BETA

108 Amendments of Josef WEIDENHOLZER related to 2011/0023(COD)

Amendment 56 #
Proposal for a directive
Title 1
Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and seriouscertain types of serious transnational crime
2015/04/20
Committee: LIBE
Amendment 70 #
Proposal for a directive
Recital 5
(5) PNR data are necessarycan help to effectively prevent, detect, investigate and prosecute terrorist offences and seriouscertain types of serious transnational crime and thus enhance internal security.
2015/04/20
Committee: LIBE
Amendment 81 #
Proposal for a directive
Recital 6
(6) PNR data help can help law enforcement authorities prevent, detect, investigate and prosecute seriouscertain types of serious transnational crimes, including acts of terrorism, by comparing them with various databases of persons and objects sought, to construct evidence and, where relevant, to find associates of criminals and unravel criminal networks.
2015/04/20
Committee: LIBE
Amendment 88 #
Proposal for a directive
Recital 7
(7) PNR data may enable law enforcement authorities to identify persons who were previously ‘unknown’, i.e. persons previously unsuspected of involvement in seriouscertain types of serious transnational crime and terrorism, but whom an analysis of the data suggests may be involved in such crime and who should therefore be subject to further examination by the competent authorities. By using PNR data law enforcement authorities can address the threat of serious crime and terrorism from a different perspective than through the processing of other categories of personal data. However, in order to ensure that the processing of data of innocent and unsuspected persons remains as limited as possible, the aspects of the use of PNR data relating to the creation and application of assessment criteria should be further limited to serious crimes that are also transnational in nature, i.e. are intrinsically linked to travelling and hence the type of the data being processed.
2015/04/20
Committee: LIBE
Amendment 96 #
Proposal for a directive
Recital 8
(8) The processing of personal data must be proportionate and necessary to the specific security goal pursued by this Directive.
2015/04/20
Committee: LIBE
Amendment 103 #
Proposal for a directive
Recital 9
(9) The use of PNR data together with Advance Passenger Information data in certain cases hasmay have added value in assisting Member States in verifying the identity of an individual and thus reinforcing their law enforcement value.
2015/04/20
Committee: LIBE
Amendment 110 #
Proposal for a directive
Recital 10
(10) To prevent, detect, investigate and prosecute terrorist offences and seriouscertain types of serious transnational crime, it is therefore essential that all Member States introduce provisions laying down obligations on air carriers operating international flights to or from the territory of the Member States of the European Union.
2015/04/20
Committee: LIBE
Amendment 117 #
Proposal for a directive
Recital 11 a (new)
(11a) Member States should bear the costs of use, retention and exchange of PNR data.
2015/04/20
Committee: LIBE
Amendment 119 #
Proposal for a directive
Recital 12
(12) The definition of terrorist offences should be taken from Articles 1 to 4 of Council Framework Decision 2002/475/JHA on combating terrorism37. The definition of serous crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA of 13 June 2002 on the European Arrest Warrant and the surrender procedure between Member States38. However, Member States may exclude those minor offences for which, taking into account their respective criminal justice system, the processing of PNR data pursuant to this directive would not be in line with the principle of proportionality. The definition of serious transnational crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA and the United Nations Convention on Transnational Organised Crime. __________________ 38 OJ L 190, 18.7.2002, p. 1. 37 OJ L 164, 22.6.2002, p. 3. Decision as amended by Council Framework Decision 2008/919/JHA of 28 November 2008 (OJ L 330, 9.1.2.2008, p. 21).
2015/04/20
Committee: LIBE
Amendment 137 #
Proposal for a directive
Recital 14
(14) The contents of any lists of required PNR data to be obtained by the Passenger Information Unit should be drawn up with the objective of reflecting the legitimate requirements of public authorities to prevent, detect, investigate and prosecute terrorist offences or seriouscertain types of serious transnational crime, thereby improving internal security within the Union as well as protecting the fundamental rights of citizens, notably privacy and the protection of personal data. Such lists should not contain any sensitive personal data that could revealrevealing a person's raciale or ethnic origin, political opinions, religiousn or philosophical beliefs, sexual orientation or gender identity, trade union membership orand activities, and the processing of biometric data or of data concerning health or sexual life of the individual concerned. The PNR data should contain details on the passenger's reservation and travel itinerary which enable competent authorities to identify air passengers representing a threat to internal security.
2015/04/20
Committee: LIBE
Amendment 145 #
Proposal for a directive
Recital 17
(17) The Member States should take all necessary measures to enable air carriers to fulfil their obligations under this Directive. Dissuasive, effective and proportionate penalties, including financial ones, should be provided for by Member States against those air carriers failing to meet their obligations regarding the transfer of PNR data and the protection of these data. Where there are repeated serious infringements which might undermine the basic objectives of this Directive, these penalties may include, in exceptional cases, measures such as the immobilisation, seizure and confiscation of the means of transport, or the temporary suspension or withdrawal of the operating licence.
2015/04/20
Committee: LIBE
Amendment 148 #
Proposal for a directive
Recital 18
(18) Each Member State should be responsible for assessing the potential threats related to terrorist offences and seriouscertain types of serious transnational crime.
2015/04/20
Committee: LIBE
Amendment 155 #
Proposal for a directive
Recital 19
(19) Taking fully into consideration the right to the protection of personal data and the right to non-discrimination, no decision that produces an adverse legal effect on a person or seriously affects him/her should be taken only by reason of the automated processing of PNR data. Moreover, no such decision should be taken by reason of a person's race or ethnic origin, political opinions, religiousn or philosophical beliefs, political opinion, trade union membership,sexual orientation or gender identity, trade union membership and activities, and the processing of biometric data or of data concerning health or sexual life.
2015/04/20
Committee: LIBE
Amendment 160 #
Proposal for a directive
Recital 20
(20) Member States should share with other Member States the PNR data that they receive where such transfer is necessary for the prevention, detection, investigation or prosecution of terrorist offences or certain types of serious crime. The provisions of this Directive should be without prejudice to other Union instruments on the exchange of information between police and judicial authorities, including Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police Office (Europol)39 and Council Framework Decision 2006/960/JHA of 18 September 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union40 . Such exchange of PNR data between law enforcement and judicial authorities should be governed by the rules on police and judicial cooperation. __________________ 39 40OJ L 121, 15.5.2009, p. 37. OJ L 121, 15.5.2009, p. 37. 40 OJ L 386, 29.12.2006, p. 89. OJ L 386, 29.12.2006, p. 89.
2015/04/20
Committee: LIBE
Amendment 177 #
Proposal for a directive
Recital 23
(23) The processing of PNR data domestically in each Member State by the Passenger Information Unit and by competent authorities should be subject to a standard of protection of personal data under their national law which is in line with Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed the European data protection acquis, including the framework of police and judicial cooperation in criminal matters41 (‘Framework Decision 2008/977/JHA’)specific data protection requirements set out in this Directive. __________________ 41 OJ L 350, 30.12.2008, p. 60.
2015/04/20
Committee: LIBE
Amendment 179 #
Proposal for a directive
Recital 24
(24) Taking into consideration the right to the protection of personal data, the rights of the data subjects to processing of their PNR data, such as the right of access, the right of rectification, erasure and blocking, as well as the rights to compensation and judicial remedies, should be in line with Framework Decision 2008/977/JHA.deleted
2015/04/20
Committee: LIBE
Amendment 186 #
Proposal for a directive
Recital 25
(25) Taking into account the right of passengers to be informed of the processing of their personal data, Member States should ensure they are provided with accurate information that is easily accessible and easy to understand about the collection of PNR data and their transfer to the Passenger Information Unit.
2015/04/20
Committee: LIBE
Amendment 188 #
Proposal for a directive
Recital 26
(26) Transfers of PNR data by Member States to third countries should be permitted only on a case-by-case basis and in compliance with Framework Decision 2008/977/JHA, on the basis of an international agreement between the Union and the third country. To ensure the protection of personal data, such transfers should be subject to additional requirements relating to the purpose of the transfer, the quality of the receiving authority and the safeguards applicable to the personal data transferred to the third country. If the national supervisory authority finds the transfer to a third country in breach of any of the principles referred to in this Directive, the national supervisory authority should have the right to suspend the data flow to that third country.
