The (de)securitization of the PNR policy by the EU and the US.
By: Marieke Peeters
10175784
mariekepeeters22@gmail.com
Bachelor: Political Science
Specialization: Governing and policy (Bestuur en Beleid)
Teachers: dr. S.J. Simon and dr. J.A. Jeandesboz
Date: January 15th 2015
Marieke Peeters
10175784
Bachelor thesis: critical security studies: preemption Stephanie Simon 8673 words 15-‐01-‐2015
The (de)securitization of the PNR policy by the EU and the US
A policy analysis on the securitization process of the development of the PNR
database and exchange
Introduction
One could argue that we are living in a time where data is power. The fact that cases such as Edward Snowden and Wikileaks are worldwide news and get much attention illustrates that data is of great relevance for states and organisations. This thesis is inspired by the growing importance of data in security politics and as such takes the case of the Passenger Name Record (PNR) in order to consider to what extend the policy surrounding PNR is securitized.
The term ‘Passenger Name Record’ denotes ‘’ the travel record for a person, as used by airline and travel agency databases’’ (Hailbronner 2008: 189). Hence, PNR is mainly used to compose a
database which contains specific information about airline passengers for possible exchange. The PNR is the information required by an airline to sell an airplane ticket. Nowadays this information include the passport data, name, address, telephone numbers, travel agent, credit card number or method of payment, history of changes in the flight schedule, seat and meal preferences and other information (Nouskalis 2011: 475, Hailbronner 2011: 189). Each record includes some sixty fields pertaining to personal information of the respective passenger. In effect, the PNR system creates a database with comprehensive information on all basic individual data (Hailbronner 2008:189). Since 9/11 the belief occured in the United States (US) that through adequate
processing of PNR, terrorists could have been kept out of the country. Therefore, the US Bureau of Border Customs Protection (CBP) started asking international air carriers for access in their
passenger data (Hailbronner 2008: 190). The collection and analysis of PNR data after all will allow the law enforcement authorities to identify high-‐risk persons and to take appropriate measures (Nouskalis 2011: 475). Here the controversy started. The European airlines were faced with a dilemma: if they did not comply with the CBP they would not be able to fly to the US, while if they did comply, they would probably break the law in their homeland. For the European Commission this was the sign to intervene and start negotiations with the US in order to resolve the PNR matter centrally, for all member states (Hailbronner 2008: 190).
The purpose of the policy that the European Union (EU) and the US have about the PNR system is to encounter terrorism and crime, and thus seems access and exchange of data as an important, even necessary, security tool. But it also brings up dilemmas about privacy, data protection and discrimination which are often represented by politics. The securitization theory illustrates this development and its implications. This theory tells us, among others, that although a policy or issue could be labelled as a security measure we have to recognise when this is justified and that
in some cases we should not treat it (only) as a security issue (Bourne 2014: 54). When an issue is labelled and treated as a security issue the possibility for political influence often declines. With a security issue generally comes a special form of politics. ‘Normal politics’ is characterized mainly by open decision-‐making, respect for civil liberties and ‘normal measures’. When an issue or policy is securitized ‘security politics’ is implemented. This form consists of secretive decision-‐making, subordinate civil liberties and exceptional measures (Bourne 2014: 53). ‘Security politics’ is frequently criticized because it does not leave much possibilities for political influence and democratic measures. When an issue is securitized there are not many opportunities to
participate, discuss, deliberate and regulate the policy (Peoples & Vaughan-‐Williams 2010: 83). Although the policy surrounding the PNR data is mainly developed to make the world safer it still should take democratic and political values into account. The opinions hereabout are divided, but in this thesis I assume that the treatment of the PNR policy as only a security issue is not an ideal situation. The fact that the EU and the US have already been, and still are, negotiating about this for more than ten years shows that actors might think differently about the extent to which the PNR policy should be securitized. This leads to the question I will attempt to answer in this thesis: To what extent is the PNR policy (de)securitized by the EU and the US and what is their role in this development?
