The European Commission and the relevant committee of the European Parliament recently informed the US government that they would stop the transfer of data if by December 1 the US did not provide assurances of the adequacy of data protection on the American side. There are many points of friction, beginning with the purpose of the information, and how it will be used. The European Commission says it should be used purely for counterterrorism purposes, while the US makes general mention of «national security and crime prevention.» Washington will not agree to restricted access and virtually wants to make European passengers’ profiles public, accessible to all security authorities and other state services dealing with security issues. The Commission also considers that 39 information fields is too much. There is also a dispute over the length of time the files may be kept. The US was originally asking for 50 years but has compromised on six to seven. European legislation, however, allows passengers’ details to be kept for only 72 hours, with the possibility of extending this to three years solely for the purpose of verifying accounting discrepancies. The US is also asking airlines for automatic access to their data banks on all customers so their services can sift through the data on all those traveling not only to the US but elsewhere. Several airlines have complied. Lufthansa’s website says that «only travel which includes a point of contact in the USA is concerned. The US authorities have committed themselves to accessing only data for such flights, although there is currently no technical restriction in place to limit such access.» In other words, Lufthansa has linked its computers with those of the American authorities, who can access PNR details at will. The EU’s very first provision on data protection, in 1995, made clear that data can only be used with the approval of the person concerned. However, the European Commission bears a large share of responsibility for the situation, given its haste to fall into line with the USA’s demands without securing guarantees. Other countries, such as Canada, Australia and Britain, have followed suit. Some might think the issue is not a major one. «After all, what difference does it make if I haven’t done anything wrong?» The right to protection of personal data is not a personal issue; that is why the authority has ruled against the optional reference to religion on state identity cards. It is an essential condition for the development of freedom of thought. One wonders how democratic a society can be when everyone knows that everything is being observed and recorded. A person’s choice to be a Muslim, for example, or to participate in a demonstration against globalization can lead to that person being isolated. In an environment such as this, the police or other state services can do things that once would have required a court order. Moreover, there is always the risk of leaks to private and commercial interests. Just a few months ago, hackers stole from the US Pentagon all the data on the health of its thousands of employees, obviously with the aim of selling them to an insurance firm.