BETA


2007/0237(CNS) Use of passenger name record (PNR) for law enforcement purposes

Progress: Procedure lapsed or withdrawn

RoleCommitteeRapporteurShadows
Lead LIBE IN 'T VELD Sophia (icon: ALDE ALDE)
Former Responsible Committee LIBE
Committee Opinion AFET
Committee Opinion TRAN LICHTENBERGER Eva (icon: Verts/ALE Verts/ALE)
Former Committee Opinion AFET
Former Committee Opinion TRAN
Lead committee dossier:
Legal Basis:
Treaty on the European Union (after Amsterdam) M 029, Treaty on the European Union (after Amsterdam) M 030-p1, Treaty on the European Union (after Amsterdam) M 034-p2b

Events

2009/10/05
   EP - LICHTENBERGER Eva (Verts/ALE) appointed as rapporteur in TRAN
2009/07/22
   EP - IN 'T VELD Sophia (ALDE) appointed as rapporteur in LIBE
2008/11/27
   CSL - Debate in Council
Documents
2008/11/27
   CSL - Council Meeting
2008/10/24
   CSL - Debate in Council
Details

The Council discussed, without yet reaching definitive conclusions , some characteristics of a future passenger name record (PNR) system for collecting personal data gathered by air carriers when passengers book their tickets on international flights serving the territory of a Member State. The data, which would be forwarded to the public authorities before the passengers board the aircraft, would serve as input for analysing the terrorist and criminal threat and could also be used in the context of individual inquiries.

As regards including PNR data relating to intra-Community flights, the Council noted that the

cost-benefit ratio was an issue and that that point therefore needed to be assessed before deciding to include the data in the European instrument. The data are already being – and will continue to be – collected by some Member States at national discretion. The Council therefore agreed to review that specific issue once the PNR system had been in operation for a few years.

An overall report will be submitted to the JHA Council for endorsement at its next meeting on

27 and 28 November 2008. The Council will decide at that point on the follow-up to be given to that dossier.

Documents
2008/10/24
   CSL - Council Meeting
2008/07/24
   CSL - Debate in Council
Details

The Council held an exchange of views on the working method to be followed for the coming

months, and on a number of topics, in relation to the proposal for a Framework Decision on the use of passenger name records (PNR) by Member States' law-enforcement authorities.

Following the discussion, the Council confirmed its resolve to progress work on this proposal, involving partners such as the European Parliament, the personal data-control authorities and the Agency for Fundamental Rights.

It also agreed that work over the next few months should seek to gradually identify the essential features that the European PNR system should satisfy, on the basis of the following points in particular:

priority to be given to the substance of the decision, with the legal basis being examined in the light of that substance; a balance to be sought between the need for a common tool and the flexibility which Member States may turn out to need; consideration based on operational use of data, which appears to be twofold: firstly in real time, resulting in action upon arrival of a flight, and secondly after the event, as part of investigations; examination of privacy protection in the light of the intended uses and with the incorporation of standards drawn up at European and national level; practical examination of technical arrangements for data collection, treatment of transit flights, the respective roles of passenger information units (PIUs) and relevant law-enforcement authorities, and the content of exchanges of information between PIUs.

The specific nature of the work to be carried out in the various areas in many cases makes it very helpful to bring into the discussions those with suitable technical competence. Involvement of the European Parliament in proceedings, by appropriate means, will also allow a constructive dialogue with that institution, which is particularly watchful as regards this proposal.

Since 9/11, law-enforcement authorities around the world have come to realise the added value of collecting and analysing so-called PNR data in combating terrorism and organised crime. PNR data are related to travel movements, usually flights, and include passport data, name, address, telephone numbers, travel agent, seat and other information. The PNR data of a certain passenger usually do not contain all PNR fields, but only those that are actually provided by the passenger at the time of the reservation and information received upon check-in and boarding. It must be noted that air carriers already capture the PNR data of passengers for their own commercial purposes, but that non-air carriers do not capture such data. The collection and analysis of PNR data allows the law enforcement authorities to identify high-risk persons and to take appropriate measures.

Documents
2008/07/24
   CSL - Council Meeting
2008/04/11
   EDPS - Document attached to the procedure
Details

OPINION OF THE EUROPEAN DATA PROTECTION SUPERVISOR on the draft Proposal for a Council Framework Decision on the use of Passenger Name Record (PNR) data for law enforcement purposes.

The Commission submitted the draft Framework Decision to the EDPS for an opinion. This proposal concerns the processing of PNR data within the EU and is closely related to other schemes of collection and use of passengers' data, in particular the EU-US agreement of July 2007. These schemes are of great interest to the EDPS, which considers that the present opinion should be mentioned in the preamble of the Council Decision.

