< Please copy & paste this text into the word processing programme of your choice. Edit and/or delete all the sections in <>; then simply print and send the letter, and please don't forget to send a letter to the Federal Data Protection Commissioner as well.> Registered Letter
Concerns: Information on the transfer of European air travellers' data to the United States. Dear Sir/Madam, On , I flew with your airline with flight ticket number on flight number to the United States. As I have recently read in the press, European airline companies give out air travellers' data to the U.S. authorities - without obtaining the explicit consent of the airline passenger! This practice is in violation of the Swiss data protection law (DSG, Systematic Collection of Swiss Federal Law SR 235.1) as well as the European Data Protection Directive 95/46/EC. As I have learnt from the press reports, your company's "Passenger Name Records" (PNR) data bank does not only list my name, my address and my date of birth, but in addition to this, amongst other things, it includes my credit card number and even the meal I chose on flight. The latter gives way to speculation on my religious background and as such is to be treated as sensible "personal data in particular need of protection" (Swiss Federal Data protection law, Article 3, Section C, DSG) Your company has neither asked me for my consent in the transfer of this data, nor has it even informed me on this transfer of my personal data to the U.S. authorities. The transfer of data is taking place without my consent and is in violation of the Federal data protection law. According to the this law, the transfer of data to third countries is only permitted if these countries provide data protection "which is equal to the Swiss [law]" (Article 6, Section 1 DSG). However, the U.S. does not safeguard the protection of personal data of Europeans according to Swiss standards. Moreover, such a collection of data, by law, has to be registered with the Federal data protection commissioner (for the relevant criminal code regulations, compare Article 34 DSG). This is why I expressly object to the transfer of any PNR data to foreign authorities. Further, on the basis of Article 8 of the Federal Law on Data Protection of 19. June 1992 (DSG), I am filing an APPLICATION FOR INFORMATION (AUSKUNFTSBEGEHREN) on all personal data of mine which is held by your company: I hereby ask you to inform me in writing within the next 30 days, if and what kind of data your company is holding on me and if this information is registered with the Federal data protection commissioner (EDSB). In particular, I am asking on information on the following points: 1. All data held in your data banks in relation to my person 2. The purpose of data processing 3. The categories of the collected and processed personal data 4. The categories of persons involved in the data collection 5. The categories of those receiving the data 6. The confirmation of the registration of your data collection with the EDSB Please certify the sufficiency and authenticity of the documentation provided to me. If you are unable to fulfil my request, please inform me of this with a justified decision according to Article 9 DSG. I hereby request for an answer to my query within 30 days. Yours sincerely, COPIES: - to the Eidgenoessischer Datenschutzbeauftragter (Federal data protection officer), CH-3003 Bern - OK Big Brother Awards, c/o SIUG, Postfach 1908, CH-8021 Zuerich ENCLOSED: Copy of my identity card