EU PASSENGER NAME RECORD (PNR) DIRECTIVE
EU PASSENGER NAME RECORD (PNR) DIRECTIVE
On 4 December 2015, the Council reached a text of agreement with the European Parliament on a proposal for a Directive on the use of Passenger Name Record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offenses and serious crime. Approved.
“The agreement reached today will enable the EU to establish an effective PNR system that fully respects fundamental rights and freedoms”, said Etienne Schneider, Luxembourg Deputy Prime Minister, Minister of Internal Security and President of the Council.
The purpose of this Directive is to regulate the transfer of PNR data of passengers on international flights from airlines to Member States as well as the processing of such data by competent authorities. The Directive establishes that PNR data collected may only be processed for the prevention, detection, investigation and prosecution of terrorist offenses and serious crimes.
Under the new directive, airlines will be obliged to provide Member State authorities with PNR data for flights entering or leaving the EU. It would also allow, but not oblige, Member States to collect PNR data on selected intra-EU flights. Each member state will be required to set up a so-called Passenger Information Unit, which will receive PNR data from airlines.
The new rules create an EU standard for the use of such data and include provisions on:
The purposes for which PNR data may be processed in the context of law enforcement (pre-arrival assessment of passengers against pre-defined risk criteria or identification of specific individuals; specific investigations/prosecutions Use in; input assessment criteria in risk development);
the exchange of such data between Member States and between Member States and third countries;
storage (data will be stored initially for 6 months, after which they will be masked out and stored for a further period of four and a half years, with strict procedures in place to access the full data);
common protocols and data formats for transferring PNR data from aircraft to passenger information units; And
Strong safeguards regarding privacy and personal data protection, including the role of national supervisory authorities and the mandatory appointment of a data protection officer in each passenger information unit.
background
PNR data is already stored in the reservation system of carriers today. They relate to information provided by passengers to carriers when booking flights and checking in for flights. PNR data includes name, dates of travel, itinerary, ticket information, contact details, travel agent through which the flight was booked, payment methods used, seat number and baggage information.
The use of these data by Member States’ law enforcement authorities in specific cases is not new: various Member States are already using PNR data for law enforcement purposes, either through specific legislation. based on or based on common law powers. The collection and use of PNR data has been necessary to combat certain cross-border crimes such as drug trafficking in human beings or child trafficking. However, there is still no common approach in the EU.
The United Kingdom and Ireland have opted for this directive. Denmark is not participating.
Next Steps
Parliament’s Civil Liberties, Justice and Home Affairs Committee will vote soon.
The Directive will then be submitted, after a legal-linguistic revision, to the European Parliament for a vote on first reading, and to the Council for adoption.
Once adopted, Member States will have two years to enact the laws, regulations and administrative provisions necessary to comply with the Directive.
