Activities of Csaba SÓGOR related to 2011/0023(COD)
Plenary speeches (1)
Use of Passenger Name Record data (EU PNR) (debate)
Amendments (64)
Amendment 51 #
Draft legislative resolution
Citation 5 a (new)
Citation 5 a (new)
- having regard to the European Parliament resolution of 11 February 2015 on anti-terrorism measures (2015/2530(RSP)),
Amendment 106 #
Proposal for a directive
Recital 10
Recital 10
(10) To prevent, detect, investigate and prosecute terrorist offences and serious crime, it is therefore essential that all Member States introduce provisions laying down obligations on air carriers operating international flights to or from the territory of the Member States of the European Union, intra-EU flights from one Member State to another Member State and domestic flights with a final destination in the same Member State and non-carrier economic operators when involved in booking such flights.
Amendment 113 #
Proposal for a directive
Recital 11
Recital 11
(11) Air carriers already collect and process PNR data from their passengers for their own commercial purposes. This Directive should not impose any obligation on air carriers and non-carrier economic operators to collect or retain any additional data from passengers or to impose any obligation on passengers to provide any data in addition to that already being provided to air carriers and non-carrier economic operators.
Amendment 115 #
Proposal for a directive
Recital 11 a (new)
Recital 11 a (new)
(11a) Non-carrier economic operators, such as travel agencies and tour operators, sell package tours making use of charter flights for which they collect and process PNR data from their customers, yet without necessarily transferring the data to the airline operating the passenger flight.
Amendment 120 #
Proposal for a directive
Recital 12
Recital 12
(12) The definition of terrorist offences should be taken from Articles 1 to 4 ofapplied in this Directive should be the same as in Council Framework Decision 2002/475/JHA on combating terrorism37. The definition of serous crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA of 13 June 2002 on the European Arrest Warrant and the surrender procedure between Member States38 . However, Member States may exclude those minor offences for which, taking into account their respective criminal justice system, the processing of PNR data pursuant to as amended by Council decision 2008/919/JHA. The term serious crime applied in this dDirective would not be in line with the principle of proportionality. The definition of serious transnational crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA and the United Nations Convention on Transnational Organised Crimeencompasses the crimes listed in Article 2.1. __________________ 38 OJ L 190, 18.7.2002, p. 1.
Amendment 134 #
Proposal for a directive
Recital 14
Recital 14
(14) The contents of any lists of required PNR data to be obtained by the Passenger Information Unit should be drawn up with the objective of reflecting the legitimate requirements of public authorities to prevent, detect, investigate and prosecute terrorist offences or serious crime, thereby improving internal security within the Union as well as protecting the fundamental rights of citizens, notably privacy and the protection of personal data. Such lisdata sets should not contain any personal data that could reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data concerning health or sexual life of the individual concerned. The PNR data should contain details on the passenger’s reservation and travel itinerary which enable competent authorities to identify air passengers representing a threat to internal security.
Amendment 139 #
Proposal for a directive
Recital 15
Recital 15
(15) There are two possible methods of data transfer currently available: the ‘pull’ method, under which the competent authorities of the Member State requiring the data can reach into (access) the air carrier’s reservation system and extract (’pull’) a copy of the required data, and the ‘push’ method, under which air carriers and non-carrier economic operators transfer (’push’) the required PNR data to the authority requesting them, thus allowing air carriers to retain control of what data is provided. The ‘push’ method is considered to offer a higher degree of data protection and should be mandatory for all air carriers and non-carrier economic operators.
Amendment 143 #
Proposal for a directive
Recital 17
Recital 17
(17) The Member States should take all necessary measures to enable air carriers and non-carrier economic operators to fulfil their obligations under this Directive. Dissuasive, effective and proportionate penalties, including financial ones, should be provided for by Member States against those air carriers and non-carrier economic operators failing to meet their obligations regarding the transfer of PNR data. Where there are repeated serious infringements which might undermine the basic objectives of this Directive, these penalties may include, in exceptional cases, measures such as the immobilisation, seizure and confiscation of the means of transport, or the temporary suspension or withdrawal of the operating licence.
Amendment 161 #
Proposal for a directive
Recital 20
Recital 20
(20) Member States should share with other Member States and Europol the PNR data that they receive where such transferthis is necessary for the prevention, detection, investigation or prosecution of terrorist offences or serious crime or the prevention of immediate and serious threats to public security through. The provisions of this Directive should be without prejudice to other Union instruments on the exchange of information between police and judicial authorities, including Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police Office (Europol)39 and Council Framework Decision 2006/960/JHA of 18 September 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union40 . Such exchange of PNR data between law enforcement and judicial authorities should be governed by the rules on police and judicial cooperation. __________________ 40 OJ L 386, 29.12.2006, p. 89.
Amendment 173 #
Proposal for a directive
Recital 21 a (new)
Recital 21 a (new)
(21a) PNR data should be processed to the greatest extent possible in a masked out way in order to ensure a highest level of data protection by making it impossible for those having access to masked out data to identify a person and to draw conclusions as to what persons are related to that data. Re-identifying masked out data is possible only under conditions ensuring a high level of data protection.
Amendment 203 #
Proposal for a directive
Recital 28
Recital 28
(28) This Directive does not affect the possibility for Member States to provide, under their domestic law, for a system of collection and handling of PNR data for purposes other than those specified in this Directive, or from transportation providers other than those specified in the Directive, regarding internal flights subject to compliance with relevant data protection provisions, provided that such domestic law respects the Union acquis. The issue of the collection of PNR data on internal flights should be the subject of specific reflection at a future date.
Amendment 207 #
Proposal for a directive
Recital 29
Recital 29
(29) As a result of the legal and technical differences between national provisions concerning the processing of personal data, including PNR, air carriers and non- carrier economic operators are and will be faced with different requirements regarding the types of information to be transmitted, as well as the conditions under which this information needs to be provided to competent national authorities. These differences may be prejudicial to effective cooperation between the competent national authorities for the purposes of preventing, detecting, investigating and prosecuting terrorist offences or serious crime.
Amendment 222 #
Proposal for a directive
Recital 32
Recital 32
(32) In particular, the scope of the Directive is as limited as possible, it allows retention of PNR data for period of time not exceeding 57 years, after which the data must be permanently deleted, the data must be anonymised after a very short periodmasked out after 6 months, the collection and use of sensitive data is prohibited. In order to ensure efficiency and a high level of data protection, Member States are required toit must be ensured that an independent national supervisory authority isand in particular its Data Protection Officer are responsible for advising and monitoring how PNR data are processed. All processing of PNR data must be logged or documented for the purpose of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of the data processing. Member States must also ensure that passengers are clearly and precisely informed about the collection of PNR data and their rights.
Amendment 227 #
Proposal for a directive
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Directive provides for the transfer by air carriers of Passenger Name Record data of passengers of international flights to and from the Member Staterelating to passenger flights between EU Member States and third countries, for intra-EU flights and domestic flights, as well as the processing of that data, including its collection, use and retention by the Member States and its exchange between them.
Amendment 231 #
Proposal for a directive
Article 1 – paragraph 1 a (new)
Article 1 – paragraph 1 a (new)
1a. This Directive shall also apply to non- carrier economic operators that gather or store PNR data on passenger flights planned to land on the territory of a Member State originating in a third country or to depart from the territory of a Member States with a final destination in a third country, to intra-EU-flights and to domestic flights;
Amendment 239 #
Proposal for a directive
Article 1 – paragraph 2
Article 1 – paragraph 2
2. The PNR data collected in accordance with this Directive may be processed only for the following purposes: (a) Thepurposes of prevention, detection, investigation and prosecution of terrorist offences, and serious crime according to Article 4 (2)(b) and (c); and (b) The prevention, detection, investigation and prosecution of terrorist offences and serious transnational crime according to Article 4(2)(a) and (d). or the prevention of immediate and serious threats to public security. deleted deleted
Amendment 253 #
Proposal for a directive
Article 2 – paragraph 1 – point b a (new)
Article 2 – paragraph 1 – point b a (new)
(ba) 'intra-EU flight' means any scheduled or non-scheduled flight by an air carrier originating in a Member State with a final destination in another Member State, including any transfer of transit flights;
Amendment 254 #
Proposal for a directive
Article 2 – paragraph 1 – point b b (new)
Article 2 – paragraph 1 – point b b (new)
(bb) 'domestic flight' means any scheduled or non-scheduled flight by an air carrier originating in a Member State with a final destination in the same Member State;
Amendment 257 #
Proposal for a directive
Article 2 – paragraph 1 – point c
Article 2 – paragraph 1 – point c
(c) ‘Passenger Name Record’ or 'PNR data' means a record of each passenger’s travel requirements captured and retained electronically by the air carrier or the non-carrier economic operators in its normal course of business which contains information necessary to enable reservations to be processed and controlled by the booking and participating air carriers for each journey booked by or on behalf of any person, whether it is contained in reservation systems, Departure Control Systems (DCS) or equivalent systems providing the same functionalities. Passenger data includes data created by air carriers or non-carrier economic operators for each journey booked by or on behalf of any passenger and contained in carriers' reservation systems, DCS, or equivalent systems providing similar functionality. PNR data consists of the data fields set out in the Annex;
Amendment 260 #
Proposal for a directive
Article 2 – paragraph 1 – point e
Article 2 – paragraph 1 – point e
(e) ‘'reservation systems’' means the air carrier’'s or the non-carrier economic operator's internal inventory system, in which PNR data are collected for the handling of reservations;
Amendment 262 #
Proposal for a directive
Article 2 – paragraph 1 – point e a (new)
Article 2 – paragraph 1 – point e a (new)
(ea) Non-carrier economic operator means an economic operator, such as travel agencies and tour operators, that provides travel-related services, including the bookings of flights for which they collect and process PNR data of passengers;
Amendment 264 #
Proposal for a directive
Article 2 – paragraph 1 – point f
Article 2 – paragraph 1 – point f
(f) ’push method’ means the method whereby air carriers transfer the required PNR dataand non-carrier economic operator transfer their existing PNR data listed in the Annex to this Directive into the database of the authority requesting them;
Amendment 268 #
Proposal for a directive
Article 2 – paragraph 1 – point g
Article 2 – paragraph 1 – point g
(g) ‘terrorist offences’ means the offences under national law referred to in Articles 1 to 4 of Council Framework Decision 2002/475/JHA; on combating terrorism as amended by Council decision 2008/919/JHA.
Amendment 281 #
Proposal for a directive
Article 2 – paragraph 1 – point i
Article 2 – paragraph 1 – point i
Amendment 296 #
Proposal for a directive
Article 2 – paragraph 1 – point i a (new)
Article 2 – paragraph 1 – point i a (new)
(ia) Masked out means rendering certain data elements of PNR data indecipherable to a user, without deleting them (e.g. by the means of applying a cryptographic state-of-the-art function to the elements of clear text data making a passenger identifiable); elements that are rendered indecipherable must comprise all elements making a passenger identifiable. Identical clear text data may result in identical masked out data in order to make it possible to match data without identifying the persons who are subject to that data.
Amendment 303 #
Proposal for a directive
Article 3 – paragraph 1
Article 3 – paragraph 1
1. Each Member State shall set up or designate an authority competent for the prevention, detection, investigation or prosecution of terrorist offences and serious crime and the prevention of immediate and serious threats to public security or a branch of such an authority to act as its ‘Passenger Information Unit’ responsible for collecting PNR data from the air carriers and non-carrier economic operators, storing them, analyprocessing them and transmitting the result of the analysisPNR data or the result of the processing thereof to the competent authorities referred to in Article 5. Its staff members may be seconded from competent public authoritieThe Passenger Information Unit is also responsible for the exchange of PNR data or the result of the processing thereof with Passenger Information Unit of other Member States in accordance with Article 7. Its staff members may be seconded from competent public authorities. It shall be provided with adequate resources in order to fulfil its tasks.
