Activities of Barbara MATERA related to 2011/0023(COD)
Plenary speeches (1)
Use of Passenger Name Record data (EU PNR) (A8-0248/2015 - Timothy Kirkhope) IT
Amendments (41)
Amendment 51 #
Draft legislative resolution
Citation 5 a (new)
Citation 5 a (new)
- having regard to the European Parliament resolution of 11 February 2015 on anti-terrorism measures (2015/2530(RSP)),
Amendment 106 #
Proposal for a directive
Recital 10
Recital 10
(10) To prevent, detect, investigate and prosecute terrorist offences and serious crime, it is therefore essential that all Member States introduce provisions laying down obligations on air carriers operating international flights to or from the territory of the Member States of the European Union, intra-EU flights from one Member State to another Member State and domestic flights with a final destination in the same Member State and non-carrier economic operators when involved in booking such flights.
Amendment 113 #
Proposal for a directive
Recital 11
Recital 11
(11) Air carriers already collect and process PNR data from their passengers for their own commercial purposes. This Directive should not impose any obligation on air carriers and non-carrier economic operators to collect or retain any additional data from passengers or to impose any obligation on passengers to provide any data in addition to that already being provided to air carriers and non-carrier economic operators.
Amendment 115 #
Proposal for a directive
Recital 11 a (new)
Recital 11 a (new)
(11a) Non-carrier economic operators, such as travel agencies and tour operators, sell package tours making use of charter flights for which they collect and process PNR data from their customers, yet without necessarily transferring the data to the airline operating the passenger flight.
Amendment 120 #
Proposal for a directive
Recital 12
Recital 12
(12) The definition of terrorist offences should be taken from Articles 1 to 4 ofapplied in this Directive should be the same as in Council Framework Decision 2002/475/JHA on combating terrorism37. The definition of serous crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA of 13 June 2002 on the European Arrest Warrant and the surrender procedure between Member States38 . However, Member States may exclude those minor offences for which, taking into account their respective criminal justice system, the processing of PNR data pursuant to as amended by Council decision 2008/919/JHA. The term serious crime applied in this dDirective would not be in line with the principle of proportionality. The definition of serious transnational crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA and the United Nations Convention on Transnational Organised Crimeencompasses the crimes listed in Article 2.1. __________________ 38 OJ L 190, 18.7.2002, p. 1.
Amendment 161 #
Proposal for a directive
Recital 20
Recital 20
(20) Member States should share with other Member States and Europol the PNR data that they receive where such transferthis is necessary for the prevention, detection, investigation or prosecution of terrorist offences or serious crime or the prevention of immediate and serious threats to public security through. The provisions of this Directive should be without prejudice to other Union instruments on the exchange of information between police and judicial authorities, including Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police Office (Europol)39 and Council Framework Decision 2006/960/JHA of 18 September 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union40 . Such exchange of PNR data between law enforcement and judicial authorities should be governed by the rules on police and judicial cooperation. __________________ 40 OJ L 386, 29.12.2006, p. 89.
Amendment 173 #
Proposal for a directive
Recital 21 a (new)
Recital 21 a (new)
(21a) PNR data should be processed to the greatest extent possible in a masked out way in order to ensure a highest level of data protection by making it impossible for those having access to masked out data to identify a person and to draw conclusions as to what persons are related to that data. Re-identifying masked out data is possible only under conditions ensuring a high level of data protection.
Amendment 222 #
Proposal for a directive
Recital 32
Recital 32
(32) In particular, the scope of the Directive is as limited as possible, it allows retention of PNR data for period of time not exceeding 57 years, after which the data must be permanently deleted, the data must be anonymised after a very short periodmasked out after 6 months, the collection and use of sensitive data is prohibited. In order to ensure efficiency and a high level of data protection, Member States are required toit must be ensured that an independent national supervisory authority isand in particular its Data Protection Officer are responsible for advising and monitoring how PNR data are processed. All processing of PNR data must be logged or documented for the purpose of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of the data processing. Member States must also ensure that passengers are clearly and precisely informed about the collection of PNR data and their rights.
