API - Bad news

[Darren Wheeler]

It has just been announced that the talks between the EU and the US Government over sharing passenger data have broken down and as of midnight it is illegal for airlines to share API with the US.

Quite what effect this is going to have on transatlantic flights isn't clear yet but if the US want to play awkward b*****s, you time through immigration could take much longer.

We'll see how this develops....

[mitchja]

Full story here

Regards

Watching the BBC news - great in flight shot of Madam Butterfly!!!

Apparently they still cant sort it out - the US say that its all gonna be sorted and the Europeans say that they have left the talks.

Politics - grrrr!!

[preiffer]

Oh joy - here we go... [ii]

Has this thing actually had any good uses yet? As far as I remember, the only people that have caused disruptions from the API sharing were not actually threats.

Further news, the UK Government has taken out an 'air traffic order' (or some such legal instrument) allowing the exchange of data from UK airports while the talks continue. The intention is that UK originating flights will continue to operate normally. So a good short term move.

To me this is a significantly important issue, while I have no problem with the US security authorities knowing who I am before I travel, I have great concern over how the share the same information with myriads of other government departments, what it is used for and how secure it is. So all these things need to be understood and accepted by all parties before they're agreed. For once I'm with the EU on its stance on data protection, but also in acceptance of the US wishes on API. Hope they sort it out, but we're OK in the UK for the moment.

The last time i flew to the US i dont remember having to give any API, neither do i remember spending an unusually long time at immigration. So i cant see why its become such a big issue all of a sudden.

I have to admit though, im not too clued up on the whole process. All i do know is that VS asked if i could fill it in online prior to flying.

[Decker]

Interestingly when I was arguing this point earlier this year with VS I stated

I would respectfully submit that the Data Protection Act disclaimer is wrong. You ARE passing my details to a third party (the US Government) and this is NOT covered by UK law legislation or enactment not is it necessary for the fulfilment of this contract between us. Just for the fulfilment of the contract between YOU and the US.

and they replied

Section 35 (1) of the Data Protection Act states that 'Personal data are exempt from the non-disclosure provisions where the disclosure is required by or under any enactment, by any rule of law or by the order of a court.'

It is not specified under the Data Protection Act that the enactment or rule of law must be UK legislation and as such US legislation applies.

In order that the contract between Virgin Atlantic Airways and yourself is fulfilled, a disclosure of your API data to the US Customs and Border Protection is necessary in order that Virgin Atlantic Airways complies fully with US legislation.

As the United States is a territory outside the European Economic Area without adequate protection, your information is also disclosed under Schedule 4, Condition 2 (a), a case where Schedule 1, Principle 8 does not apply.

[mitchja]

Originally posted by slinky09

To me this is a significantly important issue, while I have no problem with the US security authorities knowing who I am before I travel, I have great concern over how the share the same information with myriads of other government departments, what it is used for and how secure it is. So all these things need to be understood and accepted by all parties before they're agreed. For once I'm with the EU on its stance on data protection, but also in acceptance of the US wishes on API. Hope they sort it out, but we're OK in the UK for the moment.

I agree, I've nothing to hide but do wonder exactly why the US boarder control authorities need my email address and credit card number used to book my airline ticket with? How, by gaining this information, is that protecting thier boarders?

I can understand why they want your passport number and can almost understand why they want the address I'll be staying at for at least the first night but what about the other 20+ bits of data they require about passengers (and crew)?

My only concern here is that the US authorities have the VWP (U.S. Visa Waiver Program) wild card they could deal at any time ie stopping this scheme althogher which is what they originally wanted.

Regards

Details to follow, but it seems that an agreement has been reached. Story here.

Paul

[Bazz]

Quite an incentive to be compliant:

...Carriers who fail to provide information are liable for fines of up to $6,000 per passenger or withdrawal of landing rights...

No wonder VS responded the way they did.

I've noticed under Manage Your Booking for our return flight tomorrow from USA to UK that there's an API section, previously I'd been under the impression that API was for flights to the USA - not from?

So, I've gone into it and it already shows our passport & DOB details but it also has a section titled Permanent Resident Card Number, and against mine it shows an expiry date in 2003. I've deleted this as presumably, being a UK citizen, the Permanent Resident Card Number is not applicable? However on checking back it has reinserted the erroneous expiry date....bit like males being changed to females which has been discussed in many previous API related threads!

Are we OK to ignore this stuff about Permanent Resident Card Number?