Amendment 324 #
Proposal for a directive
Article 3 – paragraph 3 a (new)
Article 3 – paragraph 3 a (new)
3a. Each Passenger Information Unit shall appoint an independent Data Protection Officer, who ensures the internal supervision of the Passenger Information Unit's activities and will totally oversee the transfer of PNR data to other competent authorities, to other Member States and Europol. The Data Protection Officer shall report wrong conduct of the data protection requirements set out in this directive
Amendment 333 #
Proposal for a directive
Article 4 – paragraph 1
Article 4 – paragraph 1
1. The PNR data transferred by the air carriers and the non-carrier economic operators, pursuant to Article 6, in relation to international flights which land on or depart from the territory of each Member State shall be collected only by the Passenger Information Unit of the relevant Member State. Should the PNR data transferred by air carriers and non-carrier economic operators include data beyond those listed in the Annex, the Passenger Information Unit shall delete such data immediately upon receipt.
Amendment 344 #
Proposal for a directive
Article 4 – paragraph 2 – point a
Article 4 – paragraph 2 – point a
(a) carrying out an assessment of the passengers prior to their scheduled arrival or departure from the Member State in order to identify any persons who may be involved in a terrorist offence or serious transnational crime and who require further examination by the competent authorities referred to in Article 5 as well as Europol. In carrying out such an assessment, the Passenger Information Unit may process PNR data against pre-determined criteria in accordance with this Directive, and may compare PNR data against relevant databases, including international or national databases or national mirrors of Union databases, where they are established on the basis of Union law, on persons or objects sought or under alert, in accordance with Union, international and national rules applicable to such files. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated means in order to verify whether the competent authority referred to in Article 5 needs to take action;
Amendment 365 #
Proposal for a directive
Article 4 – paragraph 2 – point c
Article 4 – paragraph 2 – point c
(c) responding, on a case-by-case basis based on sufficient evidence, to duly reasoned requests from competent authorities or Europol to provide PNR data and process PNR data in specific cases for the purpose of prevention, detection, investigation and prosecution of a terrorist offence or serious crime listed in Article 2.1 (i) or the prevention of an immediate and serious threat to public security, and to provide the competent authorities with the results of such processing; and
Amendment 382 #
Proposal for a directive
Article 4 – paragraph 3
Article 4 – paragraph 3
3. The assessment of the passengers prior to their scheduled arrival or departure from the Member State referred to in point (a) of paragraph 2 shall be carried out in a non- discriminatory manner on the basis of assessment criteria established by its Passenger Information Unit. Member States shall ensure that the assessment criteria are set by the Passenger Information Units, in cooperation with the competent authorities referred to in Article 5. The assessment criteria shall in no circumstances be based on a person’s raceracial or ethnic origin, political opinions, religious or philosophical belief, political opinions, trade union membership, health or sexual life.
Amendment 411 #
Proposal for a directive
Article 5 – paragraph 1
Article 5 – paragraph 1
1. Each Member State shall adopt a list of the competent authorities entitled to request or receive masked out PNR data or the result of the processing of PNR data from the Passenger Information Units in order to examine that information further or take appropriate action for the specific purpose of preventing, detecting, investigating and prosecuting terrorist offences and serious crime or the prevention of immediate and serious threats to public security. Europol shall be entitled to request or receive PNR data or the result of the processing of PNR data from the Passenger Information Units of the Member States within the limits of its mandate and when necessary for the performance of its tasks.
Amendment 418 #
Proposal for a directive
Article 5 – paragraph 2
Article 5 – paragraph 2
2. Competent authorities shall consist of authorities competent for the prevention, detection, investigation or prosecution of terrorist offences and serious crime or the prevention of immediate and serious threats to public security.
Amendment 429 #
Proposal for a directive
Article 5 – paragraph 4
Article 5 – paragraph 4
4. The PNR data of passengers and the result of the processing of PNR data received by the Passenger Information Unit may be further processed by the competent authorities of the Member States only for the purpose of preventing, detecting, investigating or prosecuting terrorist offences or serious crime or the prevention of immediate and serious threats to public security.
Amendment 442 #
Proposal for a directive
Article 6 – title
Article 6 – title
Obligations on air carriers and non-carrier economic operators
Amendment 446 #
Proposal for a directive
Article 6 – paragraph 1
Article 6 – paragraph 1
1. Member States shall adopt the necessary measures to ensure that air carriers and non-carrier economic operators transfer ('push') the PNR data as defined in Article 2(c) and specified in the Annex, to the extent that such data are already collected by them, to the database of the national Passenger Information Unit of the Member State on the territory of which the international flight will land or from the territory of which the flight will depart. Where the flight is code-shared between one or more air carriers, the obligation to transfer the PNR data of all passengers on the flight shall be on the air carrier and the non-carrier economic operator that operates the flight. Where the flight has one or more stop-overs at the airports of the Member States, air carriers and the non-carrier economic operators shall transfer the PNR data to the Passenger Information Units of all the Member States concerned.
