39 Amendments of Kati PIRI related to 2011/0023(COD)
Amendment 331 #
Proposal for a directive
Article 4 – paragraph 1
Article 4 – paragraph 1
1. The PNR data transferred by the air carriers, pursuant to Article 6, in relation to international flights which land on or depart from the territory of each Member State shall be collected by the Passenger Information Unit of the relevant Member State. Should the PNR data transferred by air carriers include data beyond those listed in the Annex, the Passenger Information Unit shall delete such data immediately upon receipt. Member States shall adopt the necessary measures to ensure that their Passenger Information Unit may request air carriers in accordance with Article 6 to: (a) transfer (‘push’) all PNR data of all passengers arriving or departing from that Member state in an anonymised format; (b) transfer (‘push’) specific PNR data of an individual linked to a name, contact detail or payment method linked to a specific case of prevention, detection, investigation or prosecution of a terrorist offence or a specific serious transnational crime; (c) transfer (‘push’) PNR data of all passengers on specific flights where a risk assessment of the Passenger Information Unit has proven a high concrete risk that persons linked to a specific case of prevention, detection, investigation or prosecution of a terrorist offence or a specific serious transnational crime are travelling on those flights.
Amendment 340 #
Proposal for a directive
Article 4 – paragraph 1 a (new)
Article 4 – paragraph 1 a (new)
Amendment 342 #
Proposal for a directive
Article 4 – paragraph 1 b (new)
Article 4 – paragraph 1 b (new)
1b. A request pursuant to subparagraphs 1 (b) and (c) shall be subject to prior authorisation by a judicial authority and subject to a quarterly judicial review. The specification referred to in subparagraph 1 (c) may be temporal, geographical or both.
Amendment 345 #
Proposal for a directive
Article 4 – paragraph 2 – point a
Article 4 – paragraph 2 – point a
(a) carrying out an assessment of the passengers prior to their scheduled arrival or departure from the Member State in order to identify any persons who may be involved in a terrorist offence or a certain type of serious transnational crime and who require further examination by the competent authorities referred to in Article 5. In carrying out such an assessment, the Passenger Information Unit may process PNR data against pre-determined criteria in line with the requirement set out in paragraph 3. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated meansand subject to human intervention by a member of the Passenger Information Unit in order to verify whether the competent authority referred to in Article 5 needs to take action;
Amendment 361 #
Proposal for a directive
Article 4 – paragraph 2 – point b
Article 4 – paragraph 2 – point b
(b) carrying out an assessment of the passengers prior to their scheduled arrival or departure from the Member State in order to identify any persons who may be involved in a terrorist offence or seriousa type of serious transnational crime and who require further examination by the competent authorities referred to in Article 5. In carrying out such an assessment the Passenger Information Unit may compare PNR data against relevant databases, including international or national databases or national mirrors of Unionnational databases, where they are established on the basis of Union law, on persons or objects sought or under alert, in accordance with Union, international and national rules applicable to such filesdata bases. In carrying out such an assessment the Passenger Information Unit may compare PNR data against the Schengen Information System and the Visa Information System. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated meansand subject to human intervention by a member of the Passenger Information Unit in order to verify whether the competent authority referred to in Article 5 needs to take action; and
Amendment 363 #
Proposal for a directive
Article 4 – paragraph 2 – point c
Article 4 – paragraph 2 – point c
(c) responding, on a case-by-case basis, to duly reasoned requests from competent authorities to provide PNR data and process PNR data in specific cases for the purpose of prevention, detection, investigationin accordance with Article 4a (new) and pfrosecution of a terrorist offence or serious crime, and to provide the competent authorities with the results of such processing; andm Passenger Information Units from other Member States in accordance with Article 7.
