EU to tighten privacy rules on air passenger data
The EU commission wants to strengthen privacy rules for the sharing of personal data of air travellers to the US, Australia and Canada and to limit the use of the data strictly to fighting terrorism and serious organised crime.
"We need to have coherence between the usefullness of collecting this data in the fight against terrorism and organised crime, but carriers and passengers need legal clarity and high levels of data protection," home affairs commissioner Cecilia Malmstrom said Tuesday (21 September) during a press conference in Strasbourg.
Dear EUobserver reader
Subscribe now for unrestricted access to EUobserver.
Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.
- Unlimited access on desktop and mobile
- All premium articles, analysis, commentary and investigations
- EUobserver archives
EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.
♡ We value your support.
If you already have an account click here to login.
Three new agreements are set to be negotiated with the US, Canada and Australia, to replace existing ones which the European Parliament has deemed to have too few privacy safeguards.
Currently all passenger data, including personal addresses, passport numbers, credit card data, gender and age are automatically transmitted to the law enforcement agencies in those countries and can be used in the fight against terrorism and organised crime.
The agreement with the US is particularly controversial, since it was negotiated under the George W. Bush administration with a broad range of applications, replacing another one which was struck down by the European Court of Justice for lacking an appropriate legal base.
The commission proposals, which include a set of common principles for any future Passenger Name Record (PNR) deals with other countries, are a compromise formula with the European Parliament, which gained the power to strike down such international agreements with the Lisbon Treaty.
It already did so in February, with another sensitive data transfer deal for anti-terrorism purposes – the so-called Swift agreement. Faced with a "security gap" as EU banking data stopped flowing, the US and member states put the EU commission under pressure to quickly negotiate a new deal, which was approved by the legislature and came into force on 1 August.
The PNR deal is not "under deadline" as the Swift one was, one EU official told this website, but some lessons have been learned both in Washington and EU capitals as to what the European Parliament can do if its requests are ignored.
"The principles reflect very much the resolution adopted by the parliament in May calling for increased privacy, monitoring and safeguards," Ms Malmstrom said. She will "work as closely as possible" with the EU legislature in the negotiations on the new agreements, she added.
The commission explained that other countries are setting up PNR systems and that Japan has already requested a similar deal with the EU, which made it necessary to have a "common set of norms and standards" before engaging in any new negotiations.
Agreements will be concluded "only with countries which have high levels of data protection in line with EU standards," she said.
Sensitive data, such as religious beliefs – revealed by meal preferences – or health condition should be given "only in very exceptional circumstances," while all the other categories "must be limited to minimum and clearly listed."
Passengers will have to be informed about the processing of their data and have the right to see and correct it, as well as have ways of redress in case of wrongdoing.
No automatic profiling will be allowed and an oversight of an independent authority will be required for the entire program.
"PNR transfers have been going on for 60 years, carriers are obliged to do it, otherwise thay can't land. But we want legal clarity for passengers and to embed it with as many data protection provisions as possible," the Swedish commissioner said.
Dutch Liberal MEP Sophie In't Veld, responsible with drafting the position of the Parliament when the new agreements will be concluded said she was "cautiously positive" about the proposals.
"The commission has listened to the European Parliament and taken onboard many of our concerns. But let's see how much of that is adopted and flows into the end agreement," she told this website.
One issue that was still contentious, in the Dutch politician's view, was that the "justification is still weak."
"The commission works under assumption that mass collection of PNR data is necessary. I have not seen any data that proves this is the case," she said.
Seen from the US side, the PNR agreement is a useful tool in fighting terrorism and crime, "with no identified incidents of the US government misusing that data," a source from US mission in Brussels told EUobserver.