Amendment 457 #
Proposal for a directive
Article 6 – paragraph 2 – introductory part
Article 6 – paragraph 2 – introductory part
2. Air carriers and non-carrier economic operator shall transfer PNR data by electronic means using the common protocols and supported data formats to be adopted in accordance with the procedure of Articles 13 and 14 or, in the event of technical failure, by any other appropriate means ensuring an appropriate level of data security:
Amendment 461 #
Proposal for a directive
Article 6 – paragraph 2 – point a – introductory part
Article 6 – paragraph 2 – point a – introductory part
(a) once, 24 to 48 hours before the scheduled time for flight departure;
Amendment 469 #
Proposal for a directive
Article 6 – paragraph 3
Article 6 – paragraph 3
3. Member States may permit air carriers and non-carrier economic operators to limit the transfer referred to in point (b) of paragraph 2 to updates of the transfer referred to in point (a) of paragraph 2.
Amendment 476 #
Proposal for a directive
Article 6 – paragraph 4
Article 6 – paragraph 4
4. On a case-by-case basis, upon request from a Passenger Information Unit in accordance with national law, air carriers and non-carrier economic operator shall transfer PNR data where access earlier than that mentioned in point (a) of paragraph 2 is necessary to assist in responding to a specific and actual threat related to terrorist offences or serious crime.
Amendment 485 #
Proposal for a directive
Article 7 – paragraph 1
Article 7 – paragraph 1
1. Member States shall ensure that, with regard to persons identified by a Passenger Information Unit in accordance with Article 4(2)(a) and (b), the result of the processing of PNR data is transmitted by that Passenger Information Unit to the Passenger Information Units of other Member States where the former Passenger Information Unit considersand to Europol where any elements indicate such a transfer to be necessaryhelpful for the prevention, detection, investigation or prosecution of terrorist offences or serious crime or the prevention of immediate and serious threats to public security. The Passenger Information Units of the receiving Member States shallmay transmit such PNR data or the result of the processing of PNR data to their relevant competent authorities through using their Passenger Information Unit and using Europol's existing Secure Information Exchange Network Application (SIENA).
Amendment 492 #
Proposal for a directive
Article 7 – paragraph 2
Article 7 – paragraph 2
2. The Passenger Information Unit of a Member State shall have the right to request, if necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’'s database in accordance with Article 9(1),and have not yet been masked out and, if necessary, also the result of theany processing of PNR data. Thethereof, if it has already been prepared pursuant to Article 4(2)(a). The duly reasoned request for such data may be based on any one or a combination of data elements, as deemed necessary by the requesting Passenger Information Unit for a specific case of prevention, detection, investigation or prosecution of terrorist offences or serious crime or the prevention of immediate and serious threats to public security. Passenger Information Units shall provide the requested data as soon as practicable and shall provide also the result of the processing of PNR data, if it has already been prepared pursuant to Article 4(2)(a) and (b)ossible.
Amendment 501 #
Proposal for a directive
Article 7 – paragraph 3
Article 7 – paragraph 3
3. The Passenger Information Unit of a Member State shall have the right to request, if necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’s database in accordance with Article 9(2), and, if necessary, also the result of the processing of PNR data. The Passenger Information Unit may request access to specific PNR data kept by the Passenger Information Unit of another Member State in their full form without the masking out only in exceptional circumstances in responhave been already masked out. The Passenger Information Unit shall only provide the full PNR data where it is reasonably believed that it is necessary for the purpose of Article 4(2)(b) and only when authorised to a specific threat or a specific investigation or prosecution related to terrorist offences or serious crimedo so by an authority competent under Article 9(3).