The EDPS’s opinion studies all aspects of the proposal but concentrates on the following elements which are considered to be fundamental:

legitimacy of the proposed measures : the question of the purpose, necessity and proportionality of the proposal are assessed against the criteria of Article 8 of the Charter of Fundamental Rights of the European Union; applicable law - exercise of data subject’s rights : the scope of application of the data protection framework decision in relation to the application of first pillar data protection legislation deserves specific attention; quality of recipients of data at national level : in particular, the quality of Passenger Information Units (PIUs) of intermediaries and of competent authorities designated to perform risk assessment and analyse passenger data raises specific concerns as no precision is given in the proposal in this respect; conditions of transfer of data to third countries : it is not clear what conditions will apply to such transfers where different sets of rules exist (the conditions of transfer under the present proposal, together with those of the data protection framework decision, and the existing international agreements with the USA and Canada).

With regard to the legitimacy of the proposed measures , the EDPS concludes that building upon different data bases without a global view on the concrete results and shortcomings is contrary to a rational legislative policy and might otherwise lead to a move towards a total surveillance society . Whilst the fight against terrorism can certainly be a legitimate ground to apply exceptions to the fundamental rights to privacy and data protection, the EDPS considers, however, that, to be valid, the necessity of the intrusion must be supported by clear and undeniable elements , and the proportionality of the processing must be demonstrated. This is all the more required in case of extensive intrusion in the privacy of individuals, as foreseen in the proposal. According to the EDPS, such elements of justification are missing in the proposal and that the necessity and proportionality tests are not fulfilled. The EDPS therefore insists on the essential character of the necessity and proportionality of the proposal which represent a condicio sine qua non to its entry into force.

With regard to the issue of the applicable law and the exercise of this law by a person , the EDPS considers that the proposal should make clear what legal regime is applicable at which stage of the processing, and specify vis-à-vis which actor or authority access and redress shall be exercised. He recalls that, according to the Treaty on European Union, provisions on data protection should be appropriate and cover the full range of processing operations established by the proposal. A simple reference to the data protection framework decision is not sufficient, given the limited scope of that framework decision and the restriction of rights it contains.

With regard to the quality of recipients , the EDPS considers that the enforcement of an EU PNR system is rendered even more difficult considering that law enforcement authorities have different competences depending on the national law of the Member States, including or not intelligence, tax, immigration or police. This is however a supplementary reason to recommend that the proposal be much more precise with regard to the quality of the mentioned actors and the guarantees to control the performance of their tasks. Additional provisions should be integrated in the proposal, to specify strictly the competences and the legal obligations of intermediaries, PIUs and other competent authorities.

Lastly, with regard to the conditions of transfer to third countries , the EDPS stresses the need to ensure that an adequate level of protection is provided in the recipient country. He also questions the significance of the ‘reciprocity’ principle mentioned in the proposal, and its application to countries already bound by an agreement with the EU, like Canada or the US. He considers it to be of the utmost importance that the conditions of transfer of PNR data to third countries be coherent and subject to a harmonised level of protection .

The EDPS also draws attention to specific aspects of the proposal that need more precision or a better taking into account of data protection principle (for example, the conditions in which automated decisions can be taken, the quantity of data processed, the method of transfer of data (or “push”), the data retention period, etc.).

Lastly, the EDPS notes that the present proposal is made at a moment when the institutional context of the European Union is about to change fundamentally. The consequences of the Lisbon Treaty in terms of decision making will be fundamental, especially with regard to the role of the Parliament . Considering the unprecedented impact of the proposal in terms of fundamental rights, the EDPS advises not to adopt it under the present Treaty Framework, but to ensure it follows the co-decision procedure foreseen by the new Treaty.

2007/12/11
   EP - Committee referral announced in Parliament, 1st reading/single reading
2007/11/06
   EC - Document attached to the procedure
2007/11/06
   EC - Document attached to the procedure
2007/11/06
   EC - Legislative proposal published
Details

PURPOSE: to fight terrorism and organised crime by obliging air carriers to transmit “Passenger Name Record” (PNR) data to the Member States’ competent authorities.

PROPOSED ACT: Council Framework Decision.

BACKGROUND: one of the EU’s core objectives is to offer its citizens a high level of security and protection within an area of freedom, security and justice. Terrorism and organised crime undermine and challenge this objective.

Studies prove that terrorism and organised crime are transnational in character and interlinked. The threat of terrorism is not restricted to specific geographic zones and terrorist organisations can be found both within and outside the border of the EU. For any measure against terrorism and organised crime to be effective a close cooperation and exchange of information between the Member States, competent authorities, Europol and third countries is essential. Critical to this is the collection of data, which for the purposes of this proposal, can be divided into two sets. Firstly, “Passenger Name Record” or PNR data. Specifically speaking PNR data refers to data collected from travel documents (usually flights). It includes: passport data, name, address, telephone numbers, travel agent, credit card number, history of changes in flight schedule, seat preferences and other information. Air carriers already capture such data for their own commercial purposes.

