On 2 February 2011, the European Commission presented a proposal for an EU Passenger Name Record (PNR) Directive. The divisive proposal would require air carriers to provide EU Member States with data on passengers traveling to or from the EU, whilst guaranteeing a high level of protection of privacy and personal data.
Catherine Erkelens is a Partner in the data protection team at Bird & Bird’s Brussels office. She says there has been a call for a common EU approach to the use of passengers’ data for law enforcement purposes for years. “A prior proposal in 2007 for a Council Framework Decision had become obsolete upon entry to the Treaty on the Functioning of the European Union. The new proposal was prepared to replace the 2007 proposal, which had received some criticism for lack of sufficient protection of personal data,” she explains.
The PNR are the files created by airlines when passengers book a flight, and which are stored in the reservation and departure control databases and contain information related to the passengers’ journey: departure/return and connecting flights, seat and baggage information, travel agency used, affiliation with frequent flyer programs, payment information, also general information (such as on special services required on board). “Agreements for the transfer of PNR data are already in place between the EU and the US, Canada and Australia,” says Erkelens, adding that the EU consequently started to develop an EU policy on the subject. “The new proposal was prepared according to that policy, with consideration specifically of the data protection rights under the Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters. As such, the proposal respects principles such as lawfulness, proportionality and purpose limitation.”
According to Erkelens, law enforcement authorities will be allowed to use PNR data only for the purpose of combating an exhaustive list of specified serious crimes. “PNR data should not be retained for a period exceeding five years, and the data must be made anonymous after 30 days. The use of sensitive data (e.g. revealing a person’s race or ethnic origin) is prohibited. The passengers shall have rights of access, rectification, erasure and blocking, a right to compensation in case of wrongful processing and a right of judicial redress,” she adds.
Erkelens points out that the Member States will have to set up a Passenger Information Unit, an authority for the prevention, detection, investigation or prosecution of the crimes, that will be responsible for collecting the PNR data from the air carriers and storing and analysing them. “Notwithstanding cost-related concerns raised by the air carriers, the proposal requests Member States to oblige them to ‘push’ the PNR data to the database of the Passenger Information Unit,” she says. “PNR data are at this moment, as under the Agreement for instance between the US and the EU, collected from the air carriers under the ‘pull’ system, whereby access is granted to the full database and airline passengers are directly accessed online. The ‘push’ system, under which the authorities must request data which the airlines then have to select and transfer, is deemed to provide better guarantees for privacy protection. This involves an obligation for the airlines to have the systems in place that comply with the technical requirements.”
Erkelens also adds that air carriers will have an obligation to inform the passengers at the time of booking a flight and at the time of purchase of a ticket about the provision of PNR data to the Passenger Information Unit. “The proposal, if adopted, will thus involve serious measures for the air carriers, deemed necessary for the protection of individuals against serious crime. The proposal tries to find the right balance between such protection and the protection of privacy rights.”