Select Committee on European Union Minutes of Evidence



Supplementary evidence by the Home Office

  I wanted to thank you for inviting me to give evidence to your Committee on 19 March with Meg Hillier MP and Kevan Norris on the European Commission's proposal on PNR. This draft instrument is an important dossier for the Home Office and we welcome the opportunity to provide further detail on its contents and implications.

  During the evidence session, the Committee requested further details on the arrests made under Project Semaphore in 2007 and these are attached. However, we are unable to provide a full breakdown of arrests resulting specifically from the processing of PNR data. This is because PNR is frequently used in conjunction with other passenger data and intelligence, making it extremely difficult to isolate its specific contribution to the outcome of a case. Sometimes a particular piece of evidence can quite clearly make a critical difference in obtaining a conviction, for example, a key witness statement or forensic evidence, but very often it is the collective impact of the contents of the prosecution file that determines the outcome of the case. PNR data is one of a number of very useful investigatory tools. We do not, by contrast, try to assess the value of door-to-door questioning or covert surveillance simply in terms of convictions. Furthermore, it is not the objective in every case to try to obtain a conviction. Approximately 200 alerts per month are issued to monitor the movements of sex offenders, and under certain circumstances, our authorities choose to apply administrative sanctions, rather than pursue criminal charges.

  I expand below on some of the more substantive issues that were raised during the course of the evidence session. These issues cover the distinction between Advance Passenger Information (API) and PNR data; the UK's e-Borders legislation; the possible impact of the Commission's proposal on our domestic legislation; and the data protection provisions in the Commission's proposal.

DISTINCTION BETWEEN API AND PNR DATA

  PNR data comprises reservation data collected by carriers for commercial purposes during the booking process, at check-in and from any updates made in between. The data covers up to 19 data fields including passenger name, travel itinerary, contact and billing information and so on (the full list of data fields forms Annex A[7] to the Commission's proposal). Under the UK's e-Borders pilot, Project Semaphore, we have been processing PNR data on carefully selected routes since October 2005. The Government has never placed any obligation on carriers to collect specific PNR data and usually less than half of the 19 data fields are collected.

  By contrast, API data contains biographical information from the passenger's travel document and the unique service information used by the carrier to identify each particular routing. Under e-Borders, we will receive PNR data 24-48 hours before the scheduled departure time; API at check-in; a second supply of PNR data once the carrier is satisfied those data are final; and separate departure confirmation to confirm those passengers who are on board once the aircraft doors are sealed. This process allows as much time as possible to run the PNR data against a range of profiles, but also ensures that we have all of the data available; many of the passengers of greatest interest to our authorities purchase their tickets very shortly before travel.

  PNR data is checked against a number of profiles developed using evidence gained from arrests, customs seizures and police intelligence. Officials will then manually access, on a case by case basis, those passengers' PNR data flagged by our automated system as a profile match, and will carefully assess whether to issue an alert; make an intervention; or decide that the passenger does not appear to pose a risk and so take no action. The profiles are constantly reviewed and updated. The production and review of profiles is a process based on intelligence and evidence exchange between officers in JBOC with particular expertise in profiling and officials from the JBOC authorities.

  PNR data is very useful in identifying potentially high risk individuals whose identities have not come to the adverse attention of UK authorities; by contrast, API data is particularly useful where an individual has already done so. API data is taken from the travel document itself and so spellings of names and the date of birth are transcribed more accurately; it is therefore API data that we use to check against our watch lists.

  Project Semaphore collected API data on a far wider range of routes than those on which PNR data were collected. Under e-Borders, we aim to collect API data on 95% of all passenger movements, to and from the UK, by December 2010. We aim to collect PNR data on far fewer passenger movements, focusing only on the higher risk routes to and from the UK. We believe that this limited collection of PNR data, focusing on those routes of greatest interest, helps to illustrate the proportionate nature of our use of PNR.

E -BORDERs LEGISLATIOn

  Our domestic legislation underpinning the e-Borders programme enables the UK to process PNR data for counter-terrorism, police, immigration and customs purposes. This legislation also permits us to collect data from all carriers—air, sea and rail—on all routes, including intra-European journeys.

