederic Block, Civil Liberties During National Emergencies:  The Interactions Between the Three Branches of Government in Coping with Past and Current Threats to the Nation's Security, 29 N.Y.U. Rev. L. & Soc. Change 459, 476-77 (noting that the post-September 11 political climate facilitated the enactment of a wide array of anti-terrorism measures).  See generally Richard P. Campbell, America Acts: Swift Legislative Responses to the September 11 Attacks, 69 Def. Couns. J. 139 (2002) (documenting legislative efforts to protect the airline industry from economic and legal harm).

[6] See Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA PATRIOT Act) of 2001, Pub. L. No. 107-56, 115 Stat. 272 (codified in various, separate sections of the U.S.C.).

[7] See generally Erwin Chemerinsky, Civil Liberties and the War on Terrorism, Washburn L.J.  (criticizing the executive and legislative responses to the September 11th terrorist attacks.  See also Stephen J. Schulhofer, Rethinking the Patriot Act: Keeping America Safe and Free (2005) (arguing that several of the Patriot Act’s provisions do not supply adequate safeguards for civil liberties); Kevin Bankston & Megan E. Gray, Government Surveillance and Data Privacy Issues: Foundations and Developments, 3 NO. 8 PRIVACY & INFO. L. REP. 1 (asserting that the legislature was hasty in enacting the Patriot Act and did not provide sufficient protections for civil liberties).

[8] Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline Over Monitoring Act of 2015 (USA FREEDOM Act of 2015), Pub.L. No. 114-23, 129 Stat. 268.

[9] Julian Hattem, Obama Signs NSA Bill, Renewing Patriot Act Powers, The Hill (June 2, 2015)

[10]  See e.g., Homeland Security Act of 2002 (provides for the federalization of the agencies responsible for border and transportation security into a single department, the Department of Homeland Security (DHS).  The principal sub-departments of DHS include:  Transportation Security Agency (TSA), and Immigration, Customs Enforcement (ICE), and Bureau of Customs and Border Protection (CBP)); Enhanced Border Security and Visa Entry Reform Act of 2002 – Pub. L. No. 107-173, 116 Stat. 543 (passed to improve the government’s ability to screen aliens seeking to enter US, improve cooperation and information sharing between US agencies, and to improve monitoring of foreign students and foreign exchange visitors in the United States; Maritime Transportation Security Act of 2002 (created a consistent security plan for domestic ports)

[11] Air Transportation Safety and System Stabilization Act, Pub. L. No. 107-42, 115 Stat. 230 (2001) (codified as amended in scattered sections of 49 U.S.C.; Aviation and Transportation Security Act, Pub. L. No. 107-71, 115 Stat. 597 (2001) codified as amended in scattered sections of 49 U.S.C.).  See Campbell, supra note 5 (analyzing the provisions of the ATSSA and the ATSA).

[12] See Pub. L. No. 107-42, §101, §401.

[13] See 49 U.S.C.A. §44909(c) (2001) (requiring airlines to disclosure of passenger and crew names, date of birth, citizenship, gender, passport number and country of issuance, and other information that is “reasonably necessary to ensure aviation security”); 19 C.F.R. §12249b(a) (2003) (defining and interpreting terms of 49 U.S.C.A. §44909).

[14] See 19 C.F.R. §122.14(d)(4), 122.161.

[15] See Give us Those Data, The Economist, June 3, 2006 (observing that because Europeans form the biggest group of travelers to the United States, European compliance with the ATSA’s requirements was CBP’s primary focus).

[16] See generally Council Directive 95/46 EC, 1995 O.J. (L 281) 31.

[17] See Letter from Stefano Rodotà, Chairman, Article 29 Working Party, to Mr. Jorge Salvador Hernandez Mollar, Chairman Committee on Citizens' Freedoms and Rights, Justice and Home Affairs European Parliament (March 3, 2003), available at http://www.statewatch.org/news/2003/mar/art29ch.pdf (underscoring importance of counter terrorism legislation but emphasizing the need to ensure compliance with European laws).