Amendment 227 #
Proposal for a directive
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Directive provides for the transfer by air carriers of Passenger Name Record data of passengers of international flights to and from the Member Staterelating to passenger flights between EU Member States and third countries, for intra-EU flights and domestic flights, as well as the processing of that data, including its collection, use and retention by the Member States and its exchange between them.
Amendment 231 #
Proposal for a directive
Article 1 – paragraph 1 a (new)
Article 1 – paragraph 1 a (new)
1a. This Directive shall also apply to non- carrier economic operators that gather or store PNR data on passenger flights planned to land on the territory of a Member State originating in a third country or to depart from the territory of a Member States with a final destination in a third country, to intra-EU-flights and to domestic flights;
Amendment 239 #
Proposal for a directive
Article 1 – paragraph 2
Article 1 – paragraph 2
2. The PNR data collected in accordance with this Directive may be processed only for the following purposes: (a) Thepurposes of prevention, detection, investigation and prosecution of terrorist offences, and serious crime according to Article 4 (2)(b) and (c); and (b) The prevention, detection, investigation and prosecution of terrorist offences and serious transnational crime according to Article 4(2)(a) and (d). or the prevention of immediate and serious threats to public security. deleted deleted
Amendment 253 #
Proposal for a directive
Article 2 – paragraph 1 – point b a (new)
Article 2 – paragraph 1 – point b a (new)
(ba) 'intra-EU flight' means any scheduled or non-scheduled flight by an air carrier originating in a Member State with a final destination in another Member State, including any transfer of transit flights;
Amendment 254 #
Proposal for a directive
Article 2 – paragraph 1 – point b b (new)
Article 2 – paragraph 1 – point b b (new)
(bb) 'domestic flight' means any scheduled or non-scheduled flight by an air carrier originating in a Member State with a final destination in the same Member State;
Amendment 257 #
Proposal for a directive
Article 2 – paragraph 1 – point c
Article 2 – paragraph 1 – point c
(c) ‘Passenger Name Record’ or 'PNR data' means a record of each passenger’s travel requirements captured and retained electronically by the air carrier or the non-carrier economic operators in its normal course of business which contains information necessary to enable reservations to be processed and controlled by the booking and participating air carriers for each journey booked by or on behalf of any person, whether it is contained in reservation systems, Departure Control Systems (DCS) or equivalent systems providing the same functionalities. Passenger data includes data created by air carriers or non-carrier economic operators for each journey booked by or on behalf of any passenger and contained in carriers' reservation systems, DCS, or equivalent systems providing similar functionality. PNR data consists of the data fields set out in the Annex;
Amendment 262 #
Proposal for a directive
Article 2 – paragraph 1 – point e a (new)
Article 2 – paragraph 1 – point e a (new)
(ea) Non-carrier economic operator means an economic operator, such as travel agencies and tour operators, that provides travel-related services, including the bookings of flights for which they collect and process PNR data of passengers;
Amendment 268 #
Proposal for a directive
Article 2 – paragraph 1 – point g
Article 2 – paragraph 1 – point g
(g) ‘terrorist offences’ means the offences under national law referred to in Articles 1 to 4 of Council Framework Decision 2002/475/JHA; on combating terrorism as amended by Council decision 2008/919/JHA.
Amendment 281 #
Proposal for a directive
Article 2 – paragraph 1 – point i
Article 2 – paragraph 1 – point i
Amendment 296 #
Proposal for a directive
Article 2 – paragraph 1 – point i a (new)
Article 2 – paragraph 1 – point i a (new)
(ia) Masked out means rendering certain data elements of PNR data indecipherable to a user, without deleting them (e.g. by the means of applying a cryptographic state-of-the-art function to the elements of clear text data making a passenger identifiable); elements that are rendered indecipherable must comprise all elements making a passenger identifiable. Identical clear text data may result in identical masked out data in order to make it possible to match data without identifying the persons who are subject to that data.
