The US may be willing to give some ground in a dispute with European regulators over access to transatlantic passenger data, although reaching a compromise before a July 2007 deadline remains uncertain.
The issue of how long the US holds onto passenger data has been one of the sticking points in the dispute, which threatens airlines' ability to carry passengers to the US without violating US or European law.
I am not surprised when I hear from a European their often-held view that the US has no privacy laws. That's just false. We do have privacy laws, we care about privacy
"I anticipate that there may well be a decrease, and perhaps even a significant decrease, in the amount of time [the passenger data] is retained," said Hugo Teufel III, chief privacy officer for the US Department of Homeland Security, in a meeting with journalists in Paris.
The US requires airlines to hand over 34 facts about each passenger traveling from Europe, including where and how their airline ticket was purchased. The US says it needs the information to help identify terrorism suspects, but some European regulators have fiercely opposed sharing their citizens' data, citing concerns about privacy.
A 2004 agreement on the matter was struck down by the European Court of Justice earlier this year, and an interim agreement will expire on July 31. If a new accord isn't reached before then over the "passenger name records" (PNRs), airlines face being sued in Europe for sharing the data, or being denied landing permission in the US if they do not.
"I believe that there will very likely be increased privacy protections with respect to the PNR data," Teufel said on Thursday. "Whether it happens before the end of July or after the end of July is very difficult to say."
He cautioned that he is not directly involved in the discussions, and would not elaborate on what the increased privacy protections might be.
It was unclear if the concessions had been communicated to the European Union or would prompt it to ease its position. European parliamentarians have also expressed other concerns with the PNR system, including the amount of data being collected and the ways it will be used.
A spokesman for Franco Frattini, the EU's commissioner for Justice, Freedom and Security, said it would be inappropriate to comment on Teufel's remarks while the talks are ongoing. "We are in the midst of negotiations," the spokesman said via e-mail.
Teufel is a political appointee responsible for privacy policies at the Department of Homeland Security. He was in Europe to meet with privacy representatives in France and Germany to gather feedback and smooth relations between the two sides.
He sought to dispel what he characterized as misinformation about the PNR system. The US does not ask about meal choices to identify potential Muslim travellers, he said, calling that "absolutely false". Asked if credit card data is collected, he said: "To my knowledge the department is not pushing for that."
He acknowledged the divisions between US and European attitudes to privacy. "I think Europeans are beginning to have a better understanding of US privacy and US privacy laws. I don't think Europeans as a whole have a sufficient understanding now," he said.
"I am not surprised when I hear from a European their often-held view that the US has no privacy laws. That's just false. We do have privacy laws, we care about privacy. What we do have is a different approach to privacy and a different approach to government."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.