The second set of data concerns “Advance Passenger Information” or API data, which essentially is biographical data. It includes: the number and type of travel document used, nationality, full names, date of birth, border crossing point of entry, code of transport, departure and arrival time of transportation, total number of passenger and the initial point of embarkation. API data may be run against alert systems such as the SIS. Under existing legislation, air carriers are obliged to communicate API data to the competent authorities of the Member States under Council Directive 2004/82/EC .

Given that API data is official data, stemming from passports, it is accurate. However, for the purpose of fighting terrorism and organised crime this information is useful only for identifying known terrorists and criminals through the alert system. It is not sufficient to help prevent terrorist acts or organised crime. PNR data, on the other hand, contains more elements. Further, it can be made available in advance of API data which is useful for carrying out risk assessments on persons, for obtaining intelligence and for making associations between known and unknown people.

Until now, only a limited number of Member States have adopted legislation obliging air carriers to provide the relevant PNR data to the competent authorities. Thus, the potential benefits of an EU wide scheme in preventing terrorism and organised crime is not being fully realised.

CONTENT: based on the above reasoning, the Commission is presenting this proposal the purpose of which is to oblige air carriers to transmit PNR data of international flights to the competent authorities of the Member States. The over riding objective is to prevent and combat terrorist offences and organised crime. It applies to air carriers only and to no other mode of transport. In summary, the following is being proposed:

Passenger Information Unit : These are to be set up by the Member States within twelve months of the Decision entering into force. PIU’s will be responsible for collecting PNR data from the air carriers in relation to international flights which arrive or depart from the territory of the Member States which it serves. The Annex to the Decision gives a comprehensive list of all data required. Any data received and which is not specified in the Annex (i.e. ethnicity, political opinions, religious beliefs, trade union membership, health or sex life) must be deleted immediately. The PIU’s will be responsible for analysing data and for carrying out a risk assessment of the passengers in order to identify the persons requiring further examination. PNK data must be transferred to the relevant competent authorities within the other EU Member States by electronic means. Data may be processed on condition it is being used: to identify persons who are or who may be involved in a terrorist or organised crime offence; to create and update risk indicators; to provide intelligence on travel patterns; and/or to be used in criminal investigations and prosecutions of terrorist offences and organised crime. The PIU will be forbidden from taking any enforcement action based sole on an automated processing of PNR data. Obligation on air carriers : Air carriers will be responsible for making PNR data available to the PIU's by electronic means. The data must be made available in advance (24 hours before the scheduled flight departure) and immediately after flight closure. Data will be transmitted via the “push method” – i.e. data being transmitted from the air carriers to the national authorities. In cases where air carriers are unable to forward data to the competent authorities, the data can be extracted through the “pull method” – i.e. allowing the national authorities to access the reservation system of the air carrier. Intermediaries : Air carriers operating international flights may designate an intermediary who will be responsible for handling PNR data. Exchange of information : PNR data may only be transmitted to other EU Member States if it is deemed necessary to prevent and fight terrorism and organised crime. Procedures have been set concerning under what conditions requests for cross-border transmission of data may be made. Data transfer to third countries : PNR data may be transferred to third countries under two conditions: i) the Member State concerned is satisfied that the third country will only use the data to prevent and fight terrorist offences and organised crime and ii) the data will not be transferred further without the express consent of the Member State concerned. Period of data retention : Data must be kept for a period of five years after it has been transferred to the PIU. After the five year deadline air carriers must keep it for a further eight years – but it may only be accessed with the approval of the competent authority and only in exceptional circumstances (i.e. in response to a specific and actual threat or risk related to the prevention or combat of terrorist offences and organised crime.) Upon expiry of the eight year period all data will be deleted. Sanctions : The Member States will be responsible for sanctioning air lines that either do not transfer PNR data or transmit incomplete or erroneous data. Protection of personal data : The yet to be approved “Framework Decision on the Protection of Personal Data Processed in the Framework of Police and Judicial Cooperation in Criminal Matters” will apply to the processing of personal data under this Decision. Member States will be responsible for security measures with respect to PNR data. Strict provisions are set out and include, inter alia, the physical protection of data; denying unauthorised persons access to the national installations; preventing unauthorised reading, copying, modification or removal of data media; preventing unauthorised inspection, modification or deletion of stored personal data; and preventing the unauthorised processing of data. Comitology : PNR data must be transmitted using secure methods common to all transmission. This will include common protocols and common encryption standards as adopted by the regulatory procedure. (One year after the common protocols have been adopted the Member States must apply the new secure method of transmission).