2015/04/20
Committee: LIBE
Amendment 195 #
Proposal for a directive
Recital 27
(27) The national supervisory authority that has been established in implementation of Framework Decision 2008/977/JHA should also be responsible for advising on and monitoring of the application and implementation of the provisions of this Directive.
2015/04/20
Committee: LIBE
Amendment 201 #
Proposal for a directive
Recital 28
(28) This Directive does not affect the possibility for Member States to provide, under their domestic law, for a system of collection and handling of PNR data for purposes other than those specified in this Directive, or from transportation providers other than those specified in the Directive, regarding internal flights subject to compliance with relevant data protection provisions, provided that such domestic law respects the Union acquis. The issue of the collection of PNR data on internal flights should be the subject of specific reflection at a future date.deleted
2015/04/20
Committee: LIBE
Amendment 205 #
Proposal for a directive
Recital 28 a (new)
(28a) PNR data may not be processed for purposes outside the purpose limitation.
2015/04/20
Committee: LIBE
Amendment 213 #
Proposal for a directive
Recital 31
(31) This Directive respects the fundamental rights and the principles of the Charter of Fundamental Rights of the European Union, in particular the right to the protection of personal data, the right to privacy and the right to non-discrimination as protected by Articles 8, 7 and 21 of the Charter and has to be implemented accordingly. The Directive is compatible with data protection principles and its provisions are in line with the Framework Decision 2008/977/JHA. Furthermore, and in order to comply with the proportionality principle, the Directive, on specific issues, will have stricter rules on data protection than the Framework Decision 2008/977/JHA.
2015/04/20
Committee: LIBE
Amendment 219 #
Proposal for a directive
Recital 32
(32) In particular, the scope of the Directive is as limited as possible, it allows retention of PNR data for period of time not exceeding 51 years, after which the data must be deleted, the data must be anonymisedmasked out after a very short period, the collection and use of sensitive data is prohibited. In order to ensure efficiency and a high level of data protection, Member States are required to ensure that an independent national supervisory authority is responsible for advising and monitoring how PNR data are processed. All processing of PNR data must be logged or documented for the purpose of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of the data processing. Member States must also ensure that passengers are clearly and precisely informed about the collection of PNR data and their rights.
2015/04/20
Committee: LIBE
Amendment 229 #
Proposal for a directive
Article 1 – paragraph 1
1. This Directive provides conditions for the transfer by air carriers of Passenger Name Record data of passengers of international flights to and from the Member States, as well as the processiflights between the Union and third countries, as well as the use, retention and exchange of that data, including its collection, use and retention by the Member States and its exchange between them by Member States.
2015/04/20
Committee: LIBE
Amendment 233 #
Proposal for a directive
Article 1 – paragraph 1 a (new)
1a. This Directive shall not apply to flights within the territory of the Union or the means of transport other than airplanes.
2015/04/20
Committee: LIBE
Amendment 234 #
Proposal for a directive
Article 1 – paragraph 1 b (new)
1b. The PNR data that is collected pursuant to this Directive may not be used for border control purposes.
2015/04/20
Committee: LIBE
Amendment 242 #
Proposal for a directive
Article 1 – paragraph 2 – introductory part
2. The PNR data collected in accordance with this Directive may be processed only for the following purposes: (a) The prevention, detection, investigation and prosecution of terrorist offences and serious crime according to Article 4(2)(b) and (c); and (b) The prevention, detection, investigation and prosecution of terrorist offences and serious transnational crimecertain types of serious transnational crime as defined in point (i) of Article 2 and according to Article 4(2)(a) and (d).. deleted deleted
2015/04/20
Committee: LIBE
Amendment 275 #
Proposal for a directive
Article 2 – paragraph 1 – point h
(h) ’serious crime’ means the offences under national law referred to in Article 2(2) of Council Framework Decision 2002/584/JHA if they are punishable by a custodial sentence or a detention order for a maximum period of at least three years under the national law of a Member State, however, Member States may exclude those minor offences for which, taking into account their respective criminal justice system, the processing of PNR data pursuant to this directive would not be in line with the principle of proportionality;deleted
2015/04/20
Committee: LIBE
Amendment 286 #
Proposal for a directive
Article 2 – paragraph 1 – point i – introductory part
(i) ‘serious transnational crime’ means the following offences under national law referred to in Article 2(2) of Council Framework Decision 2002/584/JHA if they are punishable by a custodial sentence or a detention order for a maximum period of at least three years under the national law of a Member State, and: trafficking in human beings, sexual exploitation of children, illicit trafficking in narcotic drugs, illicit trafficking in weapons and illicit trafficking in munition and explosives if :
2015/04/20
Committee: LIBE
Amendment 306 #
Proposal for a directive
Article 3 – paragraph 1
1. Each Member State shall set up or designate an authority competent for the prevention, detection, investigation or prosecution of terrorist offences and seriouscertain types of serious transnational crime or a branch of such an authority to act as its 'Passenger Information Unit' responsible for conducting risk assessments in accordance with Article 4 as well as collecting PNR data from the air carriers, storing them, analysing them and transmitting the result of the analysis to the competent authorities referred to in Article 5. Its staff members may be seconded from competent public authorities.
2015/04/20
Committee: LIBE
Amendment 309 #
Proposal for a directive
Article 3 – paragraph 1 a (new)
1a. The Passenger Information Unit is responsible for the exchange of PNR data or the results of the processing of such data with the Passenger Information Units of other Member States in accordance with Article 7, as well as inserting the alerts to the Schengen Information System in accordance with Article 7(1).
2015/04/20
Committee: LIBE
Amendment 315 #
Proposal for a directive
Article 3 – paragraph 1 b (new)
1b. All members of the Passenger Information Unit who have access to PNR data shall have had received specifically tailored training on processing of PNR data in full compliance with data protection principles and fundamental rights.
2015/04/20
Committee: LIBE
Amendment 317 #
Proposal for a directive
Article 3 – paragraph 1 c (new)
1c. The activities specified for in Article 9a(new)(4) shall only be carried out by specifically designated personnel of the Passenger Information Unit.
2015/04/20
Committee: LIBE
Amendment 329 #
Proposal for a directive
Article 3 a (new)
Article 3a Data Protection Officer 1. Member States shall provide that the head of the public authority responsible for monitoring the application of the provisions adopted pursuant to this Directive and for contributing to their consistent application throughout the Union, appoints a Data Protection Officer within the Passenger Information Unit. 2. Member States shall provide that the data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and ability to fulfil the tasks referred to in this Directive. 3. Member States shall provide that the Data Protection Officer shall be responsible: (a) to raise awareness, to inform and advise the members of the Passenger Information Unit of their obligations in accordance with the data protection provisions adopted pursuant to this Directive, in particular with regard to technical and organisational measures and procedures; (b) to monitor the implementation and application of the policies in relation to the protection of personal data, including the assignment of responsibilities, the training of staff involved in the processing operations and the related audits; (c) to monitor the implementation and application of the data protection provisions adopted pursuant to this Directive, in particular as to the requirements related to data protection by design, data protection by default and data security and to the information of data subjects and their requests in exercising their rights under the provisions adopted pursuant to this Directive; (d) to ensure compliance with the data protection provisions adopted pursuant to this Directive, in particular, through conducting random sampling of data processing operations; (e) to ensure that the documentation referred to in Articles 11f (new) and 11g (new) is maintained; (f) to monitor the documentation, notification and communication of personal data breaches pursuant to Articles 11l (new) and 11m (new); (g) to monitor the response to requests from the supervisory authority, and to co- operate with the supervisory authority at the latter's request or on his/her own initiative, especially on matters relating to data transfers to other Member States or to third countries; (h) to act as the contact point for the supervisory authority on issues related to the processing of PNR data and to consult with the supervisory authority, if appropriate, on his/her own initiative. 4. Member States shall provide that the data protection officer is properly and in a timely manner involved in all issues which relate to the protection of personal data within the Passenger Information Unit. 5. Member States shall ensure that the data protection officer is provided with the means to perform his/her duties and tasks referred to in this Article effectively and independently, and does not receive any instructions as regards to the exercise of the function. 6. Member States shall provide that any other professional duties of the data protection officer are compatible with that person's tasks and duties as data protection officer and do not result in a conflict of interests. 7. Member States shall provide the data subject with the right to contact the data protection officer, as a single point of contact, on all issues related to the processing of his or her PNR data. 8. Member States shall provide that the name and contact details of the data protection officer are communicated to the supervisory authority and to the public.
