Accumulating and Use of EU Passenger Identify File Agreed
On 4 December 2015, the Council approved the compromise text agreed with the European Parliament on the proposal for a directive on the use of PNR (Passenger Name Record) data for the prevention, detection, investigation and prosecution of terrorist offenses and serious crime.
“The compromise agreed today will allow the EU to put in place an effective PNR system that fully respects fundamental rights and freedoms,” said Etienne Schneider, Luxembourg Deputy Prime Minister, Minister for Internal Security and President of the Council.
The aim of the directive is to regulate the transfer of PNR data of passengers on international flights from the airlines to the Member States and the processing of this data by the competent authorities. The directive stipulates that the collected PNR data may only be processed for the prevention, detection, investigation and prosecution of terrorist offenses and serious crime.
According to the new directive, air carriers are obliged to provide the authorities of the Member States with the PNR data for flights entering or leaving the EU. It will also enable Member States to collect PNR data on selected flights within the EU, without however making them mandatory. Each Member State has to set up a so-called passenger information unit, which receives the PNR data from the airlines.
The new rules create an EU standard for the use of such data and include provisions on:
the purposes for which PNR data can be processed in the context of law enforcement (assessment of passengers prior to arrival based on pre-defined risk criteria or to identify specific persons; use in certain investigations / law enforcement measures; input when developing the risk assessment criteria);
the exchange of such data between Member States and between Member States and third countries;
Storage (data is initially stored for 6 months, then it is hidden and stored for a further period of four and a half years, with a strict procedure for access to the complete data);
common protocols and data formats for the transmission of the PNR data from the airlines to the passenger information units; and
strict safeguards with regard to the protection of privacy and personal data, including the role of national supervisory authorities and the mandatory appointment of a data protection officer in each passenger information unit.
background
PNR data is already stored in the airline’s reservation systems. They concern the information that passengers provide to airlines when booking a flight and when checking in on flights. PNR data includes name, travel dates, itinerary, ticket information, contact details, travel agent with which the flight was booked, means of payment used, seat number and baggage information.
The use of this data by Member States’ law enforcement authorities in certain cases is nothing new: different Member States already use PNR data for law enforcement purposes, either on the basis of specific legislation or on the basis of general legal powers. The collection and use of PNR data has been crucial in the fight against certain cross-border crimes, such as drug trafficking in people or children. However, there is still no EU-wide common approach.
The United Kingdom and Ireland have subscribed to this directive. Denmark does not participate.
Next Steps
Parliament’s Committee on Civil Liberties, Justice and Home Affairs is expected to vote soon.
After a legal and linguistic revision, the directive will then be submitted to the European Parliament for a vote at first reading and to the Council for adoption.
Once adopted, Member States will have two years to put into force the laws, regulations and administrative provisions necessary to comply with this Directive.
Press contacts
Joaquin Nogueroles Garcia
Press officer
+32 22812074
+32 473854991