In order to execute a proper analysis of the PNR policy it is important to first discuss the history, development and features of the securitization theory. This will be explained on the basis of the theories of Peoples & Vaughan-‐Williams, Buzan et al. and Bourne (Peoples & Vaughan-‐Williams 2010, Buzan 1998 and Bourne 2014). After the conceptual framework is explained there will be a justification of the methods of analysis, which consists of three different ways of conducting a policy analysis, the case and the sources. Then, the securitization theory will be applied to the PNR case in order to analyse to what extend the PNR policy is securitized and as to who influenced this. On the basis of four agreements between the EU and the US I will illustrate that the policy is desecuritized through the years and that both the EU and the US are, mainly because of the influence of the EU, moving towards a form of ‘normal politics’. This means that, even in a security field as where PNR occurs, it is still possible to find space for political influence and democratic values. By demonstrating this point I will contribute to the existing discussion about the use of data and securitizing issues and policies. PNR has been researched more often, but until now not in combination with the securitization theory.
The securitization theory
To see how the PNR policy developed and whether this development is in line with the
securitization theory, it is important to set out a few aspects of this theory. Then we might also be able to establish whether the EU and the US are securitizing the PNR policy. In the conceptual framework of the thesis I will explain when something is securitized, what should be securitized, what form of politics comes with securitization and what the critics are on securitization and the theory in general.
Peoples & Vaughan-‐Williams state that securitization began with the 'Copenhagen school'. This school is responsible for the development of the concept 'securitization' and made a basis for ‘’a new framework for analysis’’ (Buzan 1998). Barry Buzan made a notion of different sectors of security and Ole Waever elaborated on securitization and desecuritization (Peoples & Vaughan-‐ Williams 2010: 76). They were concerned with the intellectual and political dangers of using the word security on a wide range of issues. That is why the main question for these scholars is how to define what a security issue is in the context of a broadened understanding of security. Because security is increasingly represented on the agenda, we need an analytical grounding or principle to judge what is and what is not a security issue, otherwise it could cover everything and thus it will become meaningless (Peoples & Vaughan-‐ Williams 2010: 76).
According to Buzan et al. security issues are represented as posing an existential threat to the survival of a referent object. A referent object can be defined as’ that to which one can point and say,’’ it has to survive, therefore it is necessary to...’’’ (Buzan 1998: 36). If something threatens the very existence of an object it is justified to talk about a security issue.
But how can we distinguish an existential threat then? One way is through the level of response it generates. When an issue is successfully presented as an existential threat, it legitimises the use of exceptional political measures (Peoples & Vaughan-‐ Williams 2010: 76). Waever argues that existential threats ensure a number of effects that characterise the specific quality of security problems. One effect is urgency; the issue takes priority. And the other effect is extraordinary measures; authorities claim powers that they would not otherwise have, or curtail rights and liberties that might otherwise apply. In short, the simple formula for a security issue is: existential threat to a referent object and the fact that threat to a referent object can inspire urgency and extraordinary measures (Peoples & Vaughan-‐Williams 2010: 77).
for successful securitization to take place. Buzan et al. argue that the process of securitization runs from non politicised, through politicised to securitized. In other words, the act of securitization is about moving something between two realms: normal politics and security politics (Bourne 2014: 52). When an issue is becoming part of a public policy debate it is politicized, when this issue is thought of as an existential threat and it justifies responses that go beyond normal political practices it is securitized (Peoples & Vaughan-‐Williams 2010: 77). The securitization phase begins by saying ‘security’. By saying this an emergency condition is declared. This means claiming a right to use whatever means are necessary to block a threatening development (Buzan 1998: 21). Weaver calls this part of the process a ‘speech act’: a securitizing move occurs when an issue not previously thought of as a security threat comes to be spoken of as a security issue by important political actors (Buzan 1998: 23). On this basis Buzan argues that the essential quality of security in general resides in the act of saying ‘security’ rather than in any meaning of the word. The task is to understand the process of constructing a shared understanding of what is to be considered and collectively responded to as a threat (Buzan 1998: 26). This indicates a constructivist component in the securitization theory. Issues can become security issues by virtue of their presentation and acceptance as such (Buzan 1998: 25). Successful securitization requires some degree of
acceptance between the perpetrator of the securitizing speech act and the relevant audience that is appealed to (Peoples & Vaughan-‐Williams 2010: 78). This formulation indicates that there always has to be a speaker and an audience in the speech act. The audience has to accept the threat as credible. The presence of ‘felicity conditions’ -‐ conditions that increase the likelihood of successful securitization -‐ is therefore important (Peoples & Vaughan-‐Williams 2010: 79).