2015/04/20
Committee: LIBE
Amendment 331 #
Proposal for a directive
Article 4 – paragraph 1
1. The PNR data transferred by the air carriers, pursuant to Article 6, in relation to international flights which land on or depart from the territory of each Member State shall be collected by the Passenger Information Unit of the relevant Member State. Should the PNR data transferred by air carriers include data beyond those listed in the Annex, the Passenger Information Unit shall delete such data immediately upon receipt. Member States shall adopt the necessary measures to ensure that their Passenger Information Unit may request air carriers in accordance with Article 6 to: (a) transfer (‘push’) all PNR data of all passengers arriving or departing from that Member state in an anonymised format; (b) transfer (‘push’) specific PNR data of an individual linked to a name, contact detail or payment method linked to a specific case of prevention, detection, investigation or prosecution of a terrorist offence or a specific serious transnational crime; (c) transfer (‘push’) PNR data of all passengers on specific flights where a risk assessment of the Passenger Information Unit has proven a high concrete risk that persons linked to a specific case of prevention, detection, investigation or prosecution of a terrorist offence or a specific serious transnational crime are travelling on those flights.
2015/04/20
Committee: LIBE
Amendment 340 #
Proposal for a directive
Article 4 – paragraph 1 a (new)
1a. The anonymised PNR data as referred to in paragraph 1(a) transferred by air carriers shall be collected by the Passenger Information Units for the purpose of conducting risk assessments on particular flights and connecting flights as well as for the purpose of updating or creating new criteria for carrying out assessments in order to identify any persons who may be involved in a terrorist offence or a certain type of serious transnational crime pursuant to point (i) of Article 2.
2015/04/20
Committee: LIBE
Amendment 342 #
Proposal for a directive
Article 4 – paragraph 1 b (new)
1b. A request pursuant to subparagraphs 1 (b) and (c) shall be subject to prior authorisation by a judicial authority and subject to a quarterly judicial review. The specification referred to in subparagraph 1 (c) may be temporal, geographical or both.
2015/04/20
Committee: LIBE
Amendment 345 #
Proposal for a directive
Article 4 – paragraph 2 – point a
(a) carrying out an assessment of the passengers prior to their scheduled arrival or departure from the Member State in order to identify any persons who may be involved in a terrorist offence or a certain type of serious transnational crime and who require further examination by the competent authorities referred to in Article 5. In carrying out such an assessment, the Passenger Information Unit may process PNR data against pre-determined criteria in line with the requirement set out in paragraph 3. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated meansand subject to human intervention by a member of the Passenger Information Unit in order to verify whether the competent authority referred to in Article 5 needs to take action;
2015/04/20
Committee: LIBE
Amendment 361 #
Proposal for a directive
Article 4 – paragraph 2 – point b
(b) carrying out an assessment of the passengers prior to their scheduled arrival or departure from the Member State in order to identify any persons who may be involved in a terrorist offence or seriousa type of serious transnational crime and who require further examination by the competent authorities referred to in Article 5. In carrying out such an assessment the Passenger Information Unit may compare PNR data against relevant databases, including international or national databases or national mirrors of Unionnational databases, where they are established on the basis of Union law, on persons or objects sought or under alert, in accordance with Union, international and national rules applicable to such filesdata bases. In carrying out such an assessment the Passenger Information Unit may compare PNR data against the Schengen Information System and the Visa Information System. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated meansand subject to human intervention by a member of the Passenger Information Unit in order to verify whether the competent authority referred to in Article 5 needs to take action; and
2015/04/20
Committee: LIBE
Amendment 363 #
Proposal for a directive
Article 4 – paragraph 2 – point c
(c) responding, on a case-by-case basis, to duly reasoned requests from competent authorities to provide PNR data and process PNR data in specific cases for the purpose of prevention, detection, investigationin accordance with Article 4a (new) and pfrosecution of a terrorist offence or serious crime, and to provide the competent authorities with the results of such processing; andm Passenger Information Units from other Member States in accordance with Article 7.
2015/04/20
Committee: LIBE
Amendment 374 #
Proposal for a directive
Article 4 – paragraph 2 – point d
(d) analysing PNR data for the purpose of updating or creating new criteria for carrying out assessments in order to identify any persons who may be involved in a terrorist offence or serious transnational crime pursuant to point (a).deleted
2015/04/20
Committee: LIBE
Amendment 377 #
Proposal for a directive
Article 4 – paragraph 3
3. The assessment of the passengers prior to their scheduled arrival or departure from the Member State referred to in point (a) of paragraph 2 shall be carried out in a non- discriminatory manner on the basis of assessment criteria established by its Passenger Information Unit. These assessment criteria must be targeted, specific, justified, proportionate and fact- based. Member States shall ensure that the assessment criteria are set by the Passenger Information Units, in cooperation with the competent authorities referred to in Article 5 and regularly reviewed. The regular review shall involve the Data Protection Officer and ensure that the assessment criteria remain targeted, specific, justified, proportionate and fact-based. The assessment criteria shall in no circumstances be based on data revealing a person's race or ethnic origin, political opinions, religiousn or philosophical beliefs, political opinion, trade union membership, health or sexual life. sexual orientation or gender identity, trade union membership and activities, and the processing of biometric data or of data concerning, health or sex life. The assessment shall in any case not be based solely on automated processing and allow for human intervention on every criteria.
2015/04/20
Committee: LIBE
Amendment 397 #
Proposal for a directive
Article 4 – paragraph 4 a (new)
4a. The Data Protection Officer shall have access to all data transmitted to the Passenger Information Unit and from the Passenger Information Unit to a competent authority pursuant to Article 5. If the Data Protection Officer considers that transmission of any data was not lawful, he/she shall refer the matter to the Supervisory Authority, who shall have the power to order the receiving competent authority to erase the data.
2015/04/20
Committee: LIBE
Amendment 400 #
Proposal for a directive
Article 4 – paragraph 4 b (new)
4b. The storage, processing and analysis of PNR data shall be carried out exclusively within the territory of the Union. The law applicable to these procedures shall therefore be Union law on personal data protection.
2015/04/20
Committee: LIBE
Amendment 401 #
Proposal for a directive
Article 4 – paragraph 4 c (new)
4c. Member States shall bear the costs of use, retention and exchange of PNR data.
2015/04/20
Committee: LIBE
Amendment 406 #
Proposal for a directive
Article 4 a (new)
Article 4a Conditions for access to PNR data by competent authorities 1. The competent authorities referred to in Article 5 may submit, on a case-by-case basis, an electronic and duly reasoned request to the Passenger Information Unit for the transmission of specific PNR data or the results of the processing of specific PNR data, when this is strictly necessary for the purpose of prevention, detection, investigation or prosecution of a specific terrorist offence or a certain type of serious transnational crime. The request for such data may be based on any one or a combination of the PNR data elements set out in the Annex. The reasoned request shall set out reasonable grounds to consider that the transmission of PNR data or the results of the processing of PNR data will substantially contribute to the prevention, detection, investigation or prosecution of the criminal offence in question. 2. Prior to the transmission of PNR data or of the results of the processing of PNR data from the Passenger Information Unit to a competent authority in reply to a request made in accordance with paragraph 1, a court or an independent administrative body shall verify, in a timely manner, whether all the conditions set out in paragraph 1 are fulfilled. 3. In an exceptional case of urgency where there is need to prevent an immediate and serious threat to public security associated with a terrorist offence or a type of serious transnational crime, the Passenger Information Unit may transmit the PNR data or the results of the processing of PNR data immediately upon receipt of a request by a competent authority. In such an exceptional case of urgency, a court or an independent administrative body may only verify ex- post whether all the conditions set out in paragraph 1 are fulfilled, including whether an exceptional case of urgency actually existed. The ex-post verification shall take place without undue delay after the processing of the request. 4. Where an ex-post verification in accordance with paragraph 3 determines that the transfer of PNR data or the results of the processing of PNR data was not justified, all the authorities that have received such data shall erase the information communicated by the Passenger Information System. 5. Paragraphs 1 to 4 shall also apply when a competent authority referred to in Article 5 submits an electronic and duly reasoned request to the Passenger Information Unit of its Member State in order to request the transmission of PNR data or the results of the processing of PNR data from a Passenger Information Unit of another Member State in accordance with Article 7, or from a third country in accordance with Article 8. 6. The decision for transfers pursuant to paragraphs 3 and 5 shall be made by the head of Passenger Information Unit to which the request was made. The Data Protection Officer shall be informed each time a transfer is made pursuant to this Article and he/she shall inform the supervisory authority of such transfers.
