54 Amendments of Emilian PAVEL related to 2011/0023(COD)
Amendment 114 #
Proposal for a directive
Recital 11
Recital 11
(11) Air carriers already collect and process PNR data from their passengers for their own commercial purposes. This Directive should not impose any obligation on air carriers to collect or retain any additional data from passengers or to impose any obligation on passengers to provide any data in addition to that already being provided to air carriers. For charter, private and freighted flights, PNR data should also be collected and transferred to the Passenger Information Unit of the relevant Member State.
Amendment 119 #
Proposal for a directive
Recital 12
Recital 12
(12) The definition of terrorist offences should be taken from Articles 1 to 4 of Council Framework Decision 2002/475/JHA on combating terrorism37. The definition of serous crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA of 13 June 2002 on the European Arrest Warrant and the surrender procedure between Member States38. However, Member States may exclude those minor offences for which, taking into account their respective criminal justice system, the processing of PNR data pursuant to this directive would not be in line with the principle of proportionality. The definition of serious transnational crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA and the United Nations Convention on Transnational Organised Crime. __________________ 38 OJ L 190, 18.7.2002, p. 1. 37 OJ L 164, 22.6.2002, p. 3. Decision as amended by Council Framework Decision 2008/919/JHA of 28 November 2008 (OJ L 330, 9.1.2.2008, p. 21).
Amendment 126 #
Proposal for a directive
Recital 13
Recital 13
(13) PNR data should be transferred to a single designated unit (Passenger Information Unit) in the relevant Member State, so as to ensure clarity and reduce costs to air carriers and other commercial operators or non-commercial flight operators.
Amendment 141 #
Proposal for a directive
Recital 16
Recital 16
(16) The Commission supports the International Civil Aviation Organisation (ICAO) guidelines on PNR. These guidelines should thus be the basis for adopting the supported data formats for transfers of PNR data by air carriers and other commercial operators or non- commercial flight operators to Member States. This justifies that such supported data formats, as well as the relevant protocols applicable to the transfer of data from air carriers and other commercial operators or non-commercial flight operators should be adopted in accordance with the advisory procedure foreseen in Regulation (EU) No….. of the European Parliament and the Council [……………..]
Amendment 144 #
Proposal for a directive
Recital 17
Recital 17
(17) The Member States should take all necessary measures to enable air carriers and other commercial operators or non- commercial flight operators to fulfil their obligations under this Directive. Dissuasive, effective and proportionate penalties, including financial ones, should be provided for by Member States against those air carriers and other commercial operators or non-commercial flight operators failing to meet their obligations regarding the transfer of PNR data. Where there are repeated serious infringements which might undermine the basic objectives of this Directive, these penalties may include, in exceptional cases, measures such as the immobilisation, seizure and confiscation of the means of transport, or the temporary suspension or withdrawal of the operating licence. .
Amendment 155 #
Proposal for a directive
Recital 19
Recital 19
(19) Taking fully into consideration the right to the protection of personal data and the right to non-discrimination, no decision that produces an adverse legal effect on a person or seriously affects him/her should be taken only by reason of the automated processing of PNR data. Moreover, no such decision should be taken by reason of a person’'s race or ethnic origin, political opinions, religiousn or philosophical beliefs, political opinion, trade union membership,sexual orientation or gender identity, trade union membership and activities, and the processing of biometric data or of data concerning health or sexual life.
Amendment 177 #
Proposal for a directive
Recital 23
Recital 23
(23) The processing of PNR data domestically in each Member State by the Passenger Information Unit and by competent authorities should be subject to a standard of protection of personal data under their national law which is in line with Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed the European data protection acquis, including the framework of police and judicial cooperation in criminal matters41 (‘Framework Decision 2008/977/JHA’)specific data protection requirements set out in this Directive. __________________ 41 OJ L 350, 30.12.2008, p. 60.