  Under the Duty to Share Order, the Police, the UK Border Agency, HMRC and the security agencies have access to PNR data. This list may well appear to be more extensive than in other EU Member States because of the organisational structures in the UK. For example, the remit of the French National Police covers policing, intelligence, customs and immigration functions whereas the UK has a greater number of separate agencies dealing with a more restricted range of functions.

THE COMMISSION'S PNR PROPOSAL: SCOPE

  The Commission's proposal for the use of PNR data for law enforcement purposes has a more restrictive scope than that provided for under UK legislation. The proposal limits the collection of PNR data to flights to and from third countries, into and out of EU Member States, and restricts the processing of PNR data to the combating of terrorism and organised crime. The UK Government considers it necessary to broaden the scope of the draft instrument to ensure our border management programme is not undermined, and hence put at risk the security and integrity of our borders and the safety of all those who travel to, from and through the UK. Criminals do not restrict their travel to international flights and offences aside from terrorism and organised crime can also cause great harm to our society. There are three distinct aspects to the question of scope, namely purpose limitation; geography; and modes of transport. We intend to manage these issues in two different ways.

GEOGRAPHIC AND MODES OF TRANSPORT SCOPE

  We can accept the restrictive scope of the draft EU instrument with regard to international flights and air carriers, providing there is explicit provision in the text to allow Member States to legislate domestically to extend the geographic scope and the modes of transport involved. Should the Commission proposal be amended to include this provision, we understand we would be able to rely on our domestic e-Borders legislation to collect PNR data on all routes and from all carriers. (On this point, it is also worth noting that the collection of PNR data for law enforcement purposes from non-international flights would appear to be compatible with the Schengen acquis; PNR data collected on intra-EU flights could be checked by Schengen states for law enforcement purposes but not for immigration.)

PURPOSE SCOPE

  In contrast, an attempt to rely on the domestic legislation to broaden the purposes for which PNR data may be processed, beyond those set out in the EU legislation, would appear to pose a higher risk. Such action could be perceived as undermining the terms of the EU legislation by weakening the data protection safeguards that the instrument aims to put in place (the purpose limitation is itself a data protection safeguard). This may give rise to questions over the principle of loyal cooperation and there may also be issues of exclusive EU competence.

  We do not believe this would in fact undermine an appropriate standard of data protection—indeed, we consider that Project Semaphore has demonstrated how PNR data may be used to combat a broader range of illicit activity while still maintaining appropriate data protection safeguards. However, to avoid any risks on this front, we are seeking to amend the text of the proposal to broaden the purposes limitation within the EU legislation itself. This issue has already been raised as an important issue for discussion by a number of Member States and we expect substantive negotiations to begin in this area shortly.

DATA PROTECTION

  During the evidence session, the Minister referred to the data protection framework that would govern the processing of PNR data. The EU Data Protection Framework Decision (DPFD) will shortly come into force and will govern the processing of personal data (including PNR data) which is transferred, or is about to be transferred, across an EU border. Where PNR data is processed without crossing an EU border, it will be governed by the domestic data protection legislation of the relevant Member State; in the UK, this will be the Data Protection Act 1998. It is important to note that Member States gave an undertaking—which is written into the DPFD—that national data protection legislation would provide a standard of data protection which at least matched that provided by the DPFD, so there will be no gap in the level of data protection applied to PNR data processing. During the course of negotiations, many Member States, including the UK, have emphasised the importance of ensuring that adequate levels of data protection apply to PNR data. The Presidency has responded to these comments by drafting additional data protection articles.

  We continue to engage the Information Commissioner's Office (ICO) closely on this matter; my officials discussed the Commission's proposal with both the Deputy and Assistant Information Commissioner only last week. As you will be aware, the ICO has been involved in discussions about our e-Borders programme from the earliest stages, has visited our passenger information unit and is reassured by our procedures.

LISBON TREATY

  I would also like to clarify the impact of the Lisbon Treaty on the EU PNR negotiations. When the Treaty comes into force next year, the draft PNR instrument will likely still be brought forward under a JHA legal base, but will be subject to Qualified Majority Voting and co-decision with the European Parliament. At this point, the UK would lose its power of veto but would have the choice over whether to opt-in to the measure or not.

Tom Dodd,

Director, Border and Visa Policy

7 April 2008

 

 

 


7   See Appendix 3 in the report. Back

 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2008