Europe Approves Air Passenger Data Sharing Law

Europe approves new system to gather data on all aeroplane passengers travelling to and from the EU

The European Parliament has approved new legislation today that will allow law enforcement officials to gather even more data on airline passengers flying into and out of the European Union.

The development comes amid growing tensions about the privacy of personal data, and the rejection by European data watchdogs, of a new data sharing agreement with the United States.

PNR Bill

Flights delay plane - Shutterstock - © Oleg V. IvanovAt the moment, passenger data (Passenger Name Record or PNR) is already gathered by airlines, but the new legislation comes in light of the growing threat of terrorist attacks in European cities, as evidenced by the recent atrocities in Paris and Brussels.

The new legislation however will set out detailed rules for law enforcement officials when they want to access it to help with a serious crime.

The idea is that PNR data, which includes names, contact details, itinerary, passport details and the credit card used for payment and baggage information, will be available in each European county. The law will see the setup of Passenger Information Units (PIUs) in each EU member state, where PNR data will be stored.

And the airlines themselves will no longer will responsible for the processing of this data when it is passed onto law enforcement for specific crimes including terrorism, trafficking in drugs, people or weapons; cybercrime; and sexual exploitation of children.

In September last year, Europe’s data protection watchdog criticised the PNR bill, calling the measure unreasonable and unjustified.

European data protection supervisor Giovanni Buttarelli said at the time that the bill was overly broad, and argued that security forces have presented no justification for the necessity of “massive, non-targeted and indiscriminate collection of passengers’ personal information”.

Privacy Safeguards?

But the authors of the bill feel they have struck the right balance between the need for privacy and the requirements of law enforcement.

The new law also aims to reduce the chance of racial profiling, as the processing of race or ethnic origin, religion, political opinion, trade union membership, health or sexual life, will not be allowed. And if they PIU gathers this type of information, it will be required to delete it.

The man in charge of the PNR issue is UK Conservative MEP Timothy Kirkhope. He told the BBC that typically the information gathered from an individual was “much less than, say, when you open a clubcard account with a local supermarket”.

And strict EU data protection laws means that there is no automatic data transfer from PIUs. When a transfer does take place, it will have to be in order to “combat serious crime”, and handled by “highly trained operatives”, Kirkhope told the BBC.

Kirkhope reportedly said it was important for the EU to establish “common high standards” on data exchanges and privacy, “so we don’t end up with a piecemeal arrangement”.

This is also not the first time that European authorities have attempted to create such a system. Back in 2007, a European-wide PNR system was proposed but failed to become reality because of privacy concerns. The Paris and Brussels terrorist attacks have now changed legislator minds.

It should be noted that the United Kingdom already such as a system in place, and France and Italy are reportedly developing their own systems. The new PNR scheme will see the participation of all 28 nation states that form the European Union.

And it should be remembered that this PNR data is already shared with other countries that have PNR exchange agreements with the EU. These countries include the United States, Canada and Australia.

A similar deal is being negotiated with Mexico.

Are you a security pro? Try our quiz!