2015/04/20
Committee: LIBE
Amendment 413 #
Proposal for a directive
Article 5 – paragraph 1
1. Each Member State shall adopt a list of the competent authorities entitled to request or receive PNR data or the result of the processing of PNR data from the Passenger Information Units in order to examine that information further or take appropriate action for the purpose of preventing, detecting, investigating and prosecuting terrorist offences and seriouscertain types of serious transnational crime.
2015/04/20
Committee: LIBE
Amendment 423 #
Proposal for a directive
Article 5 – paragraph 2
2. Competent authorities shall consist of authorities competent for the prevention, detection, investigation or prosecution of terrorist offences and seriouscertain types of serious transnational crime.
2015/04/20
Committee: LIBE
Amendment 426 #
Proposal for a directive
Article 5 – paragraph 3
3. Each Member State shall notify the list of its competent authorities to the Commission twelve months after entry into force of this Directive at the latest, and mayshall at any time update its declaration to ensure the list is up-to-date. The Commission shall publish this information, as well as any updates, in the Official Journal of the European Union.
2015/04/20
Committee: LIBE
Amendment 431 #
Proposal for a directive
Article 5 – paragraph 4
4. The PNR data of passengers and the result of the processing of PNR data received by the Passenger Information Unit may be further processed by the competent authorities of the Member States only for the purpose of preventing, detecting, investigating or prosecuting the specific terrorist offences or serious crimetype of serious transnational crime for which it was requested.
2015/04/20
Committee: LIBE
Amendment 437 #
Proposal for a directive
Article 5 – paragraph 6
6. The competent authorities shall not take any decision that produces an adverse legal effect on a person or significantly affects a person only by reason of the automated processing of PNR data. Such decision shall always include human assessment. Such decisions shall not be taken on the basis of data revealing a person's race or ethnic origin, political opinions, religious or philosophical beliefs, political opinion, trade union membership,sexual orientation or gender identity, trade union membership and activities, and the processing of biometric data or of data concerning health or sexual life.
2015/04/20
Committee: LIBE
Amendment 445 #
Proposal for a directive
Article 6 – paragraph -1
-1. Member States shall adopt the necessary measures to ensure that air carriers transfer ('push') anonymised PNR data pursuant to Article 4 (a), to the extent that such data are already collected by them in their normal course of business, to the Passenger Information Unit.
2015/04/20
Committee: LIBE
Amendment 451 #
Proposal for a directive
Article 6 – paragraph 1
1. Member States shall adopt the necessary measures to ensure that air carriers transfer ('push') the specific PNR data as defined in Article 2(c) and specified in the Annexpursuant to Article 4 (b) and (c) , to the extent that such data are already collected by them, in their normal course of business to the database of the national Passenger Information Unit of thea Member State on the territory of which the international flight will land or from the territory of which the flight will depart. Where the flight is code-shared between one or more air carriers, the obligation to transfer the PNR data of all passengers on the flight shall be on the air carrier that operates the flight. Where the flight has one or more stop-overs at the airports of the Member States, air carriers shall transfer the PNR data to the Passenger Information Units of all the Member States concerned.
2015/04/20
Committee: LIBE
Amendment 459 #
Proposal for a directive
Article 6 – paragraph 2 – introductory part
2. Air carriers shall transfer PNR data by electronic means using the common protocols and supported data formats to be adopted in accordance with the procedure of Articles 13 and 14 or, in the event of technical failure, by any other appropriate means ensuring an appropriate level of data security:
2015/04/20
Committee: LIBE
Amendment 463 #
Proposal for a directive
Article 6 – paragraph 2 – point a – introductory part
(a) once 24 to 48 hours before the scheduled time for flight departure;
2015/04/20
Committee: LIBE
Amendment 467 #
Proposal for a directive
Article 6 – paragraph 2 – point b
(b) once immediately after flight closure, that is once the passengers have boarded the aircraft in preparation for departure and it is no longer possible for further passengers to board.
2015/04/20
Committee: LIBE
Amendment 472 #
Proposal for a directive
Article 6 – paragraph 3
3. Member States mayshall permit air carriers to limit the transfer referred to in point (b) of paragraph 2 to updates of the transfer referred to in point (a) of paragraph 2.
2015/04/20
Committee: LIBE
Amendment 479 #
Proposal for a directive
Article 6 – paragraph 4
4. On a case-by-case basis, upon request from a Passenger Information Unit in accordance with national law, air carriers shall transfer PNR data where access earlier than that mentioned in point (a) of paragraph 2 is necessary to assist in responding to a specific and actual threat related to a terrorist offences or seriousa certain type of serious transnational crime.
2015/04/20
Committee: LIBE
Amendment 486 #
Proposal for a directive
Article 7 – paragraph 1
1. Member States shall ensure that, with regard to persons identified by a Passenger Information Unit in accordance with Article 4(2)(a) and (b), the result of the processing of PNR data is transmitted without delay by that Passenger Information Unit to the Passenger Information Units of other Member States where the former Passenger Information Unit considers such transfer to be necessaryrelevant for the prevention, detection, investigation or prosecution of terrorist offences or seriouscertain types of serious transnational crime. The Passenger Information Units of the receiving Member States shall transmit such PNR data or the result of the processing of PNR data to their relevant competent authorities. Where appropriate, an alert shall be entered in accordance with Article 36 of the Schengen Information System.
2015/04/20
Committee: LIBE
Amendment 494 #
Proposal for a directive
Article 7 – paragraph 2
2. The Passenger Information Unit of a Member State shall have the right to request, if strictly necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter's database in accordance with Article 9(1), and, if necessary, also the result of the processing of PNR data. The request for such data may be based on any one or a combination of data elements as set out in the Annex, as deemed strictly necessary by the requesting Passenger Information Unit for a specific case of prevention, detection, investigation or prosecution of a terrorist offences or seriousa certain type of serious transnational crime. Passenger Information Units shall provide the requested data as soon as practicable using the common protocols and supported data formats and shall provide also the result of the processing of PNR data, if it has already been prepared pursuant to Article 4(2)(a) and (b).
2015/04/20
Committee: LIBE
Amendment 503 #
Proposal for a directive
Article 7 – paragraph 3
3. The Passenger Information Unit of a Member State shall have the right to request, if strictly necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter's database in accordance with Article 9(2), and, if necessary, also the result of the processing of PNR data. The Passenger Information Unit may request access to specific PNR data kept by the Passenger Information Unit of another Member State in their full form without the masking out only in exceptional circumstances in response to a specific threat or a specific investigation or prosecution related to a terrorist offences or serious crimea specific serious transnational crime. Such access to the full PNR data shall be permitted only with the approval of the Head of the Passenger Information Unit the request has been made to.