Documents

AmendmentsDossier
41 2007/0237(CNS)
2008/10/13 TRAN 41 amendments...
source: PE-414.083

History

(these mark the time of scraping, not the official date of the change)

committees/0
type
Responsible Committee
body
EP
associated
False
committee_full
Civil Liberties, Justice and Home Affairs
committee
LIBE
rapporteur
name: IN 'T VELD Sophia date: 2009-07-22T00:00:00 group: Alliance of Liberals and Democrats for Europe abbr: ALDE
committees/0
type
Responsible Committee
body
EP
associated
False
committee_full
Civil Liberties, Justice and Home Affairs
committee
LIBE
date
2009-07-22T00:00:00
rapporteur
name: IN 'T VELD Sophia group: Alliance of Liberals and Democrats for Europe abbr: ALDE
committees/1/date
    committees/3
    type
    Committee Opinion
    body
    EP
    associated
    False
    committee_full
    Transport and Tourism
    committee
    TRAN
    rapporteur
    name: LICHTENBERGER Eva date: 2009-10-05T00:00:00 group: Greens/European Free Alliance abbr: Verts/ALE
    committees/3
    type
    Committee Opinion
    body
    EP
    associated
    False
    committee_full
    Transport and Tourism
    committee
    TRAN
    date
    2009-10-05T00:00:00
    rapporteur
    name: LICHTENBERGER Eva group: Greens/European Free Alliance abbr: Verts/ALE
    committees/4/date
      committees/5/date
        activities
        • date: 2007-11-06T00:00:00 docs: url: http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2007/0654/COM_COM(2007)0654_EN.pdf title: COM(2007)0654 type: Legislative proposal published celexid: CELEX:52007PC0654:EN body: EC commission: DG: url: http://ec.europa.eu/justice/ title: Justice Commissioner: BARROT Jacques type: Legislative proposal published
        • date: 2007-12-11T00:00:00 body: EP type: Committee referral announced in Parliament, 1st reading/single reading committees: body: EP responsible: False committee_full: Foreign Affairs committee: AFET body: EP responsible: True committee: LIBE date: 2009-07-22T00:00:00 committee_full: Civil Liberties, Justice and Home Affairs rapporteur: group: ALDE name: IN 'T VELD Sophia body: EP responsible: True committee_full: Civil Liberties, Justice and Home Affairs committee: LIBE body: EP responsible: False committee: TRAN date: 2009-10-05T00:00:00 committee_full: Transport and Tourism rapporteur: group: Verts/ALE name: LICHTENBERGER Eva body: EP responsible: False committee_full: Transport and Tourism committee: TRAN
        • body: CSL meeting_id: 2887 docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2887*&MEET_DATE=24/07/2008 type: Debate in Council title: 2887 council: Justice and Home Affairs (JHA) date: 2008-07-24T00:00:00 type: Council Meeting
        • body: CSL meeting_id: 2899 docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2899*&MEET_DATE=24/10/2008 type: Debate in Council title: 2899 council: Justice and Home Affairs (JHA) date: 2008-10-24T00:00:00 type: Council Meeting
        • body: CSL meeting_id: 2908 docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2908*&MEET_DATE=27/11/2008 type: Debate in Council title: 2908 council: Justice and Home Affairs (JHA) date: 2008-11-27T00:00:00 type: Council Meeting
        commission
        • body: EC dg: Justice and Consumers commissioner: BARROT Jacques
        committees/0
        type
        Responsible Committee
        body
        EP
        associated
        False
        committee_full
        Civil Liberties, Justice and Home Affairs
        committee
        LIBE
        date
        2009-07-22T00:00:00
        rapporteur
        name: IN 'T VELD Sophia group: Alliance of Liberals and Democrats for Europe abbr: ALDE
        committees/0
        body
        EP
        responsible
        False
        committee_full
        Foreign Affairs
        committee
        AFET
        committees/1
        type
        Former Responsible Committee
        body
        EP
        associated
        False
        committee_full
        Civil Liberties, Justice and Home Affairs
        committee
        LIBE
        date
        committees/1
        body
        EP
        responsible
        True
        committee
        LIBE
        date
        2009-07-22T00:00:00
        committee_full
        Civil Liberties, Justice and Home Affairs
        rapporteur
        group: ALDE name: IN 'T VELD Sophia
        committees/2
        type
        Committee Opinion
        body
        EP
        associated
        False
        committee_full
        Foreign Affairs
        committee
        AFET
        opinion
        False
        committees/2
        body
        EP
        responsible
        True
        committee_full
        Civil Liberties, Justice and Home Affairs
        committee
        LIBE
        committees/3
        type
        Committee Opinion
        body
        EP
        associated
        False
        committee_full
        Transport and Tourism
        committee
        TRAN
        date
        2009-10-05T00:00:00
        rapporteur
        name: LICHTENBERGER Eva group: Greens/European Free Alliance abbr: Verts/ALE
        committees/3
        body
        EP
        responsible
        False
        committee
        TRAN
        date
        2009-10-05T00:00:00
        committee_full
        Transport and Tourism
        rapporteur
        group: Verts/ALE name: LICHTENBERGER Eva
        committees/4
        type
        Former Committee Opinion
        body
        EP
        associated
        False
        committee_full
        Foreign Affairs
        committee
        AFET
        date
        committees/4
        body
        EP
        responsible
        False
        committee_full
        Transport and Tourism
        committee
        TRAN
        committees/5
        type
        Former Committee Opinion
        body
        EP
        associated
        False
        committee_full
        Transport and Tourism
        committee
        TRAN
        date
        council
        • body: CSL type: Council Meeting council: Justice and Home Affairs (JHA) meeting_id: 2908 url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2908*&MEET_DATE=27/11/2008 date: 2008-11-27T00:00:00