Amendment 303 #
Proposal for a directive
Article 3 – paragraph 1
Article 3 – paragraph 1
1. Each Member State shall set up or designate an authority competent for the prevention, detection, investigation or prosecution of terrorist offences and serious crime and the prevention of immediate and serious threats to public security or a branch of such an authority to act as its ‘Passenger Information Unit’ responsible for collecting PNR data from the air carriers and non-carrier economic operators, storing them, analyprocessing them and transmitting the result of the analysisPNR data or the result of the processing thereof to the competent authorities referred to in Article 5. Its staff members may be seconded from competent public authoritieThe Passenger Information Unit is also responsible for the exchange of PNR data or the result of the processing thereof with Passenger Information Unit of other Member States in accordance with Article 7. Its staff members may be seconded from competent public authorities. It shall be provided with adequate resources in order to fulfil its tasks.
Amendment 324 #
Proposal for a directive
Article 3 – paragraph 3 a (new)
Article 3 – paragraph 3 a (new)
3a. Each Passenger Information Unit shall appoint an independent Data Protection Officer, who ensures the internal supervision of the Passenger Information Unit's activities and will totally oversee the transfer of PNR data to other competent authorities, to other Member States and Europol. The Data Protection Officer shall report wrong conduct of the data protection requirements set out in this directive
Amendment 344 #
Proposal for a directive
Article 4 – paragraph 2 – point a
Article 4 – paragraph 2 – point a
(a) carrying out an assessment of the passengers prior to their scheduled arrival or departure from the Member State in order to identify any persons who may be involved in a terrorist offence or serious transnational crime and who require further examination by the competent authorities referred to in Article 5 as well as Europol. In carrying out such an assessment, the Passenger Information Unit may process PNR data against pre-determined criteria in accordance with this Directive, and may compare PNR data against relevant databases, including international or national databases or national mirrors of Union databases, where they are established on the basis of Union law, on persons or objects sought or under alert, in accordance with Union, international and national rules applicable to such files. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated means in order to verify whether the competent authority referred to in Article 5 needs to take action;
Amendment 365 #
Proposal for a directive
Article 4 – paragraph 2 – point c
Article 4 – paragraph 2 – point c
(c) responding, on a case-by-case basis based on sufficient evidence, to duly reasoned requests from competent authorities or Europol to provide PNR data and process PNR data in specific cases for the purpose of prevention, detection, investigation and prosecution of a terrorist offence or serious crime listed in Article 2.1 (i) or the prevention of an immediate and serious threat to public security, and to provide the competent authorities with the results of such processing; and
Amendment 411 #
Proposal for a directive
Article 5 – paragraph 1
Article 5 – paragraph 1
1. Each Member State shall adopt a list of the competent authorities entitled to request or receive masked out PNR data or the result of the processing of PNR data from the Passenger Information Units in order to examine that information further or take appropriate action for the specific purpose of preventing, detecting, investigating and prosecuting terrorist offences and serious crime or the prevention of immediate and serious threats to public security. Europol shall be entitled to request or receive PNR data or the result of the processing of PNR data from the Passenger Information Units of the Member States within the limits of its mandate and when necessary for the performance of its tasks.
Amendment 418 #
Proposal for a directive
Article 5 – paragraph 2
Article 5 – paragraph 2
2. Competent authorities shall consist of authorities competent for the prevention, detection, investigation or prosecution of terrorist offences and serious crime or the prevention of immediate and serious threats to public security.
Amendment 429 #
Proposal for a directive
Article 5 – paragraph 4
Article 5 – paragraph 4
4. The PNR data of passengers and the result of the processing of PNR data received by the Passenger Information Unit may be further processed by the competent authorities of the Member States only for the purpose of preventing, detecting, investigating or prosecuting terrorist offences or serious crime or the prevention of immediate and serious threats to public security.