Amendment 374 #
Proposal for a directive
Article 4 – paragraph 2 – point d
Article 4 – paragraph 2 – point d
Amendment 377 #
Proposal for a directive
Article 4 – paragraph 3
Article 4 – paragraph 3
3. The assessment of the passengers prior to their scheduled arrival or departure from the Member State referred to in point (a) of paragraph 2 shall be carried out in a non- discriminatory manner on the basis of assessment criteria established by its Passenger Information Unit. These assessment criteria must be targeted, specific, justified, proportionate and fact- based. Member States shall ensure that the assessment criteria are set by the Passenger Information Units, in cooperation with the competent authorities referred to in Article 5 and regularly reviewed. The regular review shall involve the Data Protection Officer and ensure that the assessment criteria remain targeted, specific, justified, proportionate and fact-based. The assessment criteria shall in no circumstances be based on data revealing a person’'s race or ethnic origin, political opinions, religiousn or philosophical beliefs, political opinion, trade union membership, health or sexual life. sexual orientation or gender identity, trade union membership and activities, and the processing of biometric data or of data concerning, health or sex life. The assessment shall in any case not be based solely on automated processing and allow for human intervention on every criteria.
Amendment 397 #
Proposal for a directive
Article 4 – paragraph 4 a (new)
Article 4 – paragraph 4 a (new)
4a. The Data Protection Officer shall have access to all data transmitted to the Passenger Information Unit and from the Passenger Information Unit to a competent authority pursuant to Article 5. If the Data Protection Officer considers that transmission of any data was not lawful, he/she shall refer the matter to the Supervisory Authority, who shall have the power to order the receiving competent authority to erase the data.
Amendment 400 #
Proposal for a directive
Article 4 – paragraph 4 b (new)
Article 4 – paragraph 4 b (new)
4b. The storage, processing and analysis of PNR data shall be carried out exclusively within the territory of the Union. The law applicable to these procedures shall therefore be Union law on personal data protection.
Amendment 401 #
Proposal for a directive
Article 4 – paragraph 4 c (new)
Article 4 – paragraph 4 c (new)
4c. Member States shall bear the costs of use, retention and exchange of PNR data.
Amendment 406 #
Proposal for a directive
Article 4 a (new)
Article 4 a (new)
Amendment 445 #
Proposal for a directive
Article 6 – paragraph -1
Article 6 – paragraph -1
-1. Member States shall adopt the necessary measures to ensure that air carriers transfer ('push') anonymised PNR data pursuant to Article 4 (a), to the extent that such data are already collected by them in their normal course of business, to the Passenger Information Unit.
Amendment 451 #
Proposal for a directive
Article 6 – paragraph 1
Article 6 – paragraph 1
1. Member States shall adopt the necessary measures to ensure that air carriers transfer ('push') the specific PNR data as defined in Article 2(c) and specified in the Annexpursuant to Article 4 (b) and (c) , to the extent that such data are already collected by them, in their normal course of business to the database of the national Passenger Information Unit of thea Member State on the territory of which the international flight will land or from the territory of which the flight will depart. Where the flight is code-shared between one or more air carriers, the obligation to transfer the PNR data of all passengers on the flight shall be on the air carrier that operates the flight. Where the flight has one or more stop-overs at the airports of the Member States, air carriers shall transfer the PNR data to the Passenger Information Units of all the Member States concerned.
Amendment 463 #
Proposal for a directive
Article 6 – paragraph 2 – point a – introductory part
Article 6 – paragraph 2 – point a – introductory part
(a) once 24 to 48 hours before the scheduled time for flight departure;
Amendment 467 #
Proposal for a directive
Article 6 – paragraph 2 – point b
Article 6 – paragraph 2 – point b
(b) once immediately after flight closure, that is once the passengers have boarded the aircraft in preparation for departure and it is no longer possible for further passengers to board.
Amendment 472 #
Proposal for a directive
Article 6 – paragraph 3
Article 6 – paragraph 3
3. Member States mayshall permit air carriers to limit the transfer referred to in point (b) of paragraph 2 to updates of the transfer referred to in point (a) of paragraph 2.