        • body: CSL type: Council Meeting council: Justice and Home Affairs (JHA) meeting_id: 2899 url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2899*&MEET_DATE=24/10/2008 date: 2008-10-24T00:00:00
        • body: CSL type: Council Meeting council: Justice and Home Affairs (JHA) meeting_id: 2887 url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2887*&MEET_DATE=24/07/2008 date: 2008-07-24T00:00:00
        docs
        • date: 2007-11-06T00:00:00 docs: url: http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/sec/2007/1422/COM_SEC(2007)1422_EN.pdf title: SEC(2007)1422 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=SECfinal&an_doc=2007&nu_doc=1422 title: EUR-Lex type: Document attached to the procedure body: EC
        • date: 2007-11-06T00:00:00 docs: url: http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/sec/2007/1453/COM_SEC(2007)1453_EN.pdf title: SEC(2007)1453 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=SECfinal&an_doc=2007&nu_doc=1453 title: EUR-Lex type: Document attached to the procedure body: EC
        • date: 2008-04-11T00:00:00 docs: url: https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:2008:110:SOM:EN:HTML title: OJ C 110 01.05.2008, p. 0001 title: 52008XX0501(01) summary: OPINION OF THE EUROPEAN DATA PROTECTION SUPERVISOR on the draft Proposal for a Council Framework Decision on the use of Passenger Name Record (PNR) data for law enforcement purposes. The Commission submitted the draft Framework Decision to the EDPS for an opinion. This proposal concerns the processing of PNR data within the EU and is closely related to other schemes of collection and use of passengers' data, in particular the EU-US agreement of July 2007. These schemes are of great interest to the EDPS, which considers that the present opinion should be mentioned in the preamble of the Council Decision. The EDPS’s opinion studies all aspects of the proposal but concentrates on the following elements which are considered to be fundamental: legitimacy of the proposed measures : the question of the purpose, necessity and proportionality of the proposal are assessed against the criteria of Article 8 of the Charter of Fundamental Rights of the European Union; applicable law - exercise of data subject’s rights : the scope of application of the data protection framework decision in relation to the application of first pillar data protection legislation deserves specific attention; quality of recipients of data at national level : in particular, the quality of Passenger Information Units (PIUs) of intermediaries and of competent authorities designated to perform risk assessment and analyse passenger data raises specific concerns as no precision is given in the proposal in this respect; conditions of transfer of data to third countries : it is not clear what conditions will apply to such transfers where different sets of rules exist (the conditions of transfer under the present proposal, together with those of the data protection framework decision, and the existing international agreements with the USA and Canada). With regard to the legitimacy of the proposed measures , the EDPS concludes that building upon different data bases without a global view on the concrete results and shortcomings is contrary to a rational legislative policy and might otherwise lead to a move towards a total surveillance society . Whilst the fight against terrorism can certainly be a legitimate ground to apply exceptions to the fundamental rights to privacy and data protection, the EDPS considers, however, that, to be valid, the necessity of the intrusion must be supported by clear and undeniable elements , and the proportionality of the processing must be demonstrated. This is all the more required in case of extensive intrusion in the privacy of individuals, as foreseen in the proposal. According to the EDPS, such elements of justification are missing in the proposal and that the necessity and proportionality tests are not fulfilled. The EDPS therefore insists on the essential character of the necessity and proportionality of the proposal which represent a condicio sine qua non to its entry into force. With regard to the issue of the applicable law and the exercise of this law by a person , the EDPS considers that the proposal should make clear what legal regime is applicable at which stage of the processing, and specify vis-à-vis which actor or authority access and redress shall be exercised. He recalls that, according to the Treaty on European Union, provisions on data protection should be appropriate and cover the full range of processing operations established by the proposal. A simple reference to the data protection framework decision is not sufficient, given the limited scope of that framework decision and the restriction of rights it contains. With regard to the quality of recipients , the EDPS considers that the enforcement of an EU PNR system is rendered even more difficult considering that law enforcement authorities have different competences depending on the national law of the Member States, including or not intelligence, tax, immigration or police. This is however a supplementary reason to recommend that the proposal be much more precise with regard to the quality of the mentioned actors and the guarantees to control the performance of their tasks. Additional provisions should be integrated in the proposal, to specify strictly the competences and the legal obligations of intermediaries, PIUs and other competent authorities. Lastly, with regard to the conditions of transfer to third countries , the EDPS stresses the need to ensure that an adequate level of protection is provided in the recipient country. He also questions the significance of the ‘reciprocity’ principle mentioned in the proposal, and its application to countries already bound by an agreement with the EU, like Canada or the US. He considers it to be of the utmost importance that the conditions of transfer of PNR data to