Amendment 201 #
Proposal for a directive
Recital 28
Recital 28
Amendment 209 #
Proposal for a directive
Recital 29
Recital 29
(29) As a result of the legal and technical differences between national provisions concerning the processing of personal data, including PNR, air carriers and other commercial operators or non-commercial flight operators are and will be faced with different requirements regarding the types of information to be transmitted, as well as the conditions under which this information needs to be provided to competent national authorities. These differences may be prejudicial to effective cooperation between the competent national authorities for the purposes of preventing, detecting, investigating and prosecuting terrorist offences or serious crime.
Amendment 213 #
Proposal for a directive
Recital 31
Recital 31
(31) This Directive respects the fundamental rights and the principles of the Charter of Fundamental Rights of the European Union, in particular the right to the protection of personal data, the right to privacy and the right to non-discrimination as protected by Articles 8, 7 and 21 of the Charter and has to be implemented accordingly. The Directive is compatible with data protection principles and its provisions are in line with the Framework Decision 2008/977/JHA. Furthermore, and in order to comply with the proportionality principle, the Directive, on specific issues, will have stricter rules on data protection than the Framework Decision 2008/977/JHA.
Amendment 223 #
Proposal for a directive
Recital 32
Recital 32
(32) In particular, the scope of the Directive is as limited as possible, it allows retention of PNR data for period of time not exceeding 5 years, after which the data must be deleted, the data must be anonymised (masked out) after a very short period, the collection and use of sensitive data is prohibited. In order to ensure efficiency and a high level of data protection, Member States are required to ensure that an independent national supervisory authority is responsible for advising and monitoring how PNR data are processed. All processing of PNR data must be logged or documented for the purpose of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of the data processing. Member States must also ensure that passengers are clearly and precisely informed about the collection of PNR data and their rights.
Amendment 229 #
Proposal for a directive
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Directive provides conditions for the transfer by air carriers of Passenger Name Record data of passengers of international flights to and from the Member States, as well as the processiflights between the Union and third countries, as well as the use, retention and exchange of that data, including its collection, use and retention by the Member States and its exchange between them by Member States.
Amendment 233 #
Proposal for a directive
Article 1 – paragraph 1 a (new)
Article 1 – paragraph 1 a (new)
1a. This Directive shall not apply to flights within the territory of the Union or the means of transport other than airplanes.
Amendment 234 #
Proposal for a directive
Article 1 – paragraph 1 b (new)
Article 1 – paragraph 1 b (new)
1b. The PNR data that is collected pursuant to this Directive may not be used for border control purposes.
Amendment 249 #
Proposal for a directive
Article 2 – paragraph 1 – point a a (new)
Article 2 – paragraph 1 – point a a (new)
(aa) 'other commercial operator' means an undertaking, company or tour operator that may operate charter flights or book a number of seats on an airplane;
Amendment 250 #
Proposal for a directive
Article 2 – paragraph 1 – point a b (new)
Article 2 – paragraph 1 – point a b (new)
(ab) 'other non-commercial flight operator' means a private undertaking that may operate private planes or privately freighted flights;
Amendment 251 #
Proposal for a directive
Article 2 – paragraph 1 – point b
Article 2 – paragraph 1 – point b
(b) ’'international flight’' means any scheduled or non-scheduled flight by an air carrier or other commercial operator or a non-commercial flight operator planned to land on the territory of a Member State originating in a third country or to depart from the territory of a Member State with a final destination in a third country, including in both cases any transfer orchartered flights, private planes, privately freighted flights, as well as transit flights;