[18] See Joint Statement, European Commission/U.S. Customs, Talks on PNR Transmission, (Brussels, Feb. 17-18, 2003) available here (recording European Commission and CBP’s intention to negotiate a framework for European airlines to comply with both ATSA’s requirements and the EU’s privacy directive)

[19] See 69 Fed. Reg. 131 (July 9, 2004) (outlining proposed uses of PNR data in compliance with EU law).

[20] Commission Decision, 2004/535/EC, 2004 O.J. (L 235) 11, available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32004D0535:EN:HTML (last visited Nov. 5, 2006) (concluding that the Undertakings provide an adequate level of protection).

[21] Council Decision 2004/496/EC, 2004 O.J. (L 183) 83, available here (formalizing a bilateral agreement between the European Union and the US under which CBP would be permitted to access PNR data in accordance with its Undertakings).

[22] Francesca Bignami, European Court of Justice Strikes EU-US Agreement on PNR Data, May 31, 2006, available here.

[23] Id.

[24] EurLex, Structure of the European Union: The ‘Three Pillars’, http://europa.eu.int/eur-lex/en/about/abc/abc_12.html (describing the Three Pillars of the European Union).  See also Europa, Glossary, available at http://europa.eu/scadplus/glossary/eu_pillars_en.htm (Three pillars form the basic structure of the European Union, namely: the Community pillar, corresponding to the three Communities: the European Community, the European Atomic Energy Community (Euratom) and the former European Coal and Steel Community (ECSC) (first pillar); the pillar devoted to the common foreign and security policy, which comes under Title V of the EU Treaty (second pillar); the pillar devoted to police and judicial cooperation in criminal matters, which comes under Title VI of the EU Treaty (third pillar)).

[25] Press Release, European Union: Delegation of the European Commission to the USA, Airline Passenger Data: European Commission Statement on Negotiations With the United States (Oct. 1, 2006), available at http://www.eurunion.org/News/press/2006/20060081.htm.

[26] Electronic Privacy Information Center, EU-US Airline Passenger Data Disclosure, available at http://www.epic.org/privacy/intl/passenger_data.html.  See Agreement Between the European Union and the United States of America on the Procession and Transfer of Passenger Name Record (PNR) Data by Air Carriers to the United States Department of Homeland Security, 2006 O.J. (L 298) 29, available at http://www.eurunion.org/newsweb/HotTopics/PNRAgreemntOct06.pdf.

[27] See, e.g., Letter from Sophie in ‘t Veld, Rapporteur for the EU-U.S. Agreement on PNR, to Franco Frattini, European Union Vice-President and Commissioner (Oct. 10, 2006), available here (criticizing many aspects of the new agreement and highlighting inadequate review and research); EU-USA PNR Agreement Renegotiated to Meet US Demands - When the Law changes in the USA So Too Does Access to Data and How it is Processed, Statewatch News, available at http://www.statewatch.org/news/2006/oct/05eu-us-pnr-oct-06.htm (criticizing the implicit lack of control of the new agreement that has no caveats for renegotiation if US law changes); Press Release, AEDH, Transfer of Passenger Name Records (PNR): The New Agreement Between the EU and the USA is an Unacceptable Infringement of the Respect for Human Rights and Data Protection (Oct. 9, 2006) (claiming that the “new agreement is worse than the previous one”).

[28] Agreement between the United States of America and the European Union on the Use and Transfer of Passenger Name Records to the United States Department of Homeland Security, signed December 14, 2011, available here.

[29] See Written Statement to Parliament, UK’s Opt-in to the EU PNR Agreement with the US available here.

[30] Proposal for a Directive of the Council and the European Parliament on the use of Passenger Name Record Data for the Prevention, Detection, Investigation, and Prosecution of Terrorist Offences and Serious Crime, 2011/0023 (COD).

[31] Nick Bryant, The Snowden Effect on US Diplomacy, BBC News, October 24, 2013, http://www.bbc.com/news/world-us-canada-24664045.

[32] Press Release, European Commission Calls on the U.S. to Restore Trust in EU-U.S. Data Flows, IP/13/1166 (November 27, 2013) available here.