Amendment 512 #
Proposal for a directive
Article 7 – paragraph 4
Article 7 – paragraph 4
4. Only in those cases where it is necessary for the prevention of an immediate and serious threat to public securitywhen necessary in cases of emergency and under the conditions laid down in paragraph 2 and 3 may the competent authorities of a Member State request directly the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’'s database in accordance with Article 9(1) and (2). Such requests shall relate to a specific investigation or prosecution of terrorist offences or serious crime and shall be reasoned. Passenger Information Units shall respond to such requests as a matter of priority. The requests from the competent authorities, a copy of which shall always be sent to the Passenger Information Unit of the requesting Member State, shall be reasoned. In all other cases the competent authorities shall channel their requests through the Passenger Information Unit of their own Member State.
Amendment 524 #
Proposal for a directive
Article 7 – paragraph 5
Article 7 – paragraph 5
5. Exceptionally, where early access is necessary to respond to a specific and actual threat related to terrorist offences or serious crime or to prevent an immediate and serious threat to public security, the Passenger Information Unit of a Member State shall have the right to request the Passenger Information Unit of another Member State to provide it with PNR data of flights landing in or departing from the latter’s territory at any time.
Amendment 536 #
Proposal for a directive
Article 7 – paragraph 6 a (new)
Article 7 – paragraph 6 a (new)
6a. Passenger Information Units shall establish the possibility for Europol to request access to PNR data.
Amendment 539 #
Proposal for a directive
Article 7 – paragraph 6 b (new)
Article 7 – paragraph 6 b (new)
6b. Member States shall ensure that their Passenger Information Unit's, in order to fulfil their tasks as laid down in Article 4(2)(c), co-operate in the application of state-of-the-art technologies through Europol using technologies that shall allow Passenger and Europol to combine their data with that of other Passenger Information Unit's by ensuring full protection of personal data with the aim of analysing the data pursuant to Article 4(2)(c).
Amendment 545 #
Proposal for a directive
Article 8 – paragraph 1 – introductory part
Article 8 – paragraph 1 – introductory part
A Member State may transfer PNR data and the results of the processing of PNR data to a third country, only on a case-by- case basis and in duly reasoned request based on sufficient evidence and if:
Amendment 554 #
Proposal for a directive
Article 8 – paragraph 1 – point a
Article 8 – paragraph 1 – point a
(a) the conditions laid down in Article 13 of Council Framework Decision 2008/977/JHA are fulfilled,transfer is necessary for the prevention, investigation, detection or prosecution of criminal offences, the prevention of immediate and serious threats to public security or the execution of criminal penalties;
Amendment 562 #
Proposal for a directive
Article 8 – paragraph 1 – point a b (new)
Article 8 – paragraph 1 – point a b (new)
(ab) the Member State from which the data were obtained has given its consent to transfer in compliance with its national law;
Amendment 565 #
Proposal for a directive
Article 8 – paragraph 1 – point a c (new)
Article 8 – paragraph 1 – point a c (new)
(ac) the third country or international body concerned ensures an adequate level of protection for the intended data processing;
Amendment 612 #
Proposal for a directive
Article 9 – paragraph 1
Article 9 – paragraph 1
1. Member States shall ensure that the PNR data provided by the air carriers and non- carrier economic operators to the Passenger Information Unit are retained in a database at the Passenger Information Unit for a period of 30 day6 months after their transfer to the Passenger Information Unit of the first Member State on whose territory the international flight is landing or departing.
Amendment 628 #
Proposal for a directive
Article 9 – paragraph 2 – subparagraph 1
Article 9 – paragraph 2 – subparagraph 1
Upon expiry of the period of 30 day6 months after the transfer of the PNR data to the Passenger Information Unit referred to in paragraph 1, the data shall be retained at the Passenger Information Unit for a further period of fiseven years. During this period, all data elements which could serve to identify the passenger to whom PNR data relate shall be masked out. Such anonymisedmasked out PNR data shall be accessible only to a limited number of personnel of the Passenger Information Unit specifically authorised to carry out analysis of PNR data and develop assessment criteria according to Article 4(2)(d). Access to the full PNR data shall be permitted only by the Head of the Passenger Information Unit for the purposes of Article 4(2)(c) and where it could be reasonably believed that it is necessary to carry out an investigation and in response to a specific and actual threat or risk or a specific investigation or prosecution.