Amendment 479 #
Proposal for a directive
Article 6 – paragraph 4
Article 6 – paragraph 4
4. On a case-by-case basis, upon request from a Passenger Information Unit in accordance with national law, air carriers shall transfer PNR data where access earlier than that mentioned in point (a) of paragraph 2 is necessary to assist in responding to a specific and actual threat related to a terrorist offences or seriousa certain type of serious transnational crime.
Amendment 486 #
Proposal for a directive
Article 7 – paragraph 1
Article 7 – paragraph 1
1. Member States shall ensure that, with regard to persons identified by a Passenger Information Unit in accordance with Article 4(2)(a) and (b), the result of the processing of PNR data is transmitted without delay by that Passenger Information Unit to the Passenger Information Units of other Member States where the former Passenger Information Unit considers such transfer to be necessaryrelevant for the prevention, detection, investigation or prosecution of terrorist offences or seriouscertain types of serious transnational crime. The Passenger Information Units of the receiving Member States shall transmit such PNR data or the result of the processing of PNR data to their relevant competent authorities. Where appropriate, an alert shall be entered in accordance with Article 36 of the Schengen Information System.
Amendment 494 #
Proposal for a directive
Article 7 – paragraph 2
Article 7 – paragraph 2
2. The Passenger Information Unit of a Member State shall have the right to request, if strictly necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’'s database in accordance with Article 9(1), and, if necessary, also the result of the processing of PNR data. The request for such data may be based on any one or a combination of data elements as set out in the Annex, as deemed strictly necessary by the requesting Passenger Information Unit for a specific case of prevention, detection, investigation or prosecution of a terrorist offences or seriousa certain type of serious transnational crime. Passenger Information Units shall provide the requested data as soon as practicable using the common protocols and supported data formats and shall provide also the result of the processing of PNR data, if it has already been prepared pursuant to Article 4(2)(a) and (b).
Amendment 503 #
Proposal for a directive
Article 7 – paragraph 3
Article 7 – paragraph 3
3. The Passenger Information Unit of a Member State shall have the right to request, if strictly necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’'s database in accordance with Article 9(2), and, if necessary, also the result of the processing of PNR data. The Passenger Information Unit may request access to specific PNR data kept by the Passenger Information Unit of another Member State in their full form without the masking out only in exceptional circumstances in response to a specific threat or a specific investigation or prosecution related to a terrorist offences or serious crimea specific serious transnational crime. Such access to the full PNR data shall be permitted only with the approval of the Head of the Passenger Information Unit the request has been made to.
Amendment 511 #
Proposal for a directive
Article 7 – paragraph 4
Article 7 – paragraph 4
Amendment 525 #
Proposal for a directive
Article 7 – paragraph 5
Article 7 – paragraph 5
5. Exceptionally, where early access is necessary to respond to a specific and actual threat related to a terrorist offences or seriousa specific serious transnational crime, the Passenger Information Unit of a Member State shall have the right to request the Passenger Information Unit of another Member State to provide it with PNR data of flights landing in or departing from the latter’'s territory at any time, should this data have been retained.
Amendment 533 #
Proposal for a directive
Article 7 – paragraph 6
Article 7 – paragraph 6
6. Exchange of information under this Article mayshall take place using any existing channels for European and international law enforcement cooperation, in particular Europol and national units under Article 8 of Council Decision 2009/371/JHA of 6 April 2009. The language used for the request and the exchange of information shall be the one applicable to the channel used. Member States shall, when making their notifications in accordance with Article 3(3), also inform the Commission with details of the contacts to which requests may be sent in cases of urgency. The Commission shall communicate to the Member States the notifications received.