2015/04/20
Committee: LIBE
Amendment 511 #
Proposal for a directive
Article 7 – paragraph 4
4. Only in those cases where it is necessary for the prevention of an immediate and serious threat to public security may the competent authorities of a Member State request directly the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’s database in accordance with Article 9(1) and (2). Such requests shall relate to a specific investigation or prosecution of terrorist offences or serious crime and shall be reasoned. Passenger Information Units shall respond to such requests as a matter of priority. In all other cases the competent authorities shall channel their requests through the Passenger Information Unit of their own Member State.deleted
2015/04/20
Committee: LIBE
Amendment 525 #
Proposal for a directive
Article 7 – paragraph 5
5. Exceptionally, where early access is necessary to respond to a specific and actual threat related to a terrorist offences or seriousa specific serious transnational crime, the Passenger Information Unit of a Member State shall have the right to request the Passenger Information Unit of another Member State to provide it with PNR data of flights landing in or departing from the latter's territory at any time, should this data have been retained.
2015/04/20
Committee: LIBE
Amendment 533 #
Proposal for a directive
Article 7 – paragraph 6
6. Exchange of information under this Article mayshall take place using any existing channels for European and international law enforcement cooperation, in particular Europol and national units under Article 8 of Council Decision 2009/371/JHA of 6 April 2009. The language used for the request and the exchange of information shall be the one applicable to the channel used. Member States shall, when making their notifications in accordance with Article 3(3), also inform the Commission with details of the contacts to which requests may be sent in cases of urgency. The Commission shall communicate to the Member States the notifications received.
2015/04/20
Committee: LIBE
Amendment 547 #
Proposal for a directive
Article 8 – paragraph 1 – introductory part
A Member State may transfer PNR data and the results of the processing of PNR data to a third country, only on a case-by- case basis, only on the basis of an international agreement between the Union and that third country and if:
2015/04/20
Committee: LIBE
Amendment 552 #
Proposal for a directive
Article 8 – paragraph 1 – point a
(a) the conditions laid down in Article 13 of Council Framework Decision 2008/977/JHA are fulfilldeleted,
2015/04/20
Committee: LIBE
Amendment 569 #
Proposal for a directive
Article 8 – paragraph 1 – point b
(b) the transfer is strictly necessary for the purposes of this Directive specified in Article 1(2), and.
2015/04/20
Committee: LIBE
Amendment 579 #
Proposal for a directive
Article 8 – paragraph 1 – point c
(c) the third country agrees to transfer the data to another third country only where it is necessary for the purposes of this Directive specified in Article 1(2) and only with the express authorisation of the Member State.deleted
2015/04/20
Committee: LIBE
Amendment 596 #
Proposal for a directive
Article 8 – paragraph 1 a (new)
A Member State may transfer PNR data and the results of the processing of PNR data to a third country only if: (a) the third country receiving the data agrees not to transfer the PNR data and the results of the processing of PNR data to another country. (b) the third country submits a duly reasoned request to a competent authority referred to in Article 5 of the Member State concerned; (c) the reasoned request sets out reasonable grounds to consider that the transmission of the PNR data or the results of the processing of the PNR data will substantially contribute to the prevention, detection, investigation or prosecution of the terrorist offence or a serious transnational crime in question; and (d) a court verified, in a timely manner, that all conditions set out in paragraphs (a) and (e) are fulfilled.
2015/04/20
Committee: LIBE
Amendment 605 #
Proposal for a directive
Article 8 a (new)
Article 8a Derogations 1. Where an international agreement between the Union and a third country exists, PNR data may not be transferred to the third country in question if, in the case in question, the legitimate interests of the data subject in preventing any such transfer outweigh the public interest in transferring such data. 2. By way of derogation from Article 8, Member States shall provide that a transfer of personal data to a third country, where no international agreement exists, may take place only on condition that: (a) the transfer is necessary in order to protect the vital interests of the data subject or another person; or (b) the transfer of the data is essential for the prevention of an immediate and serious threat to public security of a Member State or a third country. 3. Any transfers of PNR data and the results of the processing of PNR data to a third country on the basis of this Article may take place only on condition that: (a) the third country submits a duly reasoned request to a competent authority referred to in Article 5 of the Member State concerned; (b) the reasoned request sets out reasonable grounds to consider that the transmission of the PNR data or the results of the processing of the PNR data will fulfil the condition set out in paragraph 2; and (c) a court verified, in a timely manner, that all conditions set out in paragraph 2 and subparagraphs 3(a) and 3(b) are fulfilled. 4. The decision for transfers pursuant to this Article shall be made by the Head of Passenger Information Unit to which the request was made. The Data Protection Officer shall be informed each time a transfer is made pursuant to this Article and he/she shall inform the supervisory authority of such transfers. 5. All transfers pursuant to this Article shall be documented and the documentation shall be made available to the supervisory authority on request, including the date and time of the transfer, information about the recipient authority, the justification for the transfer and the data transferred.
2015/04/20
Committee: LIBE
Amendment 613 #
Proposal for a directive
Article 9 – paragraph 1
1. Member States shall ensure that the PNR data provided by the air carriers, pursuant to Article 4(1), subparagraphs (b) and (c), to the Passenger Information Unit, are retained in a database at the Passenger Information Unit for a period of 302 days after their first transfer to the Passenger Information Unit of the first Member State on whose territory the international flight is landing or departing.
2015/04/20
Committee: LIBE
Amendment 626 #
Proposal for a directive
Article 9 – paragraph 2 – subparagraph 1
Upon expiry of the period of 302 days after the first transfer of the PNR data to the Passenger Information Unit referred to in paragraph 1, the data shall be retained at the Passenger Information Unit for a further period of fivone years. During this period, all data elements which could serve to identify the passenger to whom PNR data relate shall be masked out. Such anonymised PNR data shall be accessible only to a limited number of personnel of the Passenger Information Unit specifically authorised to carry out analysis of PNR data and develop assessment criteria according to Article 4(2)(d). Access to the full PNR data shall be permitted only by the Head of the Passenger Information Unit for the purposes of Article 4(2)(c) and where it could be reasonably believed that it is necessary to carry out an investigation and in response to a specific and actual threat or risk or a specific investigation or prosecutions shall be depersonalised through masking out in accordance with Article 9a (new).
2015/04/20
Committee: LIBE
Amendment 638 #
Proposal for a directive
Article 9 – paragraph 2 – subparagraph 2
For the purposes of this Directive, the data elements which could serve to identify the passenger to whom PNR data relate and which should be filtered and masked out are: – Name (s), including the names of other passengers on PNR and number of travellers on PNR travelling together; – Address and contact information; – General remarks to the extent that it contains any information which could serve to identify the passenger to whom PNR relate; and – Any collected Advance Passenger Information.deleted
2015/04/20
Committee: LIBE
Amendment 641 #
Proposal for a directive
Article 9 – paragraph 2 – subparagraph 2 – indent 1
– Name (s), including the names of other passengers on PNR and number of travellers on PNR travelling together;deleted
2015/04/20
Committee: LIBE
Amendment 643 #
Proposal for a directive
Article 9 – paragraph 2 – subparagraph 2 – indent 2
– Address and contact information;deleted
2015/04/20
Committee: LIBE
Amendment 651 #
Proposal for a directive
Article 9 – paragraph 2 – subparagraph 2 – indent 3
– General remarks to the extent that it contains any information which could serve to identify the passenger to whom PNR relate; andeleted
2015/04/20
Committee: LIBE
Amendment 656 #
Proposal for a directive
Article 9 – paragraph 2 – subparagraph 2 – indent 4
– Any coldelected Advance Passenger Information.
2015/04/20
Committee: LIBE
Amendment 668 #
Proposal for a directive
Article 9 – paragraph 4
4. The result of matching referred to in Article 4(2)(a) and (b) shall be kept by the Passenger Information Unit only as long as necessary to inform the competent authorities of a positive match. Where the result of an automated matching operation has, further to individual review by non- automated meanssubject to human intervention by a member of the Passenger Information Unit, proven to be negative, it shall, however, be stored so as to avoid future 'false' positive matches for a maximum period of threone years unless the underlying data have not yet been deleted in accordance with paragraph 3 at the expiry of the fivone years, in which case the log shall be kept until the underlying data are deleted.
