The United States and the European Union reached a seven-year agreement on July 26 to continue allowing passenger name record (PNR) data to be transmitted to the Department of Homeland Security for all flights to or from EU member countries.

“I am pleased to have signed an important agreement with the European Union today that will allow the Department of Homeland Security to continue using passenger name record data as an essential screening tool for detecting dangerous transatlantic travelers,” Homeland Security Secretary Michael Chertoff said in a press release. “Two separate agreements over the past three years have enabled our frontline personnel to rely on PNR data to disrupt terrorist travel, deny admission to individuals presenting security concerns, and dismantle human trafficking and narcotics smuggling networks.”

DHS will collect 19 PNR items from airlines generally 72 hours prior to a flight’s takeoff, with periodic updates coming in as they occur. The PNR items include: All provided contact information; payment and billing details; other names attached to the reservation; date of reservation; travel itinerary; names of travel agents; baggage information; and seat numbers.

Issues regarding the protection of the sensitive personal information strained the negotiations, but a letter sent from Chertoff to Luis Amado, president of the Council of the European Union on Thursday led to a breakthrough.

Under the agreement, DHS will be allowed to store the PNR information in an active analytical database for seven years. After that time, the information will be moved to a dormant data repository for eight more years and will only be accessed when a request is approved by a senior DHS official. After 15 years, the data is supposed to be deleted.

In the letter, Chertoff said DHS will treat the PNR data as sensitive and confidential information, which will only be provided to U.S. government authorities that have law enforcement, public security or counterterrorism functions.

Furthermore, DHS will only turn over PNR data to third countries when they have been assured the other state has data privacy protections comparable to those enforced by DHS.

A system accessible to foreign individuals will also be maintained by DHS to provide redress opportunities to people who want information about or correction of PNR data.

The new agreement will also mean new requirements for air carriers.

The department is aiming to transition to a “push” PNR data transmitting system, where air carriers will be responsible for initiating the transmission to DHS.

Under the new system, air carriers will be required to reformat their transmission systems to comply with DHS technical requirements. However, DHS will continue to operate its current transmission system until all air carriers have transitioned to meet the new requirements. Thirteen airlines have already adopted the new approach.

Implicit in the agreement was a reciprocity clause that requires the United States to provide the same data to the European Union, or EU member countries if they were to start a PNR program of their own.

Either side may terminate or suspend the accord at any time by notification through diplomatic channels. Any cessation of the agreement would take place 30 days after the notice is given.

The European Union and the United States forged a temporary agreement last October that allowed DHS to collect passenger name record data after the European Court of Justice annulled a May 2004 deal related to similar data collection.

Matthew M. Johnson can be reached at mjohnson@cq.com.