Amendment 258 #
Proposal for a directive
Article 2 – paragraph 1 – point c
Article 2 – paragraph 1 – point c
(c) ‘Passenger Name Record’ or 'PNR data' means a record of each passenger’s travel requirements which contains information necessary to enable reservations to be processed and controlled by the booking and participating air carriers and other commercial operators or non-commercial flight operators for each journey booked by or on behalf of any person, whether it is contained in reservation systems, Departure Control Systems (DCS) or equivalent systems providing the same functionalities;
Amendment 275 #
Proposal for a directive
Article 2 – paragraph 1 – point h
Article 2 – paragraph 1 – point h
Amendment 287 #
Proposal for a directive
Article 2 – paragraph 1 – point i – introductory part
Article 2 – paragraph 1 – point i – introductory part
(i) ‘serious transnational crime’ means the offences under national law referred to in Article 2(2) of Council Framework Decision 2002/584/JHA if they are punishable by a custodial sentence or a detention order for a maximum period of at least three years under the national law of a Member State, and if : trafficking in human beings, sexual exploitation of children, illicit trafficking in narcotic drugs, illicit trafficking in weapons, cybercrime and other computer related crime, illicit trafficking in munition and explosives if:
Amendment 306 #
Proposal for a directive
Article 3 – paragraph 1
Article 3 – paragraph 1
1. Each Member State shall set up or designate an authority competent for the prevention, detection, investigation or prosecution of terrorist offences and seriouscertain types of serious transnational crime or a branch of such an authority to act as its ‘'Passenger Information Unit’' responsible for conducting risk assessments in accordance with Article 4 as well as collecting PNR data from the air carriers, storing them, analysing them and transmitting the result of the analysis to the competent authorities referred to in Article 5. Its staff members may be seconded from competent public authorities.
Amendment 310 #
Proposal for a directive
Article 3 – paragraph 1 a (new)
Article 3 – paragraph 1 a (new)
1a. The Passenger Information Unit must implement appropriate technical and organizational measures to protect personal data against unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Amendment 315 #
Proposal for a directive
Article 3 – paragraph 1 b (new)
Article 3 – paragraph 1 b (new)
1b. All members of the Passenger Information Unit who have access to PNR data shall have had received specifically tailored training on processing of PNR data in full compliance with data protection principles and fundamental rights.
Amendment 317 #
Proposal for a directive
Article 3 – paragraph 1 c (new)
Article 3 – paragraph 1 c (new)
1c. The activities specified for in Article 9a(new)(4) shall only be carried out by specifically designated personnel of the Passenger Information Unit.
Amendment 321 #
Proposal for a directive
Article 3 – paragraph 3 – subparagraph 1 (new)
Article 3 – paragraph 3 – subparagraph 1 (new)
The Passenger Information Unit must notify the National Supervisory Authority referred to in Article 12 before carrying out any wholly or partly processing operation.
Amendment 329 #
Proposal for a directive
Article 3 a (new)
Article 3 a (new)
Amendment 406 #
Proposal for a directive
Article 4 a (new)
Article 4 a (new)
Amendment 412 #
Proposal for a directive
Article 5 – paragraph 1
Article 5 – paragraph 1
1. Each Member State shall adopt a list of the competent authorities entitled to request or receive PNR data or the result of the processing of PNR data from the Passenger Information Units in order to examine that information further or take appropriate action for the purpose of preventing, detecting, investigating and prosecuting terrorist offences and serious transnational crime. In the framework of this Directive, Europol shall be entitled, within its mandate, to request from the Passenger Information Units PNR data or relevant analytical information obtained from PNR data that may be necessary in a specific and duly justified case to prevent, detect, investigate, or prosecute terrorist offences and certain types of serious transnational crime.