Like Vegascrazy, I also had the Permanent Resident Card Number autofil an expiry date in 2003 whilst completing OLCI for our return trip from MCO on the 12th.

After numerous edits, I finally gave up trying to cancel the date. The confirmation page showed Card Number: (blank); Issuing Country: none; Expiry Date: 31 October 2003.[?]

I clicked to confirm details and, ....well I'm sat at home posting so I assume that everything was OK[:w]

ISTR that when I last used OLCI (coming back from LAS), I just repeated my passport details in the "Permanent Resident Card" fields - no problems occurred. It's just another one of those many VS IT system "anomalies" [ii]

Cheers

Michael

When I last did OLCI this one stumped me too. I originally thought that they must have had me confused with Mister who does have a greencard but I finally figured out that there is a pulldown menu that allows you to select which country has issued the residence card and if you select the blank item at the very top of the list it will realize that you don't have one and the default 2003 expiration will go away. It was very annoying as it wouldn't let me check in as a US citizen with a permanent residence card.

- Sep

Originally posted by Sep
When I last did OLCI this one stumped me too. I originally thought that they must have had me confused with Mister who does have a greencard but I finally figured out that there is a pulldown menu that allows you to select which country has issued the residence card and if you select the blank item at the very top of the list it will realize that you don't have one and the default 2003 expiration will go away. It was very annoying as it wouldn't let me check in as a US citizen with a permanent residence card.

- Sep

There's a similar section on ONCLI on returning to the UK - confused the hell out of me, asking for some sort of citizen card! Left it blank and it worked fine.

I sort of wish they would bring back visas - the few times I travelled while having one had far fewer hoops to jump through...but I suppose that'd be a whole other can of worms!;)

Section 35 (1) of the Data Protection Act states that 'Personal data are exempt from the non-disclosure provisions where the disclosure is required by or under any enactment, by any rule of law or by the order of a court.'

It is not specified under the Data Protection Act that the enactment or rule of law must be UK legislation and as such US legislation applies.

Whoa! That paragraph horrifies me. It seems we are in a position where the US government could enact legislation requiring handover of absolutely any information at all covered by the DPA and we are required to hand it over because the DPA doesn't specify that it only refers to UK legislation? That would imply that _any_ foreign government could do the same and get all our information. Whatever happened to the idea that the UK government was supposed to protect the interests of UK citizens? We might as well just admit that we are becoming the 51st state...

Chris

Originally posted by cshore

It is not specified under the Data Protection Act that the enactment or rule of law must be UK legislation and as such US legislation applies.

Whoa! That paragraph horrifies me.

No way is the UK DPA is usurped by US legislation. Sure, secondary UK legislation specifically brought in under an EU directive to deal with this situation would clear this up.

Without that I'm sure it's also a nice little test case for the Human Rights Act.

Either way I am sure somewhere under their T's & C's VS still reserve the right not to take you anyway.

Cheers, Howard

Originally posted by Howard Long

Originally posted by cshore

It is not specified under the Data Protection Act that the enactment or rule of law must be UK legislation and as such US legislation applies.

Whoa! That paragraph horrifies me.

No way is the UK DPA is usurped by US legislation. Sure, secondary UK legislation specifically brought in under an EU directive to deal with this situation would clear this up.

Without that I'm sure it's also a nice little test case for the Human Rights Act.

Either way I am sure somewhere under their T's & C's VS still reserve the right not to take you anyway.

Cheers, Howard

Indeed. The US have us over a barrel here. They will simply not allow passengers to be carried unless this information is provided. Frankly, airlines wishing to remain in business on Atlantic routes simply have to comply whether it's legal to do so or not. It would suicide not to.

I am just rather amazed at what I presume is VS's justification implying that legislation passed by another government can over-ride the provisions of the DPA.

Chris

That would imply that _any_ foreign government could do the same and get all our information. Whatever happened to the idea that the UK government was supposed to protect the interests of UK citizens? We might as well just admit that we are becoming the 51st state...

Recently I was asked to visit a friends house and he told me in advance that I would need to take my shoes off in his house. I'm paranoid about my feet for some reason, so simply decided not to visit his house.

As much as I dislike the UK Government, they can't be held accountable if we make an individual choice to visit someone else's house. If you don't like the rules of any particular country, take your smelly feet to a different country [:p] After re-reading this I want to edit my message to make sure everyone is aware that I am being humorous here, based on my own smelly feet. No flames please!

OK, now you all know too much weird and personal information about me!