third countries be coherent and subject to a harmonised level of protection . The EDPS also draws attention to specific aspects of the proposal that need more precision or a better taking into account of data protection principle (for example, the conditions in which automated decisions can be taken, the quantity of data processed, the method of transfer of data (or “push”), the data retention period, etc.). Lastly, the EDPS notes that the present proposal is made at a moment when the institutional context of the European Union is about to change fundamentally. The consequences of the Lisbon Treaty in terms of decision making will be fundamental, especially with regard to the role of the Parliament . Considering the unprecedented impact of the proposal in terms of fundamental rights, the EDPS advises not to adopt it under the present Treaty Framework, but to ensure it follows the co-decision procedure foreseen by the new Treaty. type: Document attached to the procedure body: EDPS
        events
        • date: 2007-11-06T00:00:00 type: Legislative proposal published body: EC docs: url: http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/com/2007/0654/COM_COM(2007)0654_EN.pdf title: COM(2007)0654 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=2007&nu_doc=654 title: EUR-Lex summary: PURPOSE: to fight terrorism and organised crime by obliging air carriers to transmit “Passenger Name Record” (PNR) data to the Member States’ competent authorities. PROPOSED ACT: Council Framework Decision. BACKGROUND: one of the EU’s core objectives is to offer its citizens a high level of security and protection within an area of freedom, security and justice. Terrorism and organised crime undermine and challenge this objective. Studies prove that terrorism and organised crime are transnational in character and interlinked. The threat of terrorism is not restricted to specific geographic zones and terrorist organisations can be found both within and outside the border of the EU. For any measure against terrorism and organised crime to be effective a close cooperation and exchange of information between the Member States, competent authorities, Europol and third countries is essential. Critical to this is the collection of data, which for the purposes of this proposal, can be divided into two sets. Firstly, “Passenger Name Record” or PNR data. Specifically speaking PNR data refers to data collected from travel documents (usually flights). It includes: passport data, name, address, telephone numbers, travel agent, credit card number, history of changes in flight schedule, seat preferences and other information. Air carriers already capture such data for their own commercial purposes. The second set of data concerns “Advance Passenger Information” or API data, which essentially is biographical data. It includes: the number and type of travel document used, nationality, full names, date of birth, border crossing point of entry, code of transport, departure and arrival time of transportation, total number of passenger and the initial point of embarkation. API data may be run against alert systems such as the SIS. Under existing legislation, air carriers are obliged to communicate API data to the competent authorities of the Member States under Council Directive 2004/82/EC . Given that API data is official data, stemming from passports, it is accurate. However, for the purpose of fighting terrorism and organised crime this information is useful only for identifying known terrorists and criminals through the alert system. It is not sufficient to help prevent terrorist acts or organised crime. PNR data, on the other hand, contains more elements. Further, it can be made available in advance of API data which is useful for carrying out risk assessments on persons, for obtaining intelligence and for making associations between known and unknown people. Until now, only a limited number of Member States have adopted legislation obliging air carriers to provide the relevant PNR data to the competent authorities. Thus, the potential benefits of an EU wide scheme in preventing terrorism and organised crime is not being fully realised. CONTENT: based on the above reasoning, the Commission is presenting this proposal the purpose of which is to oblige air carriers to transmit PNR data of international flights to the competent authorities of the Member States. The over riding objective is to prevent and combat terrorist offences and organised crime. It applies to air carriers only and to no other mode of transport. In summary, the following is being proposed: Passenger Information Unit : These are to be set up by the Member States within twelve months of the Decision entering into force. PIU’s will be responsible for collecting PNR data from the air carriers in relation to international flights which arrive or depart from the territory of the Member States which it serves. The Annex to the Decision gives a comprehensive list of all data required. Any data received and which is not specified in the Annex (i.e. ethnicity, political opinions, religious beliefs, trade union membership, health or sex life) must be deleted immediately. The PIU’s will be responsible for analysing data and for carrying out a risk assessment of the passengers in order to identify the persons requiring further examination. PNK data must be transferred to the relevant competent authorities within the other EU Member States by electronic means. Data may be processed on condition it is being used: to identify persons who are or who may be involved in a terrorist or organised crime offence; to create and update risk indicators; to provide intelligence on travel patterns; and/or to be used in criminal investigations and prosecutions of terrorist offences and organised crime. The PIU will be forbidden from taking any enforcement action based sole on an automated processing of PNR data. Obligation on air carriers : Air carriers will be responsible for making PNR data available to the PIU's by electronic means. The data must be made available in advance (24 hours before the scheduled flight departure) and immediately after flight closure. Data will be transmitted via the “push method” – i.e. data being transmitted from the air carriers to the national authorities. In cases where air carriers are unable to forward data to the competent authorities, the data can be extracted through the “pull method” – i.e. allowing the national authorities to access the reservation system of the air carrier. Intermediaries : Air carriers operating international flights may designate an intermediary who will be responsible for handling PNR data. Exchange of information : PNR data may only be transmitted to other EU Member States if it is deemed necessary to prevent and fight terrorism and organised crime. Procedures have been set concerning under what conditions requests for cross-border transmission of data may be made. Data transfer to third countries : PNR data may be transferred to third countries under two conditions: i) the Member State concerned is satisfied that the third country will only use the data to prevent and fight terrorist offences and organised crime and ii) the data will not be transferred further without the express consent of the Member State concerned. Period of data retention : Data must be kept for a period of five years after it has been transferred to the PIU. After the five year deadline air carriers must keep it for a further eight years – but it may only be accessed with the approval of the competent authority and only in exceptional circumstances (i.e. in response to a specific and actual threat or risk related to the prevention or combat of terrorist offences and organised crime.) Upon expiry of the eight year period all data will be deleted. Sanctions : The Member States will be responsible for sanctioning air lines that either do not transfer PNR data or transmit incomplete or erroneous data. Protection of personal data : The yet to be approved “Framework Decision on the Protection of Personal Data Processed in the Framework of Police and Judicial Cooperation in Criminal Matters” will apply to the processing of personal data under this Decision. Member States will be responsible for security measures with respect to PNR data. Strict provisions are set out and include, inter alia, the physical protection of data; denying unauthorised persons access to the national installations; preventing unauthorised reading, copying, modification or removal of data media; preventing unauthorised inspection, modification or deletion of stored personal data; and preventing the unauthorised processing of data. Comitology : PNR data must be transmitted using secure methods common to all transmission. This will include common protocols and common encryption standards as adopted by the regulatory procedure. (One year after the common protocols have been adopted the Member States must apply the new secure method of transmission).
        • date: 2007-12-11T00:00:00 type: Committee referral announced in Parliament, 1st reading/single reading body: EP
        • date: 2008-07-24T00:00:00 type: Debate in Council body: CSL docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2887*&MEET_DATE=24/07/2008 title: 2887 summary: The Council held an exchange of views on the working method to be followed for the coming months, and on a number of topics, in relation to the proposal for a Framework Decision on the use of passenger name records (PNR) by Member States' law-enforcement authorities. Following the discussion, the Council confirmed its resolve to progress work on this proposal, involving partners such as the European Parliament, the personal data-control authorities and the Agency for Fundamental Rights. It also agreed that work over the next few months should seek to gradually identify the essential features that the European PNR system should satisfy, on the basis of the following points in particular: priority to be given to the substance of the decision, with the legal basis being examined in the light of that substance; a balance to be sought between the need for a common tool and the flexibility which Member States may turn out to need; consideration based on operational use of data, which appears to be twofold: firstly in real time, resulting in action upon arrival of a flight, and secondly after the event, as part of investigations; examination of privacy protection in the light of the intended uses and with the incorporation of standards drawn up at European and national level; practical examination of technical arrangements for data collection, treatment of transit flights, the respective roles of passenger information units (PIUs) and relevant law-enforcement authorities, and the content of exchanges of information between PIUs. The specific nature of the work to be carried out in the various areas in many cases makes it very helpful to bring into the discussions those with suitable technical competence. Involvement of the European Parliament in proceedings, by appropriate means, will also allow a constructive dialogue with that institution, which is particularly watchful as regards this proposal. Since 9/11, law-enforcement authorities around the world have come to realise the added value of collecting and analysing so-called PNR data in combating terrorism and organised crime. PNR data are related to travel movements, usually flights, and include passport data, name, address, telephone numbers, travel agent, seat and other information. The PNR data of a certain passenger usually do not contain all PNR fields, but only those that are actually provided by the passenger at the time of the reservation and information received upon check-in and boarding. It must be noted that air carriers already capture the PNR data of passengers for their own commercial purposes, but that non-air carriers do not capture such data. The collection and analysis of PNR data allows the law enforcement authorities to identify high-risk persons and to take appropriate measures.