Amendment 455 #
Proposal for a directive
Article 6 – paragraph 1 a (new)
Article 6 – paragraph 1 a (new)
Amendment 456 #
Proposal for a directive
Article 6 – paragraph 1 b (new)
Article 6 – paragraph 1 b (new)
1b. In the cases of private planes or privately freighted flights, Member States should adopt the necessary measures to ensure that non-commercial flight operators provide PNR data for all passengers
Amendment 460 #
Proposal for a directive
Article 6 – paragraph 2 – introductory part
Article 6 – paragraph 2 – introductory part
2. Air carriers shall transfer PNR data by electronic means, other commercial operators and non-commercial flight operators shall transfer PNR data by electronic means, providing sufficient guarantees in respect of the technical and organisational security measures, using the common protocols and supported data formats to be adopted in accordance with the procedure of Articles 13 and 14 or, in the event of technical failure, by any other appropriate means ensuring an appropriatthe same level of data security:
Amendment 471 #
Proposal for a directive
Article 6 – paragraph 3
Article 6 – paragraph 3
3. Member States may permit air carriers and other non-commercial flight operators to limit the transfer referred to in point (b) of paragraph 2 to updates of the transfer referred to in point (a) of paragraph 2.
Amendment 533 #
Proposal for a directive
Article 7 – paragraph 6
Article 7 – paragraph 6
6. Exchange of information under this Article mayshall take place using any existing channels for European and international law enforcement cooperation, in particular Europol and national units under Article 8 of Council Decision 2009/371/JHA of 6 April 2009. The language used for the request and the exchange of information shall be the one applicable to the channel used. Member States shall, when making their notifications in accordance with Article 3(3), also inform the Commission with details of the contacts to which requests may be sent in cases of urgency. The Commission shall communicate to the Member States the notifications received.
Amendment 547 #
Proposal for a directive
Article 8 – paragraph 1 – introductory part
Article 8 – paragraph 1 – introductory part
A Member State may transfer PNR data and the results of the processing of PNR data to a third country, only on a case-by- case basis, only on the basis of an international agreement between the Union and that third country and if:
Amendment 552 #
Proposal for a directive
Article 8 – paragraph 1 – point a
Article 8 – paragraph 1 – point a
Amendment 569 #
Proposal for a directive
Article 8 – paragraph 1 – point b
Article 8 – paragraph 1 – point b
(b) the transfer is strictly necessary for the purposes of this Directive specified in Article 1(2), and.
Amendment 579 #
Proposal for a directive
Article 8 – paragraph 1 – point c
Article 8 – paragraph 1 – point c
Amendment 596 #
Proposal for a directive
Article 8 – paragraph 1 a (new)
Article 8 – paragraph 1 a (new)
A Member State may transfer PNR data and the results of the processing of PNR data to a third country only if: (a) the third country receiving the data agrees not to transfer the PNR data and the results of the processing of PNR data to another country. (b) the third country submits a duly reasoned request to a competent authority referred to in Article 5 of the Member State concerned; (c) the reasoned request sets out reasonable grounds to consider that the transmission of the PNR data or the results of the processing of the PNR data will substantially contribute to the prevention, detection, investigation or prosecution of the terrorist offence or a serious transnational crime in question; and (d) a court verified, in a timely manner, that all conditions set out in paragraphs (a) and (e) are fulfilled.
Amendment 605 #
Proposal for a directive
Article 8 a (new)
Article 8 a (new)
Amendment 674 #
Proposal for a directive
Article 9 a (new)
Article 9 a (new)
Article 9a Depersonalisation of data 1. Upon expiry of the period of 30 days, specified in Article 9, all data elements which could serve to identify the passenger to whom PNR data relate, shall be depersonalised through masking at the user interphase. For the purposes of this Directive, the data elements which could serve to identify the passenger to whom PNR data relate and which shall be filtered and depersonalised are: (a) name(s), including the names of other passengers on the PNR and number of travellers on the PNR travelling together; (b) address and contact information, including the IP address; (c) general remarks to the extent that it contains any information which could serve to identify the passenger to whom the PNR relate; and (d) any collected Advance Passenger Information. 2. The obligation to depersonalise data through masking in accordance with paragraph 1 shall be without prejudice to cases where the processing of PNR data in accordance with Article 4(2)(a) and (b) resulted in a positive match, in which case such data shall not be depersonalised through masking until it has been subject to human intervention by a member of the Passenger Information Unit in order to verify whether a competent authority needs to take action.
