Print

PNR

Filters

25
Jan
2010
Formal Comments

Observations concernant divers accords internationaux relatifs à l'échange de données

Observations du CEPD concernant divers accords internationaux, notamment les accords PNR UE-US et UE-AUS, l'accord TFTP UE-US, ainsi que la nécessité d'une approche globale des accords internationaux relatifs à l'échange de données

Langues disponibles: allemand, anglais, français
Topics
Accords internationaux
PNR
Transferts de données
Coopération policière
Sécurité
Lutte contre le terrorisme
11
Nov
2008
Opinions

Groupe de contact à haut niveau UE/Etats-Unis sur le partage d'informations

Avis concernant le rapport final du Groupe de contact à haut niveau UE/Etats-Unis sur le partage d'informations et la protection de la vie privée et des données à caractère personnel, JO C 128, 06.06.2009, p. 1

The opinion relates to the Final Report by the EU-US High Level Contact Group on information sharing and privacy and personal data protection, which was presented by the EU Presidency in June 2008. The Report defines common principles on privacy and data protection as a first step towards the exchange of information between the EU and the US to fight terrorism and serious transnational crime. It also identifies options for a possible instrument that would apply the agreed common principles to data transfers.
 
The EDPS welcomes the progress achieved by the EU and US authorities to ensure an effective regime for privacy and personal data protection in the exchange of law enforcement information. He however emphasises the need for a careful analysis of the considered ways forward and recommends the development of a road map towards a possible agreement. Such a road map would involve all stakeholders at the different stages of the procedure and contain guidance for the continuation of the work, a timeline, as well as a further elaboration of the data protection principles on the basis of a common understanding on essential issues, such as the scope and nature of an agreement.
 
The EDPS calls for clarification and concrete provisions regarding the main following aspects:
 
  • nature and scope of an instrument on information sharing: for the sake of legal certainty, the EDPS shares the report's preferred option for the adoption of a legally binding instrument. This general instrument would need to be combined with specific agreements on a case by case basis to reflect the many specificities of data processing in the field of security and justice. The scope of application should also be clearly circumscribed and provide for a clear and common definition of law enforcement purposes at stake;
  • redress mechanisms: as one of the most prominent outstanding issues of the report, the availability of adequate means for redress needs to be properly addressed. Strong redress mechanisms, including administrative and judicial remedies, should be available to all individuals, irrespective of their nationality;
  • measures guaranteeing the effective exercise of individuals' rights: further work is needed not only with regard to redress and oversight mechanisms, but also concerning the transparency of data processing and the conditions of access and rectification to personal data.
The EDPS emphasizes that the conclusion of an agreement between the EU and the US should take place under the Lisbon Treaty - depending on its entry into force – to guarantee better legal certainty, full involvement of the European Parliament and judicial control of the European Court of Justice.
Langues disponibles: Bulgarian, Czech, Danish, allemand, Estