Legal base	(a)  Articles 82(1)(d), 87(2)(a) and 218(5) TFEU; QMV (b)  Articles 82(1)(d), 87(2)(a) and 218(6)(a) TFEU; QMV; EP consent
Document originated	(Both) 18 July 2013
Deposited in Parliament	(Both) 24 July 2013
Department	Home Office
Basis of consideration	EM of 7 August 2013
Previous Committee Report	None; but see HC 428-xliii (2010-12), chapter 4 (7 December 2011) and HC 428-xxxi (2010-12), chapter 2 (29 June 2011)
Discussion in Council	No date set
Committee's assessment	Politically important
Committee's decision	Not cleared; further information requested

Background

22.1 Under Canadian law, the Canada Border Services Agency may require air carriers operating passenger flights to and from Canada to provide it with electronic access to Passenger Name Record (PNR) data — the term used to describe unverified information provided by passengers when making a flight reservation and checking-in, and which is held in air carriers' reservation and departure control systems. PNR data include personal information about the passengers, such as their name, contact details and the means of payment used, as well as travel dates and itineraries, when and where flights were booked, seat numbers and baggage information.

22.2 EU data protection laws prohibit the transfer of PNR data to third countries unless they ensure an adequate level of protection of personal data. In order to create legal certainty for EU carriers, the EU and Canada concluded an Agreement in July 2005 stipulating that the collection and processing of PNR data would be based on commitments given by the Canada Border Services Agency concerning the application of its PNR programme.[74] These commitments were annexed to a subsequent Commission Decision, adopted in September 2005, confirming that the Canada Border Services Agency ensured an adequate level of protection for PNR data.[75] Following the expiry of the Commission Decision in 2009, the Canada Border Services Agency gave a unilateral undertaking to continue to apply the commitments pending the negotiation and conclusion of a new PNR Agreement.

22.3 Since the entry into force of the Lisbon Treaty on 1 December 2009, the European Parliament has urged the Commission to produce a single model for EU PNR Agreements with third countries. In September 2010, the Commission published a Communication setting out a global EU approach for the transfer of PNR data to third countries, accompanied by three recommendations which asked the Council to authorise the negotiation of PNR Agreements with Australia, Canada and the United States of America. The Communication listed the criteria — including a set of basic principles for the protection of personal data — which should guide the EU in negotiating PNR Agreements with third countries. These are set out in full in our Twelfth Report of Session 2010-11 agreed on 15 December 2010.[76] The Commission suggested that adherence to these criteria would lead to greater coherence, whilst also ensuring respect for privacy and the protection of personal data.

22.4 In his Written Ministerial Statement of 20 December 2010, the then Minister for Immigration (Damian Green) stated the Government's belief that "clear PNR agreements between the EU and third countries play a vital role in removing legal uncertainty for air carriers flying to those countries, and help to ensure that PNR information can be shared quickly and securely with all necessary data protection safeguards in place where appropriate." He added:

"After due consideration of the importance of civil liberties, data protection and security concerns, the Government have decided to opt in to negotiating mandates for three PNR Agreements with Australia, Canada and the US as they believe they will pave the way for EU-third country agreements that strike the right balance between civil liberties, data protection and security of the EU. As these mandates are currently restricted so as to preserve the EU negotiating position they are not therefore depositable within Parliament.

"The Government will work with the Scrutiny Committees when it considers whether to opt in to Council decisions to sign and conclude each third country agreement. I will also in due course update Parliament on the Government's opt-in decisions at these later stages."

The draft Council Decisions

22.5 Document (a) is a draft Council Decision authorising the EU to sign a new PNR Agreement with Canada. Once the Agreement has been signed, it then has to be sent to the EP which must consent to its conclusion. If the EP gives its consent, a further draft Council Decision — document (b) — must be adopted to conclude the Agreement. The text of the proposed Agreement is attached to both draft Council Decisions.

22.6 Articles 82(1)(d) and 87(2)(a) of the Treaty on the Functioning of the European Union (TFEU) provide the substantive legal bases for both draft Council Decisions. They provide for cooperation between national law enforcement authorities and for the processing, analysis and exchange of information relating to the prevention, detection and investigation of criminal offences. As the legal bases for the draft Council Decisions are to be found in Title V of Part Three of the TFEU, the UK's Title V opt-in applies.