        • date: 2008-10-24T00:00:00 type: Debate in Council body: CSL docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2899*&MEET_DATE=24/10/2008 title: 2899 summary: The Council discussed, without yet reaching definitive conclusions , some characteristics of a future passenger name record (PNR) system for collecting personal data gathered by air carriers when passengers book their tickets on international flights serving the territory of a Member State. The data, which would be forwarded to the public authorities before the passengers board the aircraft, would serve as input for analysing the terrorist and criminal threat and could also be used in the context of individual inquiries. As regards including PNR data relating to intra-Community flights, the Council noted that the cost-benefit ratio was an issue and that that point therefore needed to be assessed before deciding to include the data in the European instrument. The data are already being – and will continue to be – collected by some Member States at national discretion. The Council therefore agreed to review that specific issue once the PNR system had been in operation for a few years. An overall report will be submitted to the JHA Council for endorsement at its next meeting on 27 and 28 November 2008. The Council will decide at that point on the follow-up to be given to that dossier.
        • date: 2008-11-27T00:00:00 type: Debate in Council body: CSL docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2908*&MEET_DATE=27/11/2008 title: 2908
        other
        • body: CSL type: Council Meeting council: Former Council configuration
        • body: EC dg: url: http://ec.europa.eu/justice/ title: Justice commissioner: BARROT Jacques
        procedure/dossier_of_the_committee
        Old
        LIBE/7/00091
        New
        • LIBE/7/00091
        procedure/subject
        Old
        • 3.20.01.01 Air safety
        • 7.30.20 Action to combat terrorism
        New
        1.20.09
        Protection of privacy and data protection
        3.20.01.01
        Air safety
        7.30.20
        Action to combat terrorism
        procedure/title
        Old
        Combating terrorism: use of Passenger Name Record PNR for law enforcement purposes
        New
        Use of passenger name record (PNR) for law enforcement purposes
        activities/0/docs/0/url
        Old
        http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/com/2007/0654/COM_COM(2007)0654_EN.pdf
        New
        http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2007/0654/COM_COM(2007)0654_EN.pdf
        links/European Commission/title
        Old
        PreLex
        New
        EUR-Lex
        activities/1/committees/1/rapporteur/0/mepref
        Old
        545fc318d1d1c57f99000000
        New
        4f1ac934b819f25efd00011a
        committees/1/rapporteur/0/mepref
        Old
        545fc318d1d1c57f99000000
        New
        4f1ac934b819f25efd00011a
        activities
        • date: 2007-11-06T00:00:00 docs: url: http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/com/2007/0654/COM_COM(2007)0654_EN.pdf title: COM(2007)0654 type: Legislative proposal published celexid: CELEX:52007PC0654:EN body: EC type: Legislative proposal published commission: DG: url: http://ec.europa.eu/justice/ title: Justice Commissioner: BARROT Jacques
        • date: 2007-12-11T00:00:00 body: EP type: Committee referral announced in Parliament, 1st reading/single reading committees: body: EP responsible: False committee_full: Foreign Affairs committee: AFET body: EP responsible: True committee: LIBE date: 2009-07-22T00:00:00 committee_full: Civil Liberties, Justice and Home Affairs rapporteur: group: ALDE name: IN 'T VELD Sophia body: EP responsible: True committee_full: Civil Liberties, Justice and Home Affairs committee: LIBE body: EP responsible: False committee: TRAN date: 2009-10-05T00:00:00 committee_full: Transport and Tourism rapporteur: group: Verts/ALE name: LICHTENBERGER Eva body: EP responsible: False committee_full: Transport and Tourism committee: TRAN
        • body: CSL meeting_id: 2887 docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2887*&MEET_DATE=24/07/2008 type: Debate in Council title: 2887 council: Justice and Home Affairs (JHA) date: 2008-07-24T00:00:00 type: Council Meeting
        • body: CSL meeting_id: 2899 docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2899*&MEET_DATE=24/10/2008 type: Debate in Council title: 2899 council: Justice and Home Affairs (JHA) date: 2008-10-24T00:00:00 type: Council Meeting
        • body: CSL meeting_id: 2908 docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=2908*&MEET_DATE=27/11/2008 type: Debate in Council title: 2908 council: Justice and Home Affairs (JHA) date: 2008-11-27T00:00:00 type: Council Meeting
        committees
        • body: EP responsible: False committee_full: Foreign Affairs committee: AFET
        • body: EP responsible: True committee: LIBE date: 2009-07-22T00:00:00 committee_full: Civil Liberties, Justice and Home Affairs rapporteur: group: ALDE name: IN 'T VELD Sophia
        • body: EP responsible: True committee_full: Civil Liberties, Justice and Home Affairs committee: LIBE
        • body: EP responsible: False committee: TRAN date: 2009-10-05T00:00:00 committee_full: Transport and Tourism rapporteur: group: Verts/ALE name: LICHTENBERGER Eva
        • body: EP responsible: False committee_full: Transport and Tourism committee: TRAN
        links
        National parliaments
        European Commission
        other
        • body: CSL type: Council Meeting council: Former Council configuration
        • body: EC dg: url: http://ec.europa.eu/justice/ title: Justice commissioner: BARROT Jacques
        procedure
        dossier_of_the_committee
        LIBE/7/00091
        reference
        2007/0237(CNS)
        subtype
        Legislation
        legal_basis
        stage_reached
        Procedure lapsed or withdrawn
        instrument
        Decision
        title
        Combating terrorism: use of Passenger Name Record PNR for law enforcement purposes
        type
        CNS - Consultation procedure
        subject