The first condition, as already outlined, is that the internal logic of a securitizing speech act follows the conventional ‘plot’ of securitization: an existential threat is presented as legitimating the use of extraordinary measures to combat that threat.
The second condition contains the requirement that the securitizing actor is in a position of authority and has enough social and political capital to convince an audience of the existence of the existential threat.
Third, an issue will be easier to present as an existential threat if the object associated with the issue carries historical connotations of threat, danger and harm or if there exists a history of hostile sentiments (Peoples & Vaughan-‐Williams 2010: 79).
This means that some actors and institutions are better at securitizing than others, because they are considered more credible. However these perceptions of the credibility can fluctuate and
change significantly over time. In short, no condition or underlying cause on itself can make for a securitization. They can only influence a political interaction which ultimately takes place among actors in a realm of politics with the historical openness this entails (Peoples & Vaughan-‐Williams 2010: 79).
Although security is mainly seen as an intrinsic good and something that we would want more of, the securitization theory states that security is not always a ‘good thing’. More security is not necessarily better as securitization of an issue brings with it a particular type of emergency politics where the space allowed for deliberation, participation and bargaining is necessarily constricted (Peoples & Vaughan-‐Williams 2010: 83). Waever even claims that ‘security should be seen as negative, as a failure to deal with issues as normal politics’ (Buzan 1998: 29). As Bourne explains, ‘normal politics’ is characterized by relatively open decision making, long-‐term planning,
consensual decision making and the protection of civil liberties. ‘Security politics’ on the contrary is less deliberative. Issues are viewed as high priority, urgent and demanding high resources. They require secretive decision making, aiming at short-‐term solutions within which the suspension or breaking of human rights and civil liberties and the use of violence become a possible feature (Bourne 2014: 53). Civil liberties are in this thesis seen as a part of fundamental rights that civilians should have in a democracy. Freedom House Index categorises civil liberties in four categories: freedom of expression and belief, associational and organizational rights, rule of law and personal and individual rights (FHI 2014: 3). For the PNR policy we mainly focus on the personal and
individual rights because these concern the privacy and protection of civilians. Also, in the
agreements on the PNR policy, which I will analyse later in this thesis, there is often a notification of ‘fundamental rights’. I consider these rights forms of civil liberties and thus as features of ‘normal politics’. Open, consensual decision making means in this thesis that there are possibilities for discussion, control, justification and transparency. To establish this it is also necessary to take time and not choose short-‐ term solutions.
Successful securitization entails the suspension of processes of deliberation and democratic procedures. In this sense securitization theory offers also a site of critical opportunity for thinking through larger questions about the nature of contemporary security politics (Peoples & Vaughan-‐ Williams 2010: 87). This is why Weaver argued that we should aim for desecuritization in most cases. Desecuritization means shifting out of emergency mode and into the normal bargaining processes of the political sphere, in other words moving back to the ‘normal’ form of politics
(Buzan 1998: 4). Weaver expresses his preference for not securitizing issues where possible (Peoples & Vaughan-‐Williams 83-‐85).
Although the securitization theory is much used in security studies, it also has some points of critique. One critique on the theory is that the reliance on speech acts might limit the theory. It neglects other ways in which security is presented that may have securitizing effects, such as visual representations in the media, the claims made or implied by security experts and
practitioners in their everyday practice, and even violent physical practices, in situations where security need not to be spoken to be justified (Bourne 2014: 56).
Secondly, there are also researchers who question the applicability of the theory outside Europe and Western models of ‘normal’ democratic politics (Bourne 2014: 56). But seeing that this thesis concerns the US and the EU, this will not be of much relevance.