Amendment 485 #
Proposal for a directive
Article 7 – paragraph 1
Article 7 – paragraph 1
1. Member States shall ensure that, with regard to persons identified by a Passenger Information Unit in accordance with Article 4(2)(a) and (b), the result of the processing of PNR data is transmitted by that Passenger Information Unit to the Passenger Information Units of other Member States where the former Passenger Information Unit considersand to Europol where any elements indicate such a transfer to be necessaryhelpful for the prevention, detection, investigation or prosecution of terrorist offences or serious crime or the prevention of immediate and serious threats to public security. The Passenger Information Units of the receiving Member States shallmay transmit such PNR data or the result of the processing of PNR data to their relevant competent authorities through using their Passenger Information Unit and using Europol's existing Secure Information Exchange Network Application (SIENA).
Amendment 492 #
Proposal for a directive
Article 7 – paragraph 2
Article 7 – paragraph 2
2. The Passenger Information Unit of a Member State shall have the right to request, if necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’'s database in accordance with Article 9(1),and have not yet been masked out and, if necessary, also the result of theany processing of PNR data. Thethereof, if it has already been prepared pursuant to Article 4(2)(a). The duly reasoned request for such data may be based on any one or a combination of data elements, as deemed necessary by the requesting Passenger Information Unit for a specific case of prevention, detection, investigation or prosecution of terrorist offences or serious crime or the prevention of immediate and serious threats to public security. Passenger Information Units shall provide the requested data as soon as practicable and shall provide also the result of the processing of PNR data, if it has already been prepared pursuant to Article 4(2)(a) and (b)ossible.
Amendment 501 #
Proposal for a directive
Article 7 – paragraph 3
Article 7 – paragraph 3
3. The Passenger Information Unit of a Member State shall have the right to request, if necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’s database in accordance with Article 9(2), and, if necessary, also the result of the processing of PNR data. The Passenger Information Unit may request access to specific PNR data kept by the Passenger Information Unit of another Member State in their full form without the masking out only in exceptional circumstances in responhave been already masked out. The Passenger Information Unit shall only provide the full PNR data where it is reasonably believed that it is necessary for the purpose of Article 4(2)(b) and only when authorised to a specific threat or a specific investigation or prosecution related to terrorist offences or serious crimedo so by an authority competent under Article 9(3).
Amendment 512 #
Proposal for a directive
Article 7 – paragraph 4
Article 7 – paragraph 4
4. Only in those cases where it is necessary for the prevention of an immediate and serious threat to public securitywhen necessary in cases of emergency and under the conditions laid down in paragraph 2 and 3 may the competent authorities of a Member State request directly the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’'s database in accordance with Article 9(1) and (2). Such requests shall relate to a specific investigation or prosecution of terrorist offences or serious crime and shall be reasoned. Passenger Information Units shall respond to such requests as a matter of priority. The requests from the competent authorities, a copy of which shall always be sent to the Passenger Information Unit of the requesting Member State, shall be reasoned. In all other cases the competent authorities shall channel their requests through the Passenger Information Unit of their own Member State.
Amendment 524 #
Proposal for a directive
Article 7 – paragraph 5
Article 7 – paragraph 5
5. Exceptionally, where early access is necessary to respond to a specific and actual threat related to terrorist offences or serious crime or to prevent an immediate and serious threat to public security, the Passenger Information Unit of a Member State shall have the right to request the Passenger Information Unit of another Member State to provide it with PNR data of flights landing in or departing from the latter’s territory at any time.
Amendment 536 #
Proposal for a directive
Article 7 – paragraph 6 a (new)
Article 7 – paragraph 6 a (new)
6a. Passenger Information Units shall establish the possibility for Europol to request access to PNR data.
Amendment 539 #
Proposal for a directive
Article 7 – paragraph 6 b (new)
Article 7 – paragraph 6 b (new)
6b. Member States shall ensure that their Passenger Information Unit's, in order to fulfil their tasks as laid down in Article 4(2)(c), co-operate in the application of state-of-the-art technologies through Europol using technologies that shall allow Passenger and Europol to combine their data with that of other Passenger Information Unit's by ensuring full protection of personal data with the aim of analysing the data pursuant to Article 4(2)(c).