Amendment 719 #
Proposal for a directive
Article 11 a (new)
Article 11 a (new)
Article 11a Processing of special categories of data 1. Member States shall prohibit the processing of PNR data revealing race or ethnic origin, political opinions, religion or philosophical beliefs, sexual orientation or gender identity, trade-union membership or activities, and the processing of biometric data or of data concerning health or sex life. 2. In the event that PNR data revealing such information are received by the Passenger Information Unit, they shall be deleted without delay. To that end, upon the receipt of PNR data from air carriers, Member States shall apply automated and manual controls to identify and delete sensitive data from PNR data obtained. 3. In order to identify and delete any sensitive data from PNR data retained, members of the Passenger Information Unit shall undertake manual checks before any further manual processing and prior to any transfer of PNR data to competent authorities in accordance with Article 4(2), to the Passenger Information Unit or another Member State in accordance with Article 7, or to a third country in accordance with Article 8.
Amendment 724 #
Proposal for a directive
Article 11 c (new)
Article 11 c (new)
Article 11c Right of access for the data subject Member States shall provide for the right of the data subject to obtain from the Passenger Information Unit a copy of the PNR data undergoing processing. Where the data subject makes the request in electronic form, the information shall be provided in electronic form, unless otherwise requested by the data subject.
Amendment 726 #
Proposal for a directive
Article 11 d (new)
Article 11 d (new)
Article 11d Right to rectification and completion 1. Member States shall provide for the right of the data subject to obtain from the Passenger Information Unit the rectification or the completion of personal data relating to him or her which are inaccurate or incomplete, in particular by way of a completing or corrective statement. 2. Member States shall provide that the Passenger Information Unit informs the data subject in writing, with a reasoned justification, of any refusal of rectification or completion, on the reasons for the refusal and on the possibilities of lodging a complaint with the supervisory authority and seeking a judicial remedy. 3. Member States shall provide that the Passenger Information Unit shall communicate any rectification carried out to each recipient to whom the data have been disclosed, unless to do so proves impossible or involves a disproportionate effort. 4. Member States shall provide that the Passenger Information Unit communicates the rectification of inaccurate personal data to the third party from whom the inaccurate personal data originate.
Amendment 727 #
Proposal for a directive
Article 11 e (new)
Article 11 e (new)
Amendment 728 #
Proposal for a directive
Article 11 f (new)
Article 11 f (new)
Amendment 729 #
Proposal for a directive
Article 11 g (new)
Article 11 g (new)
Article 11g Keeping of records 1. Member States shall ensure that records are kept of at least the following processing operations: collection, alteration, consultation, disclosure, combination or erasure. The records of consultation and disclosure shall show in particular the purpose, date and time of such operations and as far as possible the identification of the person who consulted or disclosed PNR data, and the identity of the recipients of such data. 2. The records shall be used solely for the purposes of verification of the lawfulness of the data processing, self-monitoring and for ensuring data integrity and data security, or for purposes of auditing, either by the Data Protection Officer or by the supervisory authority. 3. The Member State shall ensure that the Passenger Information Unit shall make the records available, on request, to the supervisory authority.
Amendment 730 #
Proposal for a directive
Article 11 h (new)
Article 11 h (new)
Amendment 731 #
Proposal for a directive
Article 11 i (new)
Article 11 i (new)
Article 11i Right to judicial remedy 1. Without prejudice to any available administrative remedy, including the right to lodge a complaint with a supervisory authority, Member States shall provide for the right of every natural person to a judicial remedy if they consider that that their rights laid down in provisions adopted pursuant to this Directive have been infringed as a result of the processing of their personal data in non- compliance with these provisions. 2. Member States shall ensure that final decisions by the court referred to in this Article will be enforced.
Amendment 732 #
Proposal for a directive
Article 11 j (new)
Article 11 j (new)
Article 11j Liability and the right to compensation Member States shall provide that any person who has suffered damage, including non-pecuniary damage, as a result of an unlawful processing operation or of an action incompatible with the provisions adopted pursuant to this Directive shall have the right to claim compensation for the damage suffered.
Amendment 733 #
Proposal for a directive
Article 11 k (new)
Article 11 k (new)
Article 11k Penalties for non-compliance Member States shall lay down the rules on penalties, applicable to infringements of the provisions adopted pursuant to this Directive and shall take all measures necessary to ensure that they are implemented. The penalties provided for must be effective, proportionate and dissuasive.
