Airline passenger information collected by US authorities must not be used for general law enforcement activities and must be deleted after three-and-a-half years, the House of Lords has said.
In a just-published report on the information airlines pass to US authorities, known as passenger name records (PNR), the Lords said that a "better balance" needs to be struck between privacy and security.
But though it was critical of some elements of PNR deals in the past, the Lords' European Union Committee said that the exchange of PNR data is a necessary element of counter-terrorism policy.
"Having received no evidence to the contrary, we are prepared to accept that PNR data constitute a valuable weapon in the fight against terrorism and serious crime, and that their continued use is both necessary and justified," said the report.
But the Lords said that data collected must be tightly controlled, and that any data collected must be used properly, which means only using it for the purposes for which it was collected in the first place.
"[A] balance has to be struck, and the guiding consideration must be the principle of proportionality: the collection and retention of data for security purposes must be no more invasive of individual privacy than is necessary to achieve the objective for which they are collected. That objective must be narrowly and clearly defined," said the report.
PNR data has been handed over by airlines to US authorities since soon after the terrorist attacks in the US of September 2001. Under an agreement between the US and the European Commission, 34 pieces of information on every passenger are transferred.
That deal was the subject of a successful legal challenge by the European Parliament, and an interim deal has been put in place while a new agreement is negotiated before a July deadline.
European and US authorities put an interim deal in place because their clashing data protection cultures make a permanent deal extremely difficult to agree. The Lords have warned against another stop gap, though. "In our view the worst possible result of the negotiations would be an agreement to extend the current Interim Agreement," they said.
As well as limits on the use of data, the Lords also insisted that data be deleted after it has served its original purpose. "The negotiators should as a matter of principle insist that data transferred under the 2004 and 2006 Agreements must be destroyed no later than 3.5 years after the transfer, unless a formal Agreement is negotiated allowing these data to be retained longer," they said.
The Lords also said it was vital that any deal is not a bureaucratic compromise agreed by civil servants in the European Commission and the US. It must be approved by the people's elected representatives both in Brussels and London, they said.
"The fact that the European Parliament no longer has a formal role to play is not a reason why the views of its members should be disregarded. On the contrary, in a Union of democracies special attention must be paid to the views of representatives, since they are well placed to balance the public good against private rights," said the report.
The Lords said that the UK government should ensure that any agreement is accountable to the UK electorate. "It is an important principle of democratic accountability that Parliament should be able to reach its own conclusions on the value of PNR in combating terrorism, and not have to rely on statements from the executive," said the report.
The Committee expressed reservations about PNR systems because of the consequences of errors, and even the consequences of an over-reliance on the system without errors. The Committee highlighted the case of IT consultant Maher Arar.
Born in Syria, Arar became a Canadian citizen when 17. He was detained at JFK Airport in New York and held for 10 months in a tiny jail cell where he was beaten, tortured and forced to make a false confession. On his return to Canada a judicial inquiry found that there was no evidence Arar had committed any offence or was a security risk.
"This of course is an extreme case, but it is an example of what can happen when the right data are wrongly used," said the report. "The principal risk of error in using PNR data seems to us to arise, not from the quality of the data, but from the erroneous interpretation of the data, even if accurate."