Methods and operationalization
In this thesis I use mixed methods. The overall method of analysis is policy analysis, but policy analysis can be practised in several ways. We can distinguish three methods, which are separate methods also, in this thesis in which the analysis is conducted. The first method is a content policy analysis, which analyses what a policy means and how it changes by looking at its content. When the EU and the US changed or added a paragraph in the agreements these changes can say
something substantive about the policy, and whether this change is a securitization move or not. I also used a form of discourse analysis, although in small amount. Because discourse analysis can be interpreted in different ways I will illustrate here what I understand under discourse analysis: ‘the analysis of the content and construction of meaning and the organization of knowledge in a particular realm’ (Herrera & Braumoeller 2004:16). In my analysis this will mostly be used to subtract a meaning out of changes in phrasing of the agreements. But because this method is not the most prominent in my thesis and it overlaps with the other two methods, I will only elaborate on this further in the part of this paragraph where I discuss how I specifically conducted my analysis. The last method is an interpretative policy analysis. Interpretative policy analysis was established because the existing methods of policy analysis did not cover all aspects of policy, for example for assessing the central features of policy enactments and related practices (Yanow: 1). In this form of analysis the analytic focus shifted to meaning-‐making as an alternative to
in which policy and implementing organizations’ meanings are communicated, but it also treats of acts, such as nonverbal communication during meetings (Yanow: 2-‐3). The goal of this method is to improve the understanding of public policies, both their processes and their practices (Yanow: 4). Policy analysts draw for this method on a range of meaning-‐focused methods. For this thesis the analysis of framing is a central part, and also the use of discourse theories (Yanow:16). How a policy issue might be framed at one moment and reframed at another can be significant. These methods are used to try to elicit understandings of what specific policies might mean to various issue-‐relevant publics, as well as exploring how those meanings are developed, communicated, and variously understood (Yanow: 18). This sort of analysis can lead to trace sites of agenda-‐ setting, decision making, and other sources of power and of silent and/or silenced voices (Yanow: 23).
A combination of these methods will make for an analysis where I look at how the EU and US talked and came to agreements through the years. Because I use three different methods, which overlap consistently, it is possible to distinguish the changes on a broad level. Which topics were framed, which contents changed over the years, how their views differed and developed. It will also show how the policies, and the way in which these were developed and talked about, alternated. It will give us a deeper insight in the process, with regard to securitization, of the debate surrounding the PNR policy in general.
To demarcate the field I chose the four agreements that the EU and the US settled upon since PNR data was introduced. These agreements show firstly how the EU and the US profilate separately and how they influence each other, but also how the process to the last agreement in general developed. The agreements are marked as important moments in the development of the PNR policy because they always provided much debate. The four agreements cover a time of seven years (2004 to 2011), therefore it seems legit to only focus on these. Besides, the agreements changed so much over time, and the agreement from 2007 even has letters attached to it which show the foundation for these changes, that there is much to be said about the agreements. The process the PNR policy made through the years can be analysed relatively well from these agreements. Of course it is still an interpretation, but a few general observations and
developments on how the policy changed over the years and who ensured the changes, will be demonstrated. Although it should also be interesting to look at more recent developments and other sources, such as press releases, public opinion and academic articles. This is something I therefore recommend for further research.
The agreements will be compared on content, but also language/discourses, and I will look at how they changed over time. What is added and what is removed? Which sentences are rephrased and how? How often does a topic or a specific word return in the agreements and who is responsible for this? After this is determined I try to subtract a meaning from these changes. What could it mean that a specific word or phrase is changed or removed? This part of the analysis is quite interpretative, and even speculative. I am aware of this, but firstly this is often the case with these methods of data analysis and secondly, if something occurs more often I subtract a meaning out of this. Some observations may seem as small details, but together, when they concern the same topic, it can say something about the general development. It will probably not make for hard evidence, but it will show plausible developments and observations.
The choice to analyse the EU and the US was clear for three reasons. First, these two actors provided the most debate about developing and implementing the policy. Although Canada and Australia also are involved in the PNR data exchange, it was less of a controversy there. Moreover, the EU was the first party which the US asked to develop a PNR database (Europe: Migration and Home affairs). And third, it is a good way to elaborate on Mara Wesselings research, which also regarded the EU-‐US relation with regard to security policy. Her research demonstrates a similar process with the Swift affair, only her focus was politicization in the public debates about the Swift Affair in the US and the EU (Wesseling 2013: 97-‐99). Politicization is often comprehended as an earlier stage of securitization, that is another reason why it is interesting to elaborate on her research and on a similar case, such as the PNR policy.
The PNR case itself is chosen because it is still a topic of discussion. Even now, in 2014/15, it is regularly in the news (European Parliament, the Guardian, Wall Street Journal). The one substantial disadvantage of a case study is the generalizability. Of course this is also a point of critique in this thesis, but because there are comparable cases, such as the Swift Affair, the outcomes might be useful for similar cases as well. Moreover, the goal is to get deeper into the problem of securitization and the PNR policy itself.