Amendment 676 #
Proposal for a directive
Article 10 – title
Article 10 – title
Penalties against air carriers and non- commercial flight operators
Amendment 681 #
Proposal for a directive
Article 10 – paragraph 1
Article 10 – paragraph 1
Member States shall ensure, in conformity with their national law, that dissuasive, effective and proportionate penalties, including financial penalties, are provided for against air carriers and other non- commercial flight operators which, do not transmit the data required under this Directive, to the extent that they are already collected by the them, or do not do so in the required format or otherwise infringe the national provisions adopted pursuant to this Directive.
Amendment 719 #
Proposal for a directive
Article 11 a (new)
Article 11 a (new)
Article 11a Processing of special categories of data 1. Member States shall prohibit the processing of PNR data revealing race or ethnic origin, political opinions, religion or philosophical beliefs, sexual orientation or gender identity, trade-union membership or activities, and the processing of biometric data or of data concerning health or sex life. 2. In the event that PNR data revealing such information are received by the Passenger Information Unit, they shall be deleted without delay. To that end, upon the receipt of PNR data from air carriers, Member States shall apply automated and manual controls to identify and delete sensitive data from PNR data obtained. 3. In order to identify and delete any sensitive data from PNR data retained, members of the Passenger Information Unit shall undertake manual checks before any further manual processing and prior to any transfer of PNR data to competent authorities in accordance with Article 4(2), to the Passenger Information Unit or another Member State in accordance with Article 7, or to a third country in accordance with Article 8.
Amendment 728 #
Proposal for a directive
Article 11 f (new)
Article 11 f (new)
Amendment 729 #
Proposal for a directive
Article 11 g (new)
Article 11 g (new)
Article 11g Keeping of records 1. Member States shall ensure that records are kept of at least the following processing operations: collection, alteration, consultation, disclosure, combination or erasure. The records of consultation and disclosure shall show in particular the purpose, date and time of such operations and as far as possible the identification of the person who consulted or disclosed PNR data, and the identity of the recipients of such data. 2. The records shall be used solely for the purposes of verification of the lawfulness of the data processing, self-monitoring and for ensuring data integrity and data security, or for purposes of auditing, either by the Data Protection Officer or by the supervisory authority. 3. The Member State shall ensure that the Passenger Information Unit shall make the records available, on request, to the supervisory authority.
Amendment 730 #
Proposal for a directive
Article 11 h (new)
Article 11 h (new)
Amendment 731 #
Proposal for a directive
Article 11 i (new)
Article 11 i (new)
Article 11i Right to judicial remedy 1. Without prejudice to any available administrative remedy, including the right to lodge a complaint with a supervisory authority, Member States shall provide for the right of every natural person to a judicial remedy if they consider that that their rights laid down in provisions adopted pursuant to this Directive have been infringed as a result of the processing of their personal data in non- compliance with these provisions. 2. Member States shall ensure that final decisions by the court referred to in this Article will be enforced.
Amendment 732 #
Proposal for a directive
Article 11 j (new)
Article 11 j (new)
Article 11j Liability and the right to compensation Member States shall provide that any person who has suffered damage, including non-pecuniary damage, as a result of an unlawful processing operation or of an action incompatible with the provisions adopted pursuant to this Directive shall have the right to claim compensation for the damage suffered.
