European court (again) finds US data protection inadequate
Today the highest court in the European Union ruled (summary, full decision) for the second time, that US law does not provide an “adequate” level of protection for personal information transferred from the EU to companies or servers in the US.
What does this mean for Passenger Name Records (PNRs) or other records of our travels?
Understanding the implications of today’s decision — especially with respect to airline reservations and other information about when, where, how, and with whom we have traveled — requires some review of the background: