FLIGHTS FROM, TO OR THAT IMPLY THE OVERFLIGHT OF UNITED STATES OF AMERICA.
Since the 8th March, 2012 the United States Authorities have extended the Secure Flight Program of the passengers personal data management also to the flights that enter the US air space (Overflight) to reach other Countries like for example Mexico or Cuba.
In particular the Secure Flight Program requires that the carriers that operate flights from and to the United States of America must guarantee to the Transport Security Agency (TSA) and to the Custom and Border Protection (CBP), the electronic access to passengers personal data.
The PNR data treatment is regulated by the international agreement of the 26th July, 2007 between the European Union and the United States: Neos must adhere to these regulations. (For an explanation of the PNR data treatment by the United States Authorities (DHS - Department of Homeland Security) in relation to the flights operated between the European Union (UE) and the United States, one may refer to the international agreement and to the DHS cover letter, published in the Official European Communities Gazette L204 of the 4th August, 2007, that can be consulted clicking on:
https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=OJ:L:2007:204:TOC
Carriers that should not fulfil to these requests could incur in heavy sanctions and loose the right to land in the United States of America or to overfly their air space, essential condition to reach some of their neighbour Countries. Moreover, due to this non-fulfilment, passengers of these carriers should be subjected to enhanced controls in the airport of this State, with all the possible inconvenience this could imply. Neos, like all the other European carriers that operates from, to and through the United States of America, is therefore bounded to fulfil the United States Authorities requests, because the transfer of the passengers data is an essential and necessary condition to operate flights from, to and through the United States of America air space or area.
If a passenger did not allow the access and the personal data treatment, this would mean the impossibility for him to embark and fly from, to or through the United States of America. Neos hence, in order to respect the American Authorities requests, reserves the right to delete bookings that would not show the personal data requested the day before the deadline of 72 hours before the departures of the above mentioned flightsi. Neos considers important to inform its passengers about the modality of the personal data treatment and about the transfer of the data contained in the bookings. United States of America are committed by virtue of the mentioned agreement with the European Community to respect them.
Personal data requested
According to the Secure Flight Program, upon reservation and anyway within the 72 hours before passengers departures, the passenger must give his name, surname, gender and date of birth as reported in his passport. If the passenger has the possibility to give other data concerning his own passport, for example its number and its expiration date, the carrier will manage them too in advance. If there are bookings made between the 72 hours and the day before the departure, the above mentioned data must be communicated contextually to the booking.
Authority and purposes
The US CBP and the TSA, Department of Homeland Security, will have the access to passengers data before the flight departure.
This Department will use them to prevent and fight terrorism and serious criminal act.
The authority will not allow any public access to the data in object.
In compliance with the American legislation, these data, however could be transmitted to other USA Authorities in order to prevent terrorism or in conformity with law prescriptions, or for justice concerns, after the judgement of every single case and always to prevent and fight terrorism or serious criminal act. These data could be made available, if necessary, for the defence of the passenger vital interest or of third parties (particularly in case of serious sanitary risks) or as part of prosecutions or in the other cases provided by the Law.
Data processing
Neos transmits, through authorized systems, the data to the TSA/CBP starting from the 72 hours before the flight departure to allow the American Authority to control passengers before their arrival or before the overflight on the USA area, with the aim of facilitating the admission of the most part of the passengers, focusing the TSA/CBP resources only on that restrict number of passengers that could represent a real risk for the security.
At the check-in all the passengers undergo to another control before receiving the boarding card.
The data will be kept for a period of seven years, although in case they underwent a manual access during this period, they should be conserved for another eight years. American Authorities will adopt, all the proper technical and organizational measures in order to prevent the unauthorized use of the data.
Passenger rights
American Authorities committed not to oppose themselves against passengers requests to receive a copy of the data intercepted in the PNR and contained in their database. Passengers can request a rectification of their data and obtain it where the US CBP or the Transport Security Agency (TSA) should consider this request justified and properly argued.
A negative response could be legally challenged.
The rectification requests and the complains about the PNR data treatment can be addressed by the passengers (directly or through the authorities in charge of the data protection in the Member States) to the DHS privacy office (FOIA program):
Freedom of Information Act (FOIA) Request U.S. Customs and Border Protection 1300 Pennsylvania Avenue, NW Washington, DC 20229
For further information about the requested procedure please consult the site www.dhs.gov/foia, Title 19, Code of Federal Regulations, Part 103
Passengers could moreover receive further information through their Country Authorities.
In Italy you can contact the Garante per la Protezione dei dati personali, Piazza di Montecitorio, 115 – 00186 Roma, tel. 06.69677.1
