406Ibid. at page 2: “Administrative offences are applicable and punishable by .nes up to Euros 250,000.00 to anyone who, whether intentionally or through negligence, collects or processes
D. The Passenger Name Record 149
As for the Swiss Government, personal data is regulated by the Data Protection Act(DSG),407 all transmissions must be transferred in good faith and must be done in a secure manner. As the API transmission is currently used is relevant to current border inspections, it therefore does not go against these legal previsions.
As for Swiss International, Switzerland’s main air carrier, API does not cause any infringement on the DSG, however the compulsory PNR unless certain condi-tions are meet could cause legal consequences to the carrier:
The unlimited access by a third party in a foreign jurisdiction to the entire PNR data of a
Swiss air carrier, without legal safeguards described above, turns out to cause major legal
problems for the carrier concerned.
However, provided that data can be restricted to PNR data on in-and outbound US-.ights, SWISS might be able to comply with nationaldata protection laws when providing PNR access to US Customs. Compliance with Swiss and European Data Protection law couldbe achieved, if (a) the air carrier receives permission from the Swiss National Data Protection Of.cer and (b) obtains the requiredguarantees from the US authorities (see Point 2.2 above), eventually by applying the “Safe Harbour” principles. Furthermore (c), the air carrier would have to change its booking procedures by asking the passenger for additional data and an explicit consent to make this data available to U.S. Customs and other explicitly named U.S. authorities.408
Swiss International AirLines also raised the matter of implementing a .lter system in order to protect a leakage of information to other authorities in the US. This .lter concern was also brought up by the Bundeskriminalamt but is currently being resolved by the creation of new biometric procedures slowly being intro-duced in Frankfurt’s airport that facilitates the creation of such a .ltering data processing that would not infringe on any federal data protection legislation.409
7. The Mexican Approach
As of the present time, Mexico submits all API information on passengers and crew on all international .ights and intended as of July 2002 to submit to the United States to a minimum of 95% suf.ciency all information in the UN-EDIFACT messaging format. As a counterpart, Mexico also plans to fully request API information and penalize air carriers that are either late or not submitting such
personal data which are not generally accessible without authorization (Section 43 BDSG); additionally, certain violations of this law can also carry criminal penalties of up to 2-years imprisonment and/or .nes up to Euros 250,000.00 per offense (Section 44 BDSG)”.
407Swiss Federal law On Data Protection, online: http://www.datenschutz-berlin.de/recht/de/ bdsg/bdsg1.htm#absch1 (date accessed: 5 March 2003).
408Unof.cial letterby Swiss International Air Lines dated 26 August 2002 (not published). 409Unof.cial interview with Dr. Edgar Friedrich, Bundeskriminalamt, Wiesbaden Germany in February of 2003.
information. Contrary to the US, it does not plan to request any passenger name record other than the Record Locator reference to be used upon request.410
Mexico also signed an agreement with the United States, the Smart Border 22 Point Agreement,411 stipulating that on a voluntary basis, Mexico would exchange some information with the UnitedStates on a mutual level in order to prevent illegal migration and detection of high potential risk passengers. According to the US Customs Service, there is presently exchange of information on international.ights bound for Mexico even though the port of arrival is not the Unites States. For example, at this time, a .ight from Frankfurt to Mexico City non-stop may have to submit to the US API and PNR information on its passengers.
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:Aviation Security Law 航空安全法(114)