22.7 In its explanatory memorandum accompanying the two draft Council Decisions, the Commission notes that the Agreement was initialled by the Parties on 6 May 2013 and says that it is consistent with the general criteria and principles set out in its Communication on a global approach to PNR transfers to third countries. The Commission highlights the following safeguards:

• the purposes for which PNR data may be processed are strictly limited to preventing, detecting, investigating and prosecuting terrorist offences and serious transnational crime;
• the retention period for PNR data is limited to five years, and the data must be "depersonalised" 30 days after their receipt by masking the names of passengers to whom the data relate so that their identity is concealed;
• individuals have a right of access to their PNR data, to seek rectification if it is inaccurate, and to obtain effective redress for any damage resulting from unlawful processing;
• PNR data will be transferred exclusively be means of a 'push' system to ensure that air carriers maintain control of the information held in their databases;
• the processing of 'sensitive' data (for example, data revealing an individual's racial or ethnic origin or religious or philosophical beliefs) is only allowed in "exceptional circumstances" where necessary to protect life or prevent serious injury, and is subject to strict procedural safeguards; and
• compliance with the rules set out in the Agreement is subject to independent oversight by the Privacy Commissioner of Canada and the Resource Directorate of the Canada Border Services Agency.[77]

The main elements of the draft Agreement — purpose, scope and use of PNR data

22.8 The purpose of the Agreement is to establish the conditions for the transfer and use of PNR data, and how they should be protected, in order to ensure the security and safety of the public. The data may only be processed for the purpose of preventing, detecting, investigating or prosecuting terrorist offences (further defined in Article 3 of the Agreement) or a serious transnational crime punishable by a custodial sentence of at least four years. Exceptionally, PNR data may be processed to protect the vital interests of an individual in cases where, for example, there may be a risk of death or serious injury, or a significant public health risk. PNR data may also be processed on a case by case basis to ensure oversight or accountability of the public administration or if ordered by a court.

Use of sensitive data

22.9 The Agreement allows sensitive data to be processed on a case-by-case basis "in exceptional circumstances where such processing is indispensable because an individual's life is in peril or there is a risk of serious injury." Processing in these circumstances requires the approval of the Head of the competent Canadian authority and must be carried out by a specifically and individually authorised official. The data must be permanently deleted within 15 days of receipt, although a longer retention period may be permitted if required for any specific action, review, investigation, enforcement action, judicial proceeding, prosecution or enforcement of penalties.

Data protection safeguards

22.10 The Agreement confirms that compliance with its provisions is sufficient to ensure "an adequate level of protection" for the purposes of EU data protection law, thereby providing legal certainty for air carriers providing PNR data. It includes provisions on data security and integrity, requires all processing of PNR data to be logged or documented, and prohibits Canada from taking any decision based solely on the automated processing of PNR data if it would "significantly adversely affect a passenger." Canada is required to ensure that information on the collection and use of PNR data is made available on a public website and to encourage the air travel industry to provide similar information to passengers when booking their flights. Compliance with the data protection safeguards set out in the Agreement is subject to oversight by an independent authority. Individuals are entitled to access their PNR data and to request corrections, and the Agreement sets out the basis for seeking administrative or judicial redress, in accordance with Canadian law.

Data retention

22.11 The Agreement allows the retention of PNR data for up to five years, but specifies that the data must be "depersonalised" by masking the names of passengers after 30 days. After two years, additional elements of PNR data are required to be masked. PNR data may only be re-personalised or unmasked if necessary to carry out investigations into terrorist offences or serious transnational crimes. PNR data must be destroyed at the end of the retention period.

Sharing of PNR data

22.12 The Agreement requires Canada to make available to Member States' police or judicial authorities, and to Europol and Eurojust, any relevant and appropriate analytical information it has obtained as a result of processing PNR data, and these authorities may also request access to PNR data held by Canada in specific cases in order to prevent, detect, investigate or prosecute a terrorist or serious transnational crime in the EU.

22.13 The Agreement sets out the conditions under which PNR data may be disclosed to other Canadian Government authorities and to non-EU third countries. In both cases, disclosure is only permitted on a case-by-case basis, must be necessary for the purposes of tackling terrorism and serious transnational crime, and is subject to assurances that the receiving authority applies equivalent data protection safeguards. If the transfer of PNR data to a third country concerns a citizen of an EU Member State, that State must be informed.

Method and frequency of PNR transfers

22.14 The Agreement specifies that the so-called "push method" applies to the transfer of PNR data, meaning that the competent Canadian authority cannot access the PNR databases of air carriers to retrieve information. The initial transfer of PNR data should be made no sooner than 72 hours before the scheduled flight departure time, and should not exceed five transfers per flight.