2015/04/20
Committee: LIBE
Amendment 673 #
Proposal for a directive
Article 9 a (new)
Article 9a Depersonalisation of data 1. Upon expiry of the period of 2 days, specified in Article 9, all data elements which could serve to identify the passenger to whom PNR data relate, shall be depersonalised through masking at the user interface. For the purposes of this Directive, the data elements which could serve to identify the passenger to whom PNR data relate and which shall be filtered and depersonalised are: (a) name(s), including the names of other passengers on the PNR and number of travellers on the PNR travelling together; (b) address and contact information, including the IP address; (c) general remarks to the extent that it contains any information which could serve to identify the passenger to whom the PNR relate; and (d) any collected Advance Passenger Information. 2. The obligation to depersonalise data through masking in accordance with paragraph 1 shall be without prejudice to cases where the processing of PNR data in accordance with Article 4(2)(a) and (b) resulted in a positive match, in which case such data shall not be depersonalised through masking until it has been subject to human intervention by a member of the Passenger Information Unit in order to verify whether a competent authority referred to in Article 5 needs to take action. 3. PNR data depersonalised through masking in accordance with paragraph 1 shall only be accessible to a limited number of personnel of the Passenger Information Unit specifically authorised to carry out analysis of PNR data. This depersonalised PNR data shall only be accessible for the purposes of: (a) reviewing positive matches resulting from the automated processing of PNR data in accordance with Article 4(2)(a) and (b) through searches in depersonalised PNR data in order to verify whether the competent authority referred to in Article 5 needs to take action; (b) responding to a duly reasoned request for the transmission of PNR data submitted by a competent authority in accordance with Article 4a (new); 4. In a specific case of prevention, detection, investigation or prosecution of a terrorist offence or a certain type of serious transnational crime, the limited number of personnel of the Passenger Information Unit referred to in paragraph 3, may conduct searches in PNR data depersonalised through masking in accordance with paragraph 1 on the basis of any one or a combination of the data elements listed in the Annex. 5. Access to the full PNR data shall be permitted only by the Head of the Passenger Information Unit, and where it could be reasonably believed that it is strictly necessary to carry out an investigation and in response to a specific and actual threat or risk or a specific investigation or prosecution. 6. Prior to access to the full PNR data, a court shall verify, in a timely manner, whether all the conditions set out in paragraph 5 are fulfilled. 7. In an exceptional case of urgency where there is a need to prevent an immediate and serious threat to public security associated with a terrorist offence or a type of serious transnational crime, the Head of the Passenger Information Unit may immediately permit access to the full PNR data. In such an exceptional case of urgency, a court may only verify ex-post whether all the conditions set out in paragraph 5 are fulfilled, including whether an exceptional case of urgency actually existed. The ex-post verification shall take place without undue delay after the processing of the request. 8. Where an ex-post verification in accordance with paragraph 6 determines that the access to full PNR data was not justified, all the authorities that have received such data shall erase the information. 9. The Data Protection Officer shall be informed each time the Head of the Passenger Information Unit permits access to the full PNR data pursuant to this Article and he/she shall inform the supervisory authority of such access.
2015/04/20
Committee: LIBE
Amendment 685 #
Proposal for a directive
Article 11 – paragraph 1
1. Each Member State shall provide that, in respect of all processing of personal data pursuant to this Directive, every passenger shall have the same right to protection of their personal data, right to access, the right to rectification, erasure and blocking, the right to compensation and the right to judicial redress as those laid out in this Directive and adopted under Unational law in implementation of Articles 17, 18, 19 and 20 of the Council Framework Decision 2008/977/JHA. The provisions of Articles 17, 18, 19 and 20 of the Council Framework Decision 2008/977/JHA shall therefore be applicable. Member States shall ensure that the rights of the data subject laid down in Articles 11 a (new) to 11 m (new) of this Directive are fully respected.
2015/04/20
Committee: LIBE
Amendment 691 #
Proposal for a directive
Article 11 – paragraph 2
2. Each Member State shall provide that the provisions adopted under national law in implementation of Articles 21 and 22 of the Council Framework Decision 2008/977/JHA regarding confidentiality of processing and data security shall also apply to all processing of personal data pursuant to this Directive.
2015/04/20
Committee: LIBE
Amendment 699 #
Proposal for a directive
Article 11 – paragraph 3
3. AnyIn accordance with Article 11 a (new), Member States shall prohibit the processing of PNR data revealing a person’s race or ethnic origin, political opinions, religiousn or philosophical beliefs, political opinionsexual orientation or gender identity, trade -union membership, health or sexual life shall be prohibited. In the event that PNR data revealing such information are received by the Passenger Information Unit they shall be deleted immediately or activities, and the processing of biometric data or of data concerning health or sex life.
2015/04/20
Committee: LIBE
Amendment 710 #
Proposal for a directive
Article 11 – paragraph 5
5. Member States shall ensure that air carriers, their agents or other ticket sellers for the carriage of passengers on air service inform passengers of international flights at the time of booking a flight and at the time of purchase of a ticket in a clear and precise manner about the provision of PNR data to the Passenger Information Unit, the purposes of their processing, the period of data retention, their possible use to prevent, detect, investigate or prosecute terrorist offences and serious crime, the possibility of exchanging and sharing such data and their data protection rights,the Passenger Information Unit provides the data subject with at least the information laid down in paArticular the right to complain to a national data protection supervisory authority of their choice. The same information shall be made available by the Member States to the publicle 11 b (new).
2015/04/20
Committee: LIBE
Amendment 714 #
Proposal for a directive
Article 11 – paragraph 6
6. Any transfer of PNR data by Passenger Information Units and competent authorities to private parties in Member States or in third countries shall be prohibited.
2015/04/20
Committee: LIBE
Amendment 719 #
Proposal for a directive
Article 11 a (new)
Article 11a Processing of special categories of data 1. Member States shall prohibit the processing of PNR data revealing race or ethnic origin, political opinions, religion or philosophical beliefs, sexual orientation or gender identity, trade-union membership or activities, and the processing of biometric data or of data concerning health or sex life. 2. In the event that PNR data revealing such information are received by the Passenger Information Unit, they shall be deleted without delay. To that end, upon the receipt of PNR data from air carriers, Member States shall apply automated and manual controls to identify and delete sensitive data from PNR data obtained. 3. In order to identify and delete any sensitive data from PNR data retained, members of the Passenger Information Unit shall undertake manual checks before any further manual processing and prior to any transfer of PNR data to competent authorities in accordance with Article 4(2), to the Passenger Information Unit or another Member State in accordance with Article 7, or to a third country in accordance with Article 8.
2015/04/20
Committee: LIBE
Amendment 724 #
Proposal for a directive
Article 11 c (new)
Article 11c Right of access for the data subject Member States shall provide for the right of the data subject to obtain from the Passenger Information Unit a copy of the PNR data undergoing processing. Where the data subject makes the request in electronic form, the information shall be provided in electronic form, unless otherwise requested by the data subject.
2015/04/20
Committee: LIBE
Amendment 726 #
Proposal for a directive
Article 11 d (new)
Article 11d Right to rectification and completion 1. Member States shall provide for the right of the data subject to obtain from the Passenger Information Unit the rectification or the completion of personal data relating to him or her which are inaccurate or incomplete, in particular by way of a completing or corrective statement. 2. Member States shall provide that the Passenger Information Unit informs the data subject in writing, with a reasoned justification, of any refusal of rectification or completion, on the reasons for the refusal and on the possibilities of lodging a complaint with the supervisory authority and seeking a judicial remedy. 3. Member States shall provide that the Passenger Information Unit shall communicate any rectification carried out to each recipient to whom the data have been disclosed, unless to do so proves impossible or involves a disproportionate effort. 4. Member States shall provide that the Passenger Information Unit communicates the rectification of inaccurate personal data to the third party from whom the inaccurate personal data originate.
