A few days before the European Parliament breaks for summer, the Committee on Civil Liberties, Justice and Home Affairs will be voting on the all-important law introducing EU-wide rules for collecting and processing the data of air passengers. The EPP Group's chief negotiator, MEP Axel Voss, has worked hard to rally MEPs from different groups behind a compromise put forward by Rapporteur Timothy Kirkhope. Some Member States already collect and process the data of air passengers but on 15 July MEPs will be voting on whether they want to have an EU PNR system or not.
What is PNR?
Passenger Name Record or PNR data is the ‘information provided by passengers during the reservation and booking of tickets, and when checking in on flights, as well as collected by air carriers for their own commercial purposes’. The system contains a variety of information, such as travel dates, travel itinerary, ticket information, contact details, travel agent through which the flight was booked, payment method, seat number and baggage information. All different types of data are stored in the airlines' reservation and departure control databases.
One very important benefit of a PNR system is that it helps massively in the fight against terrorism and organised crime. Travel information gathered by carriers can be employed as an important tool for law enforcement authorities to prevent, detect and investigate crime and prosecute perpetrators. PNR data has been used manually for almost 60 years by customs and law enforcement authorities; however, technological developments have allowed for a more systematic usage of PNR data for law enforcement purposes.
What Member States already have a national PNR system?
The UK and Denmark already have their own national PNR systems. But because of the global nature of terrorism, it is absolutely necessary to have a harmonised PNR system across the EU, with bilateral agreements with other big countries like the US, Australia, Mexico and many other countries, who have been pleading with the EU to have these agreements for some time now. Many other EU countries are in the process of setting up their own national PNR systems.
What are PNR data mainly used for?
PNR data can be used in three ways:
- pro-actively: to establish general objective 'assessment criteria' for which passengers should be subject to additional checks before or upon arrival (e.g., passengers travelling on a particular route which an analysis of PNR data shows is particularly likely to be used by drug traffickers);
- real-time: to check the PNR data against such objective assessment criteria prior to the arrival or departure of passengers and against databases of persons and objects sought, to prevent crimes being committed;
- reactively: after a crime has been committed to facilitate the investigation, prosecution, and unravelling of criminal networks.
The EPP Group approach to PNR is to create a system that provides more security on the one hand and also, on the other, a high level of protection of privacy and personal data compared to other countries.
The United States and Australia have signed bilateral PNR agreements with the EU and currently oblige EU air carriers to make PNR data available for all persons who fly to and from these countries. The experience of those countries, and of the Member States that use PNR data, suggest that PNR data could very much contribute to the fight against serious crime and terrorism.
How would an EU PNR system work if the current compromise carries the day?
PNR data is recorded in electronic systems by airlines and travel agents when passengers book flights. Kirkhope’s proposal requires each Member State to collect and process the PNR data of passengers entering or departing the EU to countries outside of the Union. Air carriers in the EU would be required to send the PNR data in their reservation systems to the competent authorities of the Member State it operates the flight from or to. This data would be retained for a short period of time and enable law enforcement authorities to compare them with other existing files, as well as analysing the data in order to identify previously 'unknown' persons.
If this compromise is approved by MEPs, PNR data would be retained for 30 days after the flight, and be kept in a dedicated unit in the Member State of arrival or departure. Member States must then make the data anonymous, and retain it that way for five years. The anonymous PNR data can be re-personalised only under very strict conditions, i.e. on a case-by-case basis where there is a person suspected of serious crime or terrorist offence in a specific criminal investigation.