Amendment 545 #
Proposal for a directive
Article 8 – paragraph 1 – introductory part
Article 8 – paragraph 1 – introductory part
A Member State may transfer PNR data and the results of the processing of PNR data to a third country, only on a case-by- case basis and in duly reasoned request based on sufficient evidence and if:
Amendment 554 #
Proposal for a directive
Article 8 – paragraph 1 – point a
Article 8 – paragraph 1 – point a
(a) the conditions laid down in Article 13 of Council Framework Decision 2008/977/JHA are fulfilled,transfer is necessary for the prevention, investigation, detection or prosecution of criminal offences, the prevention of immediate and serious threats to public security or the execution of criminal penalties;
Amendment 562 #
Proposal for a directive
Article 8 – paragraph 1 – point a b (new)
Article 8 – paragraph 1 – point a b (new)
(ab) the Member State from which the data were obtained has given its consent to transfer in compliance with its national law;
Amendment 565 #
Proposal for a directive
Article 8 – paragraph 1 – point a c (new)
Article 8 – paragraph 1 – point a c (new)
(ac) the third country or international body concerned ensures an adequate level of protection for the intended data processing;
Amendment 628 #
Proposal for a directive
Article 9 – paragraph 2 – subparagraph 1
Article 9 – paragraph 2 – subparagraph 1
Upon expiry of the period of 30 day6 months after the transfer of the PNR data to the Passenger Information Unit referred to in paragraph 1, the data shall be retained at the Passenger Information Unit for a further period of fiseven years. During this period, all data elements which could serve to identify the passenger to whom PNR data relate shall be masked out. Such anonymisedmasked out PNR data shall be accessible only to a limited number of personnel of the Passenger Information Unit specifically authorised to carry out analysis of PNR data and develop assessment criteria according to Article 4(2)(d). Access to the full PNR data shall be permitted only by the Head of the Passenger Information Unit for the purposes of Article 4(2)(c) and where it could be reasonably believed that it is necessary to carry out an investigation and in response to a specific and actual threat or risk or a specific investigation or prosecution.
Amendment 634 #
Proposal for a directive
Article 9 – paragraph 2 – subparagraph 1 a (new)
Article 9 – paragraph 2 – subparagraph 1 a (new)
Re-identification of masked out PNR data and access to the full PNR data shall be permitted only by the Data Protection Officer for the purposes of Article 4(2)(b) and where it could be reasonably believed that it is necessary to carry out an investigation and in response to a specific and actual threat or risk related to terrorist offences or a specific investigation or prosecution related to a crime listed in Article 2.1 or the prevention of an immediate and serious threat to public security.
Amendment 687 #
Proposal for a directive
Article 11 – paragraph 1 a (new)
Article 11 – paragraph 1 a (new)
1a. Each Passenger Information Unit shall appoint a Data Protection Officer in order to ensure compliance with existing national and Union data protection law and fundamental rights; that person shall be trained and qualified to a high standard in data protection law.
Amendment 689 #
Proposal for a directive
Article 11 – paragraph 2
Article 11 – paragraph 2
2. Each Member State shall provide that the provisions adopted under national law in implementation of Articles 21 and 22 of the Council Framework Decision 2008/977/JHA regarding confidentiality of processing and data security shall also apply to all processing of personal data pursuant to this Directive. Air carriers which collect contact details for passengers who have booked their flights through a travel agency or other travel intermediary shall be prohibited from using those data for marketing purposes.
Amendment 702 #
Proposal for a directive
Article 11 – paragraph 4
Article 11 – paragraph 4
4. All processing of PNR data by air carriers and non-carrier economic operators, all transfers of PNR data by Passenger Information Units and all requests by competent authorities or Passenger Information Units of other Member States and third countries, even if refused, shall be logged or documented by the Passenger Information Unit and the competent authorities for the purposes of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of data processing, in particular by the national data protection supervisory authorities and the Data Protection Officer. These logs shall be kept for a period of fiseven years unless the underlying data have not yet been deleted in accordance with Article 9(3) at the expiry of those fiseven years, in which case the logs shall be kept until the underlying data are deleted.