2015/04/20
Committee: LIBE
Amendment 727 #
Proposal for a directive
Article 11 e (new)
Article 11e Right to erasure 1. Member States shall provide for the right of the data subject to obtain from the Passenger Information Unit the erasure of personal data relating to him or her where the processing does not comply with the provisions adopted pursuant to Article 4 of this Directive. 2. The Passenger Information Unit shall carry out the erasure without delay. The Passenger Information Unit shall also abstain from further dissemination of such data. 3. Instead of erasure, the Passenger Information Unit shall restrict the processing of the personal data where: (a) their accuracy is contested by the data subject, for a period enabling the Passenger Information Unit to verify the accuracy of the data; (b) the personal data have to be maintained for purposes of proof or for the protection of vital interests of the data subject or another person. 4. Member States shall provide that the Passenger Information Unit informs the data subject in writing, with a reasoned justification, of any refusal of erasure or restriction of the processing, on reasons for the refusal and on the possibilities of lodging a complaint with the supervisory authority and seeking a judicial remedy. 5. Member States shall provide that the Passenger Information Unit notifies recipients to whom those data have been sent of any erasure or restriction made pursuant to paragraph 1, unless to do so proves impossible or involves a disproportionate effort.
2015/04/20
Committee: LIBE
Amendment 728 #
Proposal for a directive
Article 11 f (new)
Article 11f Documentation 1. Member States shall provide that the Passenger Information Unit maintains documentation of all processing systems and procedures under their responsibility. 2. The documentation shall contain at least the following information: (a) the name and contact details of the organisation and personnel in the Passenger Information Unit entrusted with the processing of PNR data, the different levels of access authorisation and the personnel having such authorisations; (b) a description of the category or categories of data subjects and of the data or categories of data relating to them; (c) the recipients of the personal data; (d) all transfers of data to a third country, including the identification of that third country and the legal grounds on which the data are transferred, a substantive explanation shall be given when a transfer is based on Article 8a (new) of this Directive; (e) the time limits for retention and erasure of the different categories of data; (f) the results of the verifications of the measures that the processing of PNR data is performed in compliance with applicable data protection provisions; (g) an indication of the legal basis of the processing operation for which the data are intended. 3. The Passenger Information Unit shall make all documentation available, on request, to the supervisory authority.
2015/04/20
Committee: LIBE
Amendment 729 #
Proposal for a directive
Article 11 g (new)
Article 11g Keeping of records 1. Member States shall ensure that records are kept of at least the following processing operations: collection, alteration, consultation, disclosure, combination or erasure. The records of consultation and disclosure shall show in particular the purpose, date and time of such operations and as far as possible the identification of the person who consulted or disclosed PNR data, and the identity of the recipients of such data. 2. The records shall be used solely for the purposes of verification of the lawfulness of the data processing, self-monitoring and for ensuring data integrity and data security, or for purposes of auditing, either by the Data Protection Officer or by the supervisory authority. 3. The Member State shall ensure that the Passenger Information Unit shall make the records available, on request, to the supervisory authority.
2015/04/20
Committee: LIBE
Amendment 730 #
Proposal for a directive
Article 11 h (new)
Article 11h Security of processing 1. Member States shall provide that the Passenger Information Unit implements appropriate technical and organisational measures and procedures to ensure a high level of security appropriate to the risks represented by the processing and the nature of the PNR data to be protected, having regard to the state of the art and the cost of their implementation. 2. In respect of automated data processing, each Member State shall provide that the Passenger Information Unit, following an evaluation of the risks, implements measures designed to: (a) deny unauthorised persons access to data-processing equipment used for processing PNR data (equipment access control); (b) prevent the unauthorised reading, copying, modification or removal of data media (data media control); (c) prevent the unauthorised input of data and the unauthorised inspection, modification or deletion of stored PNR data (storage control); (d) prevent the use of automated data- processing systems by unauthorised persons using data communication equipment (user control); (e) ensure that persons authorised to use an automated data-processing system only have access to the data covered by their access authorisation (data access control); (f) ensure that it is possible to verify and establish to which bodies PNR data have been or may be transmitted or made available using data communication equipment (communication control); (g) ensure that it is subsequently possible to verify and establish which PNR data have been input into automated data- processing systems and when and by whom the data were input (input control); (h) prevent the unauthorised reading, copying, modification or deletion of PNR data during transfers of the data or during transportation of the data media (transport control); (i) ensure that installed systems may, in case of interruption, be restored (recovery); (j) ensure that the functions of the system perform, that the appearance of faults in the functions is reported (reliability) and that stored PNR data cannot be corrupted by means of a malfunctioning of the system (integrity). 3. Member States shall provide that the Passenger Information Unit observes the requisite technical and organisational measures under paragraph 1.
2015/04/20
Committee: LIBE
Amendment 731 #
Proposal for a directive
Article 11 i (new)
Article 11i Right to judicial remedy 1. Without prejudice to any available administrative remedy, including the right to lodge a complaint with a supervisory authority, Member States shall provide for the right of every natural person to a judicial remedy if they consider that that their rights laid down in provisions adopted pursuant to this Directive have been infringed as a result of the processing of their personal data in non- compliance with these provisions. 2. Member States shall ensure that final decisions by the court referred to in this Article will be enforced.
2015/04/20
Committee: LIBE
Amendment 732 #
Proposal for a directive
Article 11 j (new)
Article 11j Liability and the right to compensation Member States shall provide that any person who has suffered damage, including non-pecuniary damage, as a result of an unlawful processing operation or of an action incompatible with the provisions adopted pursuant to this Directive shall have the right to claim compensation for the damage suffered.
2015/04/20
Committee: LIBE
Amendment 733 #
Proposal for a directive
Article 11 k (new)
Article 11k Penalties for non-compliance Member States shall lay down the rules on penalties, applicable to infringements of the provisions adopted pursuant to this Directive and shall take all measures necessary to ensure that they are implemented. The penalties provided for must be effective, proportionate and dissuasive.
2015/04/20
Committee: LIBE
Amendment 734 #
Proposal for a directive
Article 11 l (new)
Article 11l Notification of a personal data breach to the supervisory authority 1. Member States shall provide that in the case of a personal data breach, the Passenger Information Unit, without undue delay and, where feasible, not later than 24 hours, the personal data breach to the supervisory authority. The Passenger Information Unit shall provide, on request, to the supervisory authority a reasoned justification in cases of any delay. 2. The notification referred to in paragraph 1 shall at least: (a) describe the nature of the personal data breach including the categories and number of data subjects concerned and the categories and number of data records concerned; (b) communicate the identity and contact details of the Data Protection Officer referred to in Article 3a (new) or other contact point where more information can be obtained; (c) recommend measures to mitigate the possible adverse effects of the personal data breach; (d) describe the possible consequences of the personal data breach; (e) describe the measures proposed or taken by the Passenger Information Unit to address the personal data breach and mitigate its effects. In case all information cannot be provided without undue delay, the Passenger Information Unit can complete the notification in a second phase. 4. Member States shall provide that the Passenger Information Unit documents any personal data breaches, comprising the facts surrounding the breach, its effects and the remedial action taken. This documentation must be sufficient to enable the supervisory authority to verify compliance with this Article. The documentation shall only include the information necessary for that purpose. 5. The supervisory authority shall keep a public register of the types of breaches notified.
2015/04/20
Committee: LIBE
Amendment 735 #
Proposal for a directive
Article 11 m (new)
Article 11m Communication of a personal data breach to the data subject 1. Member States shall provide that when the personal data breach is likely to adversely affect the protection of the personal data and/or the privacy of the data subject, the Passenger Information Unit shall, after the notification referred to in Article 11l (new), communicate the personal data breach to the data subject without undue delay. 2. The communication to the data subject referred to in paragraph 1 shall be comprehensive and use clear and plain language. It shall describe the nature of the personal data breach and contain at least the information and the recommendations provided for in points (b), (c) and (d) of Article 11l (new) and information about the rights of the data subject, including redress. 3. The communication of a personal data breach to the data subject shall not be required if the Passenger Information Unit demonstrates to the satisfaction of the supervisory authority that it has implemented appropriate technological protection measures, and that those measures were applied to the PNR data concerned by the personal data breach. Such technological protection measures shall render the data unintelligible to any person who is not authorised to access it. 4. The communication to the data subject may be delayed or restricted, in a specific case, to the extent that such a delay or restriction constitutes a necessary and proportionate measure: (a) to avoid obstructing official or legal inquiries, investigations or procedures; (b) to protect public security; (c) to protect the rights and freedoms of others.