Amendment 634 #
Proposal for a directive
Article 9 – paragraph 2 – subparagraph 1 a (new)
Article 9 – paragraph 2 – subparagraph 1 a (new)
Re-identification of masked out PNR data and access to the full PNR data shall be permitted only by the Data Protection Officer for the purposes of Article 4(2)(b) and where it could be reasonably believed that it is necessary to carry out an investigation and in response to a specific and actual threat or risk related to terrorist offences or a specific investigation or prosecution related to a crime listed in Article 2.1 or the prevention of an immediate and serious threat to public security.
Amendment 659 #
Proposal for a directive
Article 9 – paragraph 3
Article 9 – paragraph 3
3. Member States shall ensure that the PNR data are deleted permanently upon expiry of the period specified in paragraph 2. This obligation shall be without prejudice to cases where specific PNR data have been transferred to a competent authority and are used in the context of specific criminal investigations or prosecutions, in which case the retention of such data by the competent authority shall be regulated by the national law of the Member State.
Amendment 675 #
Proposal for a directive
Article 10 – title
Article 10 – title
Penalties against air carriers and non- carrier economic operators
Amendment 679 #
Proposal for a directive
Article 10 – paragraph 1
Article 10 – paragraph 1
Member States shall ensure, in conformity with their national law, that dissuasive, effective and proportionate penalties, including financial penalties, are provided for against air carriers and non-carrier economic operators which, do not transmit the data required under this Directive, to the extent that they are already collected by the them, or do not do so in the required format or otherwise infringe the national provisions adopted pursuant to this Directive.
Amendment 687 #
Proposal for a directive
Article 11 – paragraph 1 a (new)
Article 11 – paragraph 1 a (new)
1a. Each Passenger Information Unit shall appoint a Data Protection Officer in order to ensure compliance with existing national and Union data protection law and fundamental rights; that person shall be trained and qualified to a high standard in data protection law.
Amendment 689 #
Proposal for a directive
Article 11 – paragraph 2
Article 11 – paragraph 2
2. Each Member State shall provide that the provisions adopted under national law in implementation of Articles 21 and 22 of the Council Framework Decision 2008/977/JHA regarding confidentiality of processing and data security shall also apply to all processing of personal data pursuant to this Directive. Air carriers which collect contact details for passengers who have booked their flights through a travel agency or other travel intermediary shall be prohibited from using those data for marketing purposes.
Amendment 702 #
Proposal for a directive
Article 11 – paragraph 4
Article 11 – paragraph 4
4. All processing of PNR data by air carriers and non-carrier economic operators, all transfers of PNR data by Passenger Information Units and all requests by competent authorities or Passenger Information Units of other Member States and third countries, even if refused, shall be logged or documented by the Passenger Information Unit and the competent authorities for the purposes of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of data processing, in particular by the national data protection supervisory authorities and the Data Protection Officer. These logs shall be kept for a period of fiseven years unless the underlying data have not yet been deleted in accordance with Article 9(3) at the expiry of those fiseven years, in which case the logs shall be kept until the underlying data are deleted.
Amendment 704 #
Proposal for a directive
Article 11 – paragraph 4 a (new)
Article 11 – paragraph 4 a (new)
4a. Those persons who operate security controls, who access and analyse the PNR data, and who operate the data logs, must be security cleared and security trained.
Amendment 713 #
Proposal for a directive
Article 11 – paragraph 6
Article 11 – paragraph 6
6. Any transfer of PNR data by Passenger Information Units and competent authorities to private parties in Member States or in third countries shall be prohibited. Any wrong conduct should be sanctioned.
Amendment 776 #
Proposal for a directive
Article 17 – paragraph 1 – point a
Article 17 – paragraph 1 – point a
Amendment 781 #
Proposal for a directive
Article 17 – paragraph 1 – point b
Article 17 – paragraph 1 – point b
(b) undertake a review of the operation of this Directive and submit a report to the European Parliament and the Council within fourseven years after the date mentioned in Article 15(1). Such review shall cover all the elements of this Directive, with special attention to the compliance with standard of protection of personal data, the length of the data retention period and the quality of the assessments. It shall also contain the statistical information gathered pursuant to Article 18.