The (de)securitization of the PNR policy
For this analysis I will use the four ‘big’ agreements between the EU and the US in the last ten years. An analysis of the content, and to some extend also the discourses, in these agreements will show the process by which the PNR policy has developed and to what extent the EU and the US influenced changes in this policy. The changes within the agreements, and how, when and by
whom these were justified or introduced, will also show how the EU and the US differ and influence each other. I will try to fit the observations into the two forms of politics; the ‘normal politics’ or the ‘security politics’. Do they talk about civil liberties, or fundamental rights in this case, or do they mostly talk about the importance of PNR to secure their country, and the fact that because of that they can take exceptional measures where fundamental rights are sometimes subordinate? Do they seem to be in a rush, or do they want to make long-‐term decisions and be open for political debate? A summary of these characteristics is given in table 1 below. If we answer these questions we can establish which form of politics applies on which actor and/or in which phase of the development of the policy these forms apply. This will show whether one of the two actors, the EU or the US, securitizes the issue more than the other and if the case in general is being more securitized through time or just the contrary.
Normal politics Security politics
Decision making Open, consensual, transparant Secretive
Planning Long-‐term Short-‐term
Civil liberties (fundamental
rights) Protective Subordinate
Measures 'normal' exceptional
Table 1. Characteristics of normal and security politics
The agreement of 2004 is relatively compact and mostly shows some ground rules and early understandings that the EU and the VS agreed upon. The agreement mainly states that CPB has the right to access the PNR data and that air carriers have to process this data. There are a few mentions about fundamental rights, as I will discuss in the next paragraph, but overall the agreement is very basic and contains little information about the policy. Because there is not much transparency, debate and openness about the policy in this agreement, it is plausible to say that the agreement was made in a sphere of security politics.
Firstly, the agreement mentions civil rights, or fundamental rights as they are called here, in three sentences in the agreement (Agreement 2004: 3-‐8). Also, the first section of the agreement concerns these rights (Agreement 2004: 3). It seems that the focus on civil rights is present in this agreement, but they also do not elaborate extensively on them.
A few sections further the agreement states that ‘air carriers with reservation/departure control systems located within the territory of the Member States of the European Community should
arrange for transmission of PNR data to CBP as soon as this is technically feasible but that, until then, the US authorities should be allowed to access the data directly...’ (Agreement 2004: 4). It seems that the US wants to access the data easy and fast, this points to a form of short term planning. There seem to be not many possibilities to influence and deliberate on this procedure by the EU.
The rest of the agreement from 2004 is not relevant for this analysis, it is more important to look at the changes the EU and the US made for the 2006 agreement.
As mentioned, the 2004 agreement started with ‘recognising the importance of respecting fundamental rights and freedoms...’ (Agreement 2004: 3). After this their goal, ‘preventing and combating terrorism and related crimes...’ (Agreement 2004: 3) is mentioned. Here is the first important difference with the interim agreement from 2006. The goal, which is phrased relatively similar, is mentioned first and after this the agreement states that ‘ in order to safeguard public security and for law enforcement purposes, rules should be laid down on the transfer of PNR data by air carriers to the Department of Homeland Security (DHS)’ (Agreement 2006: 29). The
fundamental rights are not mentioned until a paragraph further (Agreement 2006: 29). This tells us that the goal, preventing and combating terrorism and related crimes, might now be more important than protecting the fundamental rights. To be sure about this it is necessary to see this change in comparison to the rest of the observations that can be made from the agreements. It is a plausible observation, but we will be able to say more about this later on in the analysis. The EU and the US also made an addition in the agreement confirming that ‘ the EU will not hinder the transfer of PNR data between Canada and the US and that the same principle will be applied in any similar agreement on the processing and transfer of PNR data’ (Agreement 2006: 30). It is striking that the EU agrees here with the fact that they will not hinder the processing of PNR data while this process is not explained in the agreement. We can acknowledge this as a possible form of secretive policy from the US, where it seems that the EU is not, or does not think it is necessary to be, up to date on the full process.
If we add up these changes it is plausible to say that the PNR policy, on basis of the agreements, has moved more to 'security politics' here. The changes the EU and the US made point to more rights for the US to access and process the data without extra information on how this policy is really implemented. In other words, it seems that there are not many possibilites to discuss the policy and be transparant about it. This could indicate a securitization move between 2004 and
2006.