2015/04/20
Committee: LIBE
Amendment 736 #
Proposal for a directive
Article 12
1. Each Member State shall provide that the national supervisory authority established in implementation of Article 25 of Framework Decision 2008/977/JHA shall also be responsible for advising on and monitoring the application within its territory of the provisions adopted by the Member States pursuant to the present Directive. The further provisions of Article 25 Framework Decision 2008/977/JHA shall be applicableone or more public authorities are responsible for monitoring the application of the provisions adopted pursuant to this Directive and for contributing to its consistent application throughout the Union, in order to protect the fundamental rights and freedoms of natural persons in relation to the processing of their personal data. 2. Member States shall ensure that the supervisory authority acts with complete independence in exercising the duties and powers entrusted to it. 3. Each Member State shall provide that the members of the supervisory authority, in the performance of their duties, neither seek nor take instructions from anybody, and maintain complete independence and impartiality. 4. Each Member State shall ensure that the supervisory authority is provided with the adequate human, technical and financial resources, premises and infrastructure necessary for the effective performance of its duties and powers. 5. Each Member State shall ensure that the supervisory authority must have its own staff which shall be appointed by and subject to the direction of the head of the supervisory authority.
2015/04/20
Committee: LIBE
Amendment 748 #
Proposal for a directive
Article 12 a (new)
Article 12a Duties of the national supervisory authority 1. Member States shall provide that the supervisory authority: (a) monitors and ensures the application of the provisions adopted pursuant to this Directive and its implementing measures; (b) hears complaints lodged by any data subject, investigates, to the extent appropriate, the matter and informs the data subject of the progress and the outcome of the complaint within a reasonable period, in particular where further investigation or coordination with another supervisory authority is necessary; (c) checks the lawfulness of the data processing; (d) conducts investigations, inspections and audits, either on its own initiative or on the basis of a complaint, and informs the data subject concerned, if the data subject has addressed a complaint, of the outcome of the investigations within a reasonable period; (e) monitors relevant developments, insofar as they have an impact on the protection of personal data, in particular the development of information and communication technologies; 2. The supervisory authority shall, upon request, advise any data subject in exercising the rights laid down in provisions adopted pursuant to this Directive, and, if appropriate, co-operate with supervisory authorities in other Member States to this end. 3. For complaints referred to in point (b) of paragraph 1, the supervisory authority shall provide a complaint submission form, which can be completed electronically, without excluding other means of communication. 4. Member States shall provide that the performance of the duties of the supervisory authority shall be free of charge for the data subject. 5. Where requests are manifestly excessive, in particular due to their repetitive character, the supervisory authority may charge a reasonable fee. Such a fee shall not exceed the costs of taking the action requested. The supervisory authority shall bear the burden of proving the manifestly excessive character of the request.
2015/04/20
Committee: LIBE
Amendment 750 #
Proposal for a directive
Article 12 b (new)
Article 12b Powers of the national supervisory authority 1. Member States shall provide that each supervisory authority has the power: (a) to notify the Passenger Information Unit of an alleged breach of the provisions governing the processing of PNR data and, where appropriate, order the Passenger Information Unit to remedy that breach, in a specific manner, in order to improve the protection of the data subject; (b) to order the Passenger Information Unit to comply with the data subject's requests to exercise his or her rights under this Directive, including those provided by Articles 11c (new) to 11e (new) where such requests have been refused in breach of those provisions; (c) to order the Passenger Information Unit to provide information pursuant to Articles 11b (new), 11l (new) and 11m (new); (e) to warn or admonish the Passenger Information Unit; (f) to order the rectification, erasure or destruction of all data when they have been processed in breach of the provisions adopted pursuant to this Directive and the notification of such actions to third parties to whom the data have been disclosed; (g) to impose a temporary or definitive ban on processing of PNR data; (h) to suspend data flows to a recipient in a third country; 2. Each supervisory authority shall have the investigative power to obtain from the Passenger Information Unit: (a) access to all PNR and personal data and to all information necessary for the performance of its supervisory duties, (b) access to any of its premises, including to any data processing equipment and means, in accordance with national law, where there are reasonable grounds for presuming that an activity in violation of the provisions adopted pursuant to this Directive is being carried out there, without prejudice to a judicial authorisation if required by national law. 3. Without prejudice to Article 21 of the Council Framework Decision 2008/977/JHA, Member States shall provide that no additional secrecy requirements shall be issued at the request of supervisory authorities. 4. Member States may provide that additional security screening in line with national law is required for access to information classified at a level similar to EU CONFIDENTIAL or higher. If no additional security screening is required under the law of the Member State of the relevant supervisory authority, this must be recognised by all other Member States. 5. Each supervisory authority shall have the power to bring breaches of the provisions adopted pursuant to this Directive to the attention of the judicial authorities and to engage in legal proceedings and bring an action to the competent court. 6. Each supervisory authority shall have the power to impose penalties in respect of administrative offences.
2015/04/20
Committee: LIBE
Amendment 771 #
Proposal for a directive
Article 16 – paragraph 1
Upon the date referred to in Article 15(1), i.e. two years after the entry into force of this Directive, Member States shall ensure that the PNR data of at least 30% of all flights referred to in Article 6(1) are collected. Until two years after the date referred to in Article 15, Member States shall ensure that the PNR data from at least 60 % of all flights referred to in Article 6(1) are collected. Member States shall ensure that from four years after the date referred to in Article 15, the PNR data from all flights referred to in Article 6(1) are collected.deleted
2015/04/20
Committee: LIBE
Amendment 777 #
Proposal for a directive
Article 17 – paragraph 1 – point a
(a) review the feasibility and necessity of including internal flights in the scope of this Directive, in the light of the experience gained by those Member States that collect PNR data with regard to internal flights. The Commission shall submit a report to the European Parliament and the Council within two years after the date mentioned in Article 15(1);deleted
2015/04/20
Committee: LIBE
Amendment 783 #
Proposal for a directive
Article 17 – paragraph 1 – point b
(b) undertake a review of the operation of this Directive and submit a report to the European Parliament and the Council within four years after the date mentioned in Article 15(1)feasibility, necessity and proportionality of this Directive, in the light of the experience gained by the Member States. Such review shall cover all the elements of this Directive, with special attention to the compliance with standard of protection of personal data, the length of the data retention period and, the quality of the assessments and the effectiveness of the sharing of the data between the Member States. It shall also contain the statistical information gathered pursuant to Article 18. The Commission shall submit a report to the European Parliament and the Council within two years after the date mentioned in Article 15(1);
2015/04/20
Committee: LIBE
Amendment 790 #
Proposal for a directive
Article 17 a (new)
Article 17a Limitation This Directive shall loose its effect after a period of seven years. The Commission may propose to extend the effect of this Directive for further seven-year-periods. The decision of extension shall be taken by ordinary legislative procedure after the approval by the European Parliament and the Council.
2015/04/20
Committee: LIBE
Amendment 795 #
Proposal for a directive
Article 18 – paragraph 1
1. Member States shall prepare a set of statistical information on PNR data provided to the Passenger Information Units. Such statistics shall as a minimum cover the number of identifications of any persons who may be involved in a terrorist offence or seriouscertain types of serious transnational crime according to Article 4(2) and, the number of subsequent law enforcement actions that were taken involving the use of PNR data per air carrier and destination and the number of criminal convictions resulting from the enforcement action.
2015/04/20
Committee: LIBE
Amendment 799 #
Proposal for a directive
Article 18 – paragraph 2
2. These statistics shall not contain any personal data. They shall be transmitted to the Commission and the European Parliament on a yearly basis.
2015/04/20
Committee: LIBE
Amendment 817 #
Proposal for a directive
Annex 1 – point 8
(8) Frequent flyer informationdeleted
2015/04/20
Committee: LIBE
Amendment 825 #
Proposal for a directive
Annex 1 – point 12
(12) General remarks (including all available information on unaccompanied minors under 18 years, such as name and gender of the minor, age, language(s) spoken, name and contact details of guardian on departure and relationship to the minor, name and contact details of guardian on arrival and relationship to the minor, departure and arrival agent)
2015/04/20
Committee: LIBE
Amendment 829 #
Proposal for a directive
Annex 1 – point 14
(14) Seat number and other seat information
2015/04/20
Committee: LIBE