Final provisions

22.15 The Agreement notes that the establishment of an EU PNR system (currently under negotiation) may have a material effect on the EU-Canada Agreement and requires the Parties to consult with a view to ensuring full reciprocity, particularly as regards applicable data protection standards. The Agreement is subject to a joint review within one year of its entry into force, followed by a joint evaluation after four years.

The Government's view

22.16 The Minister for Immigration (Mr Mark Harper) notes that the UK has opted into EU PNR Agreements with Australia and the United States of America, and adds:

"The Government supports the decision to enter this data sharing agreement with Canada. Parliament has already agreed the negotiating mandate and the EU has operated within this."[78]

22.17 The Minister describes the basis on which the UK can obtain passenger, crew and service data from carriers in advance of movements into and out of the UK, and how that data may be shared for immigration, customs or police purposes. He explains that the PNR Agreement concluded with Canada in 2005 continues to apply on the basis of an exchange of letters between the Commission and the Canadian authorities, and continues:

"Passenger Name Record data is already transferred between the UK and Canada, however this Agreement would put the data sharing on a clearer legal footing. Given the existence of data sharing arrangements with Canada, there are no additional policy implications for British carriers. Moreover, a Council Decision supporting the transfer of passenger data will give an added level of legal clarity."[79]

22.18 The Minister notes that the proposed Agreement will not require any changes to the current legal framework in the UK and is not expected to impose any additional obligations on air carriers or increase their costs. Whilst recognising that PNR Agreements engage the right to respect for private and family life and the right to the protection of personal data, he considers that any interference is justified because the purposes for which the data may be used are strictly limited and the inclusion of data protection safeguards ensures that the Agreement with Canada will be applied in a proportionate manner.

22.19 Turning to the justification for EU action, the Minister observes:

"If Member States were to act in this area unilaterally, then this could lead to differing requirements being imposed on carriers across the EU. It could also frustrate the success of such an arrangement if there is no clear legal basis for passenger data to be transferred from a carrier in one Member State to the Canadian Competent Authority. The objectives of this proposed Agreement could not therefore be sufficiently achieved by individual Member States acting alone."[80]

Conclusion

22.20 We have previously questioned whether the recent crop of PNR Agreements with Australia, the United States of America and, now, Canada, strike the right balance between civil liberties, data protection and security. We also question whether the principles expounded in the Commission's 2010 Communication, On the global approach to transfers of Passenger Name Record (PNR) data to third countries, are genuinely universal and being applied consistently. We note, for example, that the data retention period ranges from five years in the proposed Agreement with Canada to fifteen years in the PNR Agreement with the United States of America, and that the Agreement with Australia prohibits the processing of sensitive data, whereas the Agreements with Canada and the United States authorise it in exceptional circumstances. We are disappointed that the Minister does not address these anomalies, which are all the more surprising given that the purposes for which PNR data may be collected and processed are broadly the same under all three Agreements.

22.21 The draft Decisions on the signature and conclusion of the Agreement with Canada are both subject to the UK's Title V opt-in. Unlike previous Explanatory Memoranda on the Agreements with Australia and the United States of America, the Minister does not set out the outcomes which the Government hoped to achieve when it decided to opt into the negotiating mandate for the EU/Canada Agreement. Nor does he indicate whether these outcomes are reflected in the Agreement proposed for signature and conclusion and how material they will be in determining whether or not the Government should opt into the draft Council Decisions. We remind the Minister that the negotiating mandates for all three Agreements were not deposited in Parliament and have not therefore been "agreed" by Parliament.

22.22 We ask the Minister to explain the factors which the Government will take into account in determining whether or not to opt in, and to inform us of the date by which the UK's opt-in decision has to be notified to the Council Presidency. We also ask him to explain the justification for the apparent anomalies in the application of data protection safeguards on such matters as data retention periods and the processing of sensitive data under the Agreements with Australia, the United States of America and Canada. Meanwhile, the draft Decisions remain under scrutiny.

75   See Commission Decision 2006/253/EC, OJ No. L 91, 29.03.2006. Back

76   See HC 428-xi (2010-11), chapter 21 (15 December 2010). Back

77   See p.3 of the Commission's explanatory memorandum accompanying both draft Council Decisions. Back

78   See para 19 of the Minister's Explanatory Memorandum. Back

79   Ibid. Back

80   See para 18 of the Minister's Explanatory Memorandum. Back