The rest of the 2006 agreement was essentially similar to the agreement from 2004. The only noteworthy addition is the fact that the agreement from 2006 was an interim agreement, which means that it had to expire one year later, in july 2007 (Agreement 2006: 30). This is important because it means that the EU and the US will have to review and negotiate for a new agreement again in 2007.
The agreement of 2007 has a few extra sections that are important for this analysis. The first addition is where the EU and the US recognise ‘that information sharing is an essential component in the fight against terrorism and transnational crime and that in this context the use of PNR data is an important tool’ (Agreement 2007: 18). This shows that the importance of the use of PNR data is seen as a more essential measure now. The fact that the EU and the US call sharing information an essential component says that they are willing to take special, exceptional, measures to help reach their goal, to prevent and combat terrorism and transnational crime.
Also, the EU and the US recognise ‘that US and European privacy law and policy share a common basis and that any differences in the implementation of these principles should not present an obstacle to cooperation between the US and the EU’ (Agreement 2007: 19). The fact that this is mentioned tells us that the EU and/or the US introduced their privacy law and policy in the debate, seeing as it was not part of the agreement of 2004. Furthermore, because they recognise that these laws may not stand in the way of the cooperation it is plausible to say that the cooperation with regard to the PNR data legitimizes measures, and maybe even subordination of laws in their own states, that are only possible because it is seen as such an important (security) issue.
The EU and the US also made a noteworthy adjustment in the section that notes ‘that the EU should ensure that air carriers with reservation systems located within the European Union make available PNR data to DHS and comply with the technical requirements for such transfers as detailed by DHS’ (Agreement 2007: 18). In the agreement of 2004 this same section was
articulated differently, namely: ‘noting that the EU should ensure that air carriers with reservation systems located within the European Union arrange for transmission of PNR data to DHS as soon as this is technically feasible but that, until then, the US authorities should be allowed to access the data directly, in accordance with the provisions of this Agreement’ (Agreement 2006: 29). The removal of the part where the US wants access to the data as soon as technically feasible shows that the EU probably did not comply with this fast and short-‐term policy of the US. Moreover, the
EU did not agree with the fact that the US should be allowed to access the data directly if the EU did not transfer them, seeing that this part was also removed in the agreement of 2007. One could argue that the EU wants a more open form decision making and that they want to take more time to have influence over the data and the policy.
In the agreement of 2007 is also extra attention for the cooperation between the EU and the US; ‘seeking to enhance and encourage cooperation between the Parties in the spirit of transatlantic partnership’ (Agreement 2007: 19). This might indicate that from now on they aim for a form of decision making where there is more space for consensus, openness and cooperation.
The fourth point which the EU and the US agreed upon, that they ‘will periodically review the implementation of this Agreement, the DHS letter, and the US and EU PNR policies and practices with a view to mutually assuring the effective operation and privacy protection of their
systems’(Agreement 2007: 19), implies that they want to implement more control to the policy surrounding PNR data. They are again aiming for more open decision making and incrasing enforced justification for both parties. This aim is also reflected in the seventh point of the agreement. Here the parties agree that they ‘will work with interested parties in the aviation industry to promote greater visibility for notices describing PNR systems to the travelling public and will encourage airlines to reference and incorporate these notices in the official contract of carriage’ (Agreement 2007: 19).
After the agreement of 2007 the EU and the US exchanged some letters. Two of them were attached to the agreement of 2007, probably because of the importance of them. The letters are also important for this analysis because they give more insight on the positions and views of both parties with regard to the PNR policy.
First, the letter from Michael Chertoff from the Secretary of Homeland Security from the US wrote a letter to Luis Amado, the President of the Council of the EU. The letter is a response to the inquiry of the EU and to reiterate the importance that the US government places on the protection of individual privacy. It seems that the US is forced to be more open on its policy concerning the PNR data. The EU wants an open form of decisionmaking and the US complies by answering their questions in this letter. The EU mainly wants clarity on how the data is protected, collected, handled, used and stored. The privacy and protection of their civilians has to be ensured, so they try to get more attention for fundamental, civil rights and liberties. The US states that the letter ‘provides the assurances and reflects the policies which DHS applies to PNR data derived from
flights between the US and EU under US law’ (Agreement 2007: 21). This means the US justify themselves, or their policy, against the EU. It is plausible to say that the EU asked for more control and explanation.