Amendment 734 #
Proposal for a directive
Article 11 l (new)
Article 11 l (new)
Article 11l Notification of a personal data breach to the supervisory authority 1. Member States shall provide that in the case of a personal data breach, the Passenger Information Unit, without undue delay and, where feasible, not later than 24 hours, the personal data breach to the supervisory authority. The Passenger Information Unit shall provide, on request, to the supervisory authority a reasoned justification in cases of any delay. 2. The notification referred to in paragraph 1 shall at least: (a) describe the nature of the personal data breach including the categories and number of data subjects concerned and the categories and number of data records concerned; (b) communicate the identity and contact details of the Data Protection Officer referred to in Article 3a (new) or other contact point where more information can be obtained; (c) recommend measures to mitigate the possible adverse effects of the personal data breach; (d) describe the possible consequences of the personal data breach; (e) describe the measures proposed or taken by the Passenger Information Unit to address the personal data breach and mitigate its effects. In case all information cannot be provided without undue delay, the Passenger Information Unit can complete the notification in a second phase. 4. Member States shall provide that the Passenger Information Unit documents any personal data breaches, comprising the facts surrounding the breach, its effects and the remedial action taken. This documentation must be sufficient to enable the supervisory authority to verify compliance with this Article. The documentation shall only include the information necessary for that purpose. 5. The supervisory authority shall keep a public register of the types of breaches notified.
Amendment 735 #
Proposal for a directive
Article 11 m (new)
Article 11 m (new)
Article 11m Communication of a personal data breach to the data subject 1. Member States shall provide that when the personal data breach is likely to adversely affect the protection of the personal data and/or the privacy of the data subject, the Passenger Information Unit shall, after the notification referred to in Article 11l (new), communicate the personal data breach to the data subject without undue delay. 2. The communication to the data subject referred to in paragraph 1 shall be comprehensive and use clear and plain language. It shall describe the nature of the personal data breach and contain at least the information and the recommendations provided for in points (b), (c) and (d) of Article 11l (new) and information about the rights of the data subject, including redress. 3. The communication of a personal data breach to the data subject shall not be required if the Passenger Information Unit demonstrates to the satisfaction of the supervisory authority that it has implemented appropriate technological protection measures, and that those measures were applied to the PNR data concerned by the personal data breach. Such technological protection measures shall render the data unintelligible to any person who is not authorised to access it. 4. The communication to the data subject may be delayed or restricted, in a specific case, to the extent that such a delay or restriction constitutes a necessary and proportionate measure: (a) to avoid obstructing official or legal inquiries, investigations or procedures; (b) to protect public security; (c) to protect the rights and freedoms of others.
Amendment 751 #
Proposal for a directive
Article 13 – paragraph 1
Article 13 – paragraph 1
1. All transfers of PNR data by air carriers, other commercial operators and non- commercial flight operators to the Passenger Information Units for the purposes of this Directive, shall be made by electronic means or, in the event of technical failure, by any other appropriate means,and carried out via a processor of data that provides sufficient guarantees in respect of the technical security measures and organizational measures governing the processing to be carried out. In the event of technical failure, the PNR data shall be transferred by other appropriate means whilst maintaining the same level of security. All transfers of PNR data shall be made for a period of one year following the adoption of the common protocols and supported data formats in accordance with Article 14.
Amendment 777 #
Proposal for a directive
Article 17 – paragraph 1 – point a
Article 17 – paragraph 1 – point a
Amendment 783 #
Proposal for a directive
Article 17 – paragraph 1 – point b
Article 17 – paragraph 1 – point b
(b) undertake a review of the operation of this Directive and submit a report to the European Parliament and the Council within four years after the date mentioned in Article 15(1)feasibility, necessity and proportionality of this Directive, in the light of the experience gained by the Member States. Such review shall cover all the elements of this Directive, with special attention to the compliance with standard of protection of personal data, the length of the data retention period and, the quality of the assessments and the effectiveness of the sharing of the data between the Member States. It shall also contain the statistical information gathered pursuant to Article 18. The Commission shall submit a report to the European Parliament and the Council within two years after the date mentioned in Article 15(1);
Amendment 790 #
Proposal for a directive
Article 17 a (new)
Article 17 a (new)
Article 17a Limitation This Directive shall loose its effect after a period of seven years. The Commission may propose to extend the effect of this Directive for further seven-year-periods. The decision of extension shall be taken by ordinary legislative procedure after the approval by the European Parliament and the Council.