Amendment 734 #
Proposal for a directive
Article 11 l (new)
Article 11 l (new)
Article 11l Notification of a personal data breach to the supervisory authority 1. Member States shall provide that in the case of a personal data breach, the Passenger Information Unit, without undue delay and, where feasible, not later than 24 hours, the personal data breach to the supervisory authority. The Passenger Information Unit shall provide, on request, to the supervisory authority a reasoned justification in cases of any delay. 2. The notification referred to in paragraph 1 shall at least: (a) describe the nature of the personal data breach including the categories and number of data subjects concerned and the categories and number of data records concerned; (b) communicate the identity and contact details of the Data Protection Officer referred to in Article 3a (new) or other contact point where more information can be obtained; (c) recommend measures to mitigate the possible adverse effects of the personal data breach; (d) describe the possible consequences of the personal data breach; (e) describe the measures proposed or taken by the Passenger Information Unit to address the personal data breach and mitigate its effects. In case all information cannot be provided without undue delay, the Passenger Information Unit can complete the notification in a second phase. 4. Member States shall provide that the Passenger Information Unit documents any personal data breaches, comprising the facts surrounding the breach, its effects and the remedial action taken. This documentation must be sufficient to enable the supervisory authority to verify compliance with this Article. The documentation shall only include the information necessary for that purpose. 5. The supervisory authority shall keep a public register of the types of breaches notified.
Amendment 735 #
Proposal for a directive
Article 11 m (new)
Article 11 m (new)
Article 11m Communication of a personal data breach to the data subject 1. Member States shall provide that when the personal data breach is likely to adversely affect the protection of the personal data and/or the privacy of the data subject, the Passenger Information Unit shall, after the notification referred to in Article 11l (new), communicate the personal data breach to the data subject without undue delay. 2. The communication to the data subject referred to in paragraph 1 shall be comprehensive and use clear and plain language. It shall describe the nature of the personal data breach and contain at least the information and the recommendations provided for in points (b), (c) and (d) of Article 11l (new) and information about the rights of the data subject, including redress. 3. The communication of a personal data breach to the data subject shall not be required if the Passenger Information Unit demonstrates to the satisfaction of the supervisory authority that it has implemented appropriate technological protection measures, and that those measures were applied to the PNR data concerned by the personal data breach. Such technological protection measures shall render the data unintelligible to any person who is not authorised to access it. 4. The communication to the data subject may be delayed or restricted, in a specific case, to the extent that such a delay or restriction constitutes a necessary and proportionate measure: (a) to avoid obstructing official or legal inquiries, investigations or procedures; (b) to protect public security; (c) to protect the rights and freedoms of others.
Amendment 777 #
Proposal for a directive
Article 17 – paragraph 1 – point a
Article 17 – paragraph 1 – point a
Amendment 783 #
Proposal for a directive
Article 17 – paragraph 1 – point b
Article 17 – paragraph 1 – point b
(b) undertake a review of the operation of this Directive and submit a report to the European Parliament and the Council within four years after the date mentioned in Article 15(1)feasibility, necessity and proportionality of this Directive, in the light of the experience gained by the Member States. Such review shall cover all the elements of this Directive, with special attention to the compliance with standard of protection of personal data, the length of the data retention period and, the quality of the assessments and the effectiveness of the sharing of the data between the Member States. It shall also contain the statistical information gathered pursuant to Article 18. The Commission shall submit a report to the European Parliament and the Council within two years after the date mentioned in Article 15(1);
Amendment 790 #
Proposal for a directive
Article 17 a (new)
Article 17 a (new)
Article 17a Limitation This Directive shall loose its effect after a period of seven years. The Commission may propose to extend the effect of this Directive for further seven-year-periods. The decision of extension shall be taken by ordinary legislative procedure after the approval by the European Parliament and the Council.