The US explains that ‘the PNR data is only exchanged with other government authorities in third countries after consideration of the recipient’s intended use and ability to protect the information’ (Agreement 2007: 21). The emphasis on more control and justification is again clear.
Further in the letter the US mentions ‘that DHS employs an automated system which filters those sensitive PNR codes and terms (i.e. personal data revealing racial or ethnic origin, political
opinions, religious or philosophical beliefs, trade union membership, and data concerning the health or sex life of the individual) and does not use this information. Unless the data is accessed for an exceptional case DHS promptly deletes the sensitive EU PNR data’ (Agreement 2007: 22). Foremost, this shows a focus on fundamental rights, where discrimination or racism is avoided and citizens are protected in their fundamental rights and liberties. On the other hand, it shows the possibility to take an exceptional measure when there is a case that justifies this. The DHS has access to this sensitive data for 30 days and they will provide notice of this data being accessed within 48 hours (Agreement 2007: 22). This means they only have to justify themselves after they accessed the data and that it is short-‐term policy, which we could acknowledge as a form of secretive politics. But because they explain in the next paragraph when this measure is justified, ‘in an exceptional case where the life of a data subject or of others could be imperilled or seriously impaired’, it could be seen as ‘security politics’ as well as ‘normal politics’. This could indicate a shift to desecuritization of the policy.
Later on in the letter there is again a reference to exceptional circumstances in which the DHS is authorized to deny or postpone disclosure of all or part of the PNR record to a requester. But, as we saw earlier, here is also place for control and justification because the requester has the authority to administratively and judicially challenge DHS’s decision to withhold information (Agreement 2007: 23). On page 24 of the agreement there is once more a reference in the letter to a situation in which the DHS has exceptional rights in the policy of PNR data. The letter states namely that ‘DHS may require PNR prior to 72 hours before the scheduled departure of the flight, when there is an indication that early access is necessary to assist in responding to a specific threat to a fight, set of flights, route, or other circumstances associated with the purposes defined in article 1’ (Agreement 2007: 24).
travelling public about its processing of PNR data through publications in the Federal register and on its website. DHS further will provide to airlines a form of notice concerning NR collection and redress practices to be available for public display. DHS and the EU will work with interested parties in the aviation industry to promote greater visibility of this notice’ (Agreement 2007: 23). Apparently there was demand for clarity on the use of PNR data for the public, the civilians whom it affects.
As was also mentioned in the agreement of 2007, there is extra emphasis on the control and justification of the PNR policy. That might be why the US names the periodically review of the agreement, the letter, US and EU PNR policies and practices again in its letter (Agreement 2007: 24). Michael Chertoff ends the letter with ‘we trust that this explanation has been helpful to you in understanding how we handle EU PNR data’ (Agreement 2007: 24). Hence, the general goal of this letter was to give clarity on the whole process. We could see this as a development to a more open decision making with increased control and justification. This indicates a desecuritization move, because the policy is brought back to the ‘normal’ political sphere.
The response of Luis Amado from the EU was much shorter than the letter from the US. It seems that the EU was reassured about the way in which the data is protected and handled, ‘the EU deems that DHS ensures an adequate level of data protection’ (Agreement 2007: 25). Based on this assumption ‘the EU will take all necessary steps to discourage International organisations or third countries from interfering with any transfers of EU PNR to the US. The EU and its Member States will also encourage their competent authorities to provide analytical information flowing from PNR data to DHS and other US authorities concerned’ (Agreement 2007: 25).
The last agreement, from 2011, has gone through some remarkable changes. The first important difference between the 2007 and the 2011 agreement is the length of the agreements. The one from 2011 consists of nine pages and the one from 2007 only has three pages. Overall it looks like the letters that were attached to the agreement of 2007 are now fully incorporated into the agreement of 2011.
