21 Transfer of Passenger Name Records
|Commission Communication: On the global approach to transfers of Passenger Name Record (PNR) data to third countries
|21 September 2010
|Deposited in Parliament
|23 September 2010
|Basis of consideration
|EM of 6 October
|Previous Committee Report
|To be discussed in Council
|No date set
21.1 The Commission published a package of four proposals
on 22 September 2010. The package comprised a draft Communication
for a Global EU Approach for the transfer of Passenger Name Record
(PNR) data to third countries, the document which is the subject
of this Report, two proposals for Recommendations from the Commission
to the Council to authorise the Commission to re-negotiate the
PNR agreements with the U.S. and Australia, and a Recommendation
from the Commission to the Council to authorise the Commission
to negotiate a new PNR agreement with Canada.
21.2 The European Commission's key objective in this
Communication is to establish, for the first time, a set of general
criteria which should form the basis of future negotiations on
EU PNR agreements with third countries.
PNR DATA AND ITS USE
21.3 PNR data is unverified information
provided by passengers and collected by carriers for enabling
reservations and carrying out the check-in process. It is a record
of each passenger's travel requirements held in carriers' reservation
and departure control systems. It contains several different types
of information, for example dates of travel and travel itinerary,
ticket information, contact details like address and phone numbers,
travel agent, payment information, seat number and baggage information.
21.4 PNR data is different from Advance Passenger
Information (API). API data is the biographical information taken
from the machine-readable part of a passport and contains the
name, place of residence, place of birth and nationality of a
person. Under the API Directive,
API data is currently made available to border control authorities
only for flights entering the territory of the EU for the purpose
of improving border controls and combating illegal immigration.
It is held by Member States for 24 hours. API data is mainly used
to carry out identity checks as part of border controls and border
management, although in some cases the data is also used by law
enforcement authorities in order to identify suspects. API data
is thus primarily used as an identity management tool. The Commission
reports that the use of such data is becoming increasingly common
around the world with more than 30 countries using it systematically,
while more than 40 are in the process of setting up API systems.
21.5 In addition to the transmission of API data,
some countries require carriers to transmit to them PNR data.
The UK is one such country, the US, Canada and Australia others.
PNR data is mainly used as a criminal intelligence tool rather
than as an identity verification tool. The Communication gives
the following uses for PNR data:
i) risk assessment of passengers and identification
of "unknown" persons, that is to say persons that might
potentially be of interest to law enforcement authorities but
who are not formal suspects;
ii) because PNR data is available before API
data, allowing law enforcement authorities more time for analysis
iii) matching addresses that are connected to
criminal offences via credit cards, for example; and
iv) matching PNR data with other PNR data for
the identification of associates of criminal suspects.
The Commission's Communication
21.6 The Communication describes
how more and more countries are coming to see PNR data as an important
tool in the fight against terrorism and organised crime. Some
third countries, namely the United States, Canada, Australia,
New Zealand and South Korea, are already using PNR data; others
have either enacted relevant legislation and/or are currently
testing the use of PNR data, such as Japan, Saudi Arabia, South
Africa and Singapore. Several other third countries are considering
the idea of using PNR, but have not yet enacted relevant legislation.
Within the EU, the UK already has a PNR system. France, Denmark,
Belgium, Sweden and the Netherlands have either enacted relevant
legislation and/or are currently testing the use of PNR data.
Several other Member States are considering setting up PNR systems,
the Commission reports.
EFFECTS OF THE CURRENT TRENDS ON THE EUROPEAN UNION
21.7 The data protection laws
of the EU do not allow carriers operating flights from the EU
to transmit the PNR data of their passengers to third countries
which do not ensure an adequate level of protection of personal
data without adducing appropriate safeguards. As a result, when
the United States, Canada and Australia requested EU carriers
to transmit PNR data for flights to their countries, the carriers
were faced with a very difficult situation. The EU therefore negotiated
and signed separate international agreements with each of these
three countries, so that PNR data could be transferred to them.
Future requests from third countries are likely, according to
the Commission, hence the objective of this Communication to set
out the general criteria which should form the basis of future
negotiations on EU PNR agreements with third countries.
STANDARDS, CONTENT AND CRITERIA
Protection of personal data
21.8 The collection and transfer
of PNR data to third countries affects a very large number of
individuals and their personal data. Thus, the Commission says,
particular attention must be paid to the effective protection
of personal data.
21.9 In Europe, the fundamental rights to respect
for private life and to protection of personal data are enshrined
in Article 8 of the European Convention on Human Rights (ECHR)
and Articles 7 and 8 of the Charter of Fundamental Rights of the
EU. Further standards for data protection have been set in the
Council of Europe Convention 108 of 1981 on the Protection of
Individuals with regard to automatic processing of personal data
and its additional Protocol 181 of 2001.
21.10 Any limitation on the exercise of the rights
and freedoms recognised by the Charter must be provided for by
law and respect the essence of these rights and freedoms. Subject
to the principle of proportionality, limitations may be made only
if they are necessary and meet objectives of general interest
recognised by the Union or the need to protect the rights and
freedoms of others.
21.11 Since data protection regimes in third countries
can differ from the data protection prevailing in the EU, it is
important that for any transfer of PNR data from EU Member States
to third countries, the third country ensures an adequate level
of data protection based on a sound legal basis. Such an adequate
level of data protection can be either enshrined in the legislation
of the third country or be provided in the form of legally binding
commitments in the international agreement governing the processing
of personal data.
21.12 The adequacy afforded by a third country is
to be assessed in the light of all the circumstances surrounding
a data transfer operation. In this context, the EU will also consider
the compliance by the third country with international standards,
respectively its ratification of international instruments on
data protection and fundamental rights in general. Adequacy decisions
already adopted by the European Commission in this regard should
be used as guidance on what can be regarded as being adequate.
21.13 The basic principles for the protection of
personal data that the requesting third country should apply are
"Purpose limitation use of data:
The scope of the use of the data by a third country should
be spelt out clearly and precisely in the agreement and should
be no wider than what is necessary in view of the aims to be achieved.
Experience with current PNR agreements shows that PNR data should
be used only for law enforcement and security purposes to fight
terrorism and serious transnational crime. Key notions like terrorism
and serious transnational crime should be defined based on the
approach of definitions laid down in relevant EU instruments.
"Purpose limitation scope of
data: The exchange of data should be limited to the minimum
and should be proportionate. Any agreement should list exhaustively
the categories of PNR data to be transferred.
"Special Categories of Personal Data
(sensitive data): PNR data revealing racial or ethnic origins,
political opinions or religious or philosophical beliefs, trade
union membership, health or sexual life shall not be used unless
under exceptional circumstances where there is an imminent threat
to loss of life and provided that the third country provides appropriate
safeguards, for example that such data may be used only on a case-by-case
basis, under the authorisation of a high-ranking official and
strictly limited to the purposes of the original transfer.
"Data Security: PNR data must be
protected against misuse and unlawful access by all appropriate
technical, security procedures and measures to guard against risks
to the security, confidentially or integrity of the data.
"Oversight and accountability: A
system of supervision by an independent public authority responsible
for data protection with effective powers of intervention and
enforcement shall exist to exercise oversight over those public
authorities that use PNR data. The latter shall be accountable
for complying with the established rules on the protection of
personal data, and should have powers to hear complaints from
individuals concerning the processing of PNR data.
"Transparency and Notice: Every individual
shall be informed at least as to the purpose of processing of
personal data, who will be processing that data, under what rules
or laws, the types of third parties to whom data is disclosed
and how and from whom redress can be sought.
"Access, rectification and deletion:
Every individual shall be provided with access to his or her
PNR data as well as, where appropriate, the right to seek rectification
and deletion of his or her PNR data.
"Redress: Every individual shall
have the right to effective administrative and judicial redress
where his or her privacy has been infringed or data protection
rules have been violated, on a non discriminatory basis regardless
of nationality or place of residence. Any such infringement or
violation shall be subject to appropriate and effective sanctions
"Automated Individual Decisions: Decisions
producing adverse actions or effects on an individual may not
be based solely on the automated processing of personal data without
"Retention of data: the period of
retention of the PNR data should not be longer than necessary
for the performance of the defined tasks. The period of retention
should take into account the different ways in which PNR data
are used (see section 1.2.1 above) and the possibilities of limiting
access rights over the period of retention, for example by gradual
anonymisation of the data.
"Restrictions on onward transfers to
other government authorities: PNR data should only be disclosed
to other government authorities with powers in the fight against
terrorism and serious transnational crime, and which afford the
same protections as those afforded by the recipient agency under
the agreement in accordance with an undertaking to the latter.
PNR data should never be disclosed in bulk but only on a case-by-case
"Restrictions on onward transfers to
third countries: this considers primarily restrictions on
use and further dissemination in order to avoid circumvention
of the agreement when PNR data is made available to another third
country. Such onward transfers shall be subject to appropriate
safeguards. In particular, the receiving third country should
transfer this information to a competent authority of another
third country only if the latter undertakes to treat the data
with the same level of protection as set out in the agreement
and the transfer is strictly limited to the purposes of the original
transfer of the data. PNR data should never be disclosed in bulk
but only on a case-by-case basis."
Modalities of transmission
21.14 In order to provide legal
certainty and minimise the financial burden on air carriers, it
is important, the Commission says, to streamline the rules governing
the transmission of the data by the carriers to third countries.
By having uniform obligations, the financial burden on the carriers
would be greatly reduced as they would have to undertake less
investment to comply with their obligations. For this purpose,
it would be desirable if at least the following modalities of
transmissions were standardised:
"The method of transmission: To safeguard
the data that is contained in the carriers' databases and to maintain
their control thereof, data should be transmitted using exclusively
the 'push' system.
"The frequency of transmission. There
should be a reasonable limit to the number of times that the third
country requires the data to be transmitted to it, which ensures
an adequate benefit to security while minimising the costs of
"No obligation on the carriers to collect
additional data. The carriers should not be required to collect
any more data than they already do or to mandatorily collect certain
types of data, but only be required to transmit what they already
collect as part of their business."
21.15 The Communication suggests
the following "overarching concepts" should apply to
all third country agreements:
"Duration and review: The terms of
the cooperation with third countries should be valid for a fixed
duration and should provide the possibility that either party
denounces the agreement. It should be possible to review the terms
of the cooperation where it is considered appropriate.
"Monitoring: It is essential that
the EU is provided with mechanisms for monitoring the correct
implementation, for example through periodical joint reviews on
the implementation of all aspects of the agreements, including
the purpose limitation, the rights of passengers and onward transfers
of PNR data, and comprising a proportionality assessment of the
retained data on the basis of their value to achieving the purposes
for which the data were transferred. The findings of such joint
reviews should be presented to the Council and the European Parliament.
"Dispute resolution: Effective dispute
resolution mechanisms with respect to interpretation, application
and implementation of agreements should be provided.
"Reciprocity: reciprocity should
be ensured, especially through the transfer of analytical information
flowing from PNR data by competent authorities of the receiving
third country to police and judicial authorities of the Member
States, as well as to Europol and Eurojust."
21.16 The Commission says the
criteria we have cited in full above should guide the EU in negotiating
PNR agreements with third countries. Adherence to those principles
is intended to lead to greater coherence between the various PNR
agreements, whilst ensuring respect for the fundamental rights
to respect for private life and to protection of personal data.
At the same time, the Commission considers that the Communication
remains sufficiently flexible and adaptable to each third country's
particular security concerns and national legal order. Finally,
looking at the longer term, this Communication concludes that
the EU should explore the possibility of replacing bilateral agreements
by a multilateral agreement between all countries that use PNR
The Government's view
21.17 The Minister for Equalities
and Criminal Information at the Home Office (Lynne Featherstone)
says that the Government welcomes the Commission's Communication
the UK has long recognised the value of PNR data in the
fight against terrorism and serious crime, and it is pleased that
the Commission shares this view. A clear EU strategy on sharing
PNR data with third countries should, she thinks, lead to greater
coherence between the various PNR agreements. She notes that the
Communication outlines the basic principles for the protection
of personal data that the requesting third country should apply,
saying that the Government welcomes these measures and believes
that they are necessary and sensible.
21.18 As this document is a Commission Communication,
the UK's opt-in does not apply.
21.19 The Minister explains the national legal framework
for collecting API and PNR data as follows. The UK has the ability
to obtain passenger, crew and service data from carriers in advance
of all movements into and out of the UK under paragraphs 27 and
27B of Schedule 2 to the Immigration Act 1971 (as amended), section
32 of the Immigration, Asylum and Nationality Act 2006, and the
powers of the HMRC Commissioners under sections 35 and 64 of the
Customs and Excise Management Act 1979. Section 36 of the Immigration,
Asylum and Nationality Act 2006 also creates a duty for the UK
Border Agency, the police and HM Revenue and Customs to share
that data among themselves where it is likely to be of use for
immigration, customs, or police purposes. The Immigration and
Police (Passenger, Crew and Service Information) Order 2008 (SI
2008/5) specifies the travel-related data that an immigration
officer or a police officer can require from ships, aircraft and
trains, entering and leaving the United Kingdom. The data are
data which includes Advance Passenger Information (API) which
must be collected and supplied when requested, and;
data which includes PNR and must be supplied only to the extent
to which the carrier knows the data.
In a briefing to MEPs on this Communication dated
7 October 2010, the Government provided three examples of how
the UK Borders Agency has successfully used PNR data to combat
· An individual
known to be a close associate of a murder suspect was identified
travelling from the UK to a Middle East state. Details of the
credit card used to book the journey were obtained from PNR and
found to belong to the suspect. Further enquiries showed that
this had been used to book another journey in a different name
but to the same country. The associate's mobile telephone number
(again obtained from PNR) was also researched and calls to a mobile
located in that country identified. Further enquiries located
· PNR research
of registered sex offenders in e-Borders identified a travel agent
through which several journeys for different suspects had been
booked. A link between this agent and an e-mail address was identified
in the PNR data set which in turn provided links to a number of
other sex offenders. This information was used to support the
investigation of child sex offenders.
· PNR analysis
identified two passengers travelling from Panama City to a UK
airport. Further checks revealed that one of them had a Police
National Computer (PNC) record for possession of Class A drugs.
Arrangements were made to ensure that Officers were in attendance
for the flight and on examination found more than six kilos of
21.20 Finally, in terms of costs
the Minister says that, should additional third countries seek
to collect PNR data from the EU, there would be additional financial
burdens placed on carriers. It is likely that the carriers would
pass the cost of data provision on to passengers.
21.21 We thank the Minister
for her Explanatory Memorandum. We agree with her and the Commission
that EU PNR agreements with third countries should apply similar
criteria, which uphold the right to respect for private and family
life and to protection of personal data. As the Commission itself
says: "the collection and transfer of PNR data to third countries
affects a very large number of individuals and their personal
21.22 However, as the
Communication neither proposes any specific legislation nor has
a legislative or financial impact, we are content to clear it
150 2004/82/EC - Directive on the obligation of carriers
to communicate passenger data. Back
See paragraph 3.3.1 on pages 8-10 of the Communication, paragraph
3.3.2 on page 10 and paragraph 3.3.3 on pages 10-11. Back
See paragraph 3.3.2, page 10 of the Communication. Back
Ibid, pages 10-11. Back
Page 8. Back