What also stands out is the change in the title of the document. In 2006 and 2007 the title was ‘agreement between the EU and the US on the processing and transfer of PNR data by air carriers to the US Department of Homeland Security’ (Agreement 2007: 18). In 2011 the title was
‘agreement between the US and the EU on the use and transfer of PNR to the US Department of Homeland Security’ (Agreement 2011: 5). The first difference to notice is the fact that the US is
called first in 2011, while in the previous agreements it always was the EU who was in the beginning of the title. This could suggest that the US is now the leading party in the agreements and that the influence of the EU is decreased. This is one explanation for the change in phrasing, but of course there are other explanations as well. But it is still important to notice this remarkable change. Another important modification is the removal of the words ‘by air carriers’ in the 2011 agreement (Agreement 2011: 5). This means that not only does the agreement apply on the PNR data processed and transferred by air carriers, but now it might also apply on other ways of transportation and companies, or another possible explanation is that there might be a tension with regard to the air carriers.
The shifting of the sentence about how the US and the EU seek ‘to enhance and encourage cooperation between the Parties in spirit of transatlantic partnership’ (Agreement 2011: 5) is also worth mentioning. This sentence is now much more in the beginning of the agreement, which possibly points to the fact that both the US and the EU want to focus more on their cooperation. Furthermore, the US and the EU use words that indicate a more firm position in the agreement of 2011. Instead of using words such as’ recognising’, they now use ‘convinced’ and ‘determined’ to settle the agreement (Agreement 2011: 5). It seems like they are more secure about their policy and the arrangements they made.
Also, in one of these sentences the US and the EU made a small change that is quite relevant. Where they call the use of PNR data in 2007 an ‘important tool’, they upgraded it in 2011 to a ‘necessary tool’ (Agreement 2007: 18, Agreement 2011: 5). This indicates that there is no other possibility, that they really need the data to fight terrorism and crime, and that because it is a necessary tool it is justified to ask this kind of access and measures from other countries. By calling the use of PNR data a necessary tool they justify themselves for using this data.
Another element that stands out in the first part of the 2011 agreement is that the parties added a few sections about privacy rights and the protection of personal data. For example, they mention treaties and charters about fundamental rights which they will be mindful of (Agreement 2011: 5). The fact that there is more attention for these rights says that the US and the EU are taking civil liberties more into account. Seeing that more respect for fundamental rights is a characteristic of ‘normal politics’ one could argue that the PNR policy is desecuritized here again.
Besides these developments, it also seems that the US and EU are aiming for a more open form of decision making. As we can see on page six of the agreement they now note ‘in particular the principle of transparency and the various means by which the US ensures that passengers whose
PNR is collected by DHS are made aware of the need for and use of their PNR’ (Agreement 2011: 6). They literally state that by signing this agreement they will be more transparent about the use of PNR data. Not only to each other, but also, and maybe even especially, to the passengers whose data is collected.
The 2011 agreement has a total different structure than the previous ones. It is more extensive and structured by theme. It seems that the letters from the 2007 agreement are now organised and processed in different articles by theme in the latest agreement. The US and EU start the articles with a justification of why they set up this agreement in the first place; ‘this Agreement sets forth the responsibilities of the Parties with respect to the conditions under which PNR may be transferred, processed and used, and protected’ (Agreement 2011: 6). This justification
beforehand shows that they are moving away from ‘security politics’. The fact that they aim to be transparent and justify themselves points to a desecuritization process. Several changes in the agreements indicate that the policy is being discussed in the political debate and thus moved towards a ‘normal’ political sphere.
The parties also added a full chapter with attention to fundamental rights and open decision making (Agreement 2011: 7-‐10). A few examples of the articles from this chapter will be analysed here.
In article five the US and the EU state that ‘all access to PNR, as well as its processing and use, shall be logged or documented by DHS’ (Agreement 2011: 8). Also, in article ten they declare that ‘DHS shall provide information to the travelling public regarding its use and processing of PNR through different sources’ (Agreement 2011: 9). Additionally, by signing this agreement the EU and the US recognize that individuals have the right to request their PNR from DHS (Agreement 2011: 9). All these additions to the agreement point to the fact that the parties are willing to be more open about their policy to the public and each other, but also that they are open for control. We can see this for example in article fourteen where they comply with the fact that the privacy safeguards of this agreement shall be subject to independent review and oversight by Department Privacy Officers (Agreement 2011: 10).
As mentioned above, there is also more attention for fundamental rights. Of course these rights concern in this case mainly privacy and protection rights, which are to be found for instance in article five on data security (Agreement 2011: 7). But they also bring up discrimination and the fact that all passengers will be treated on equal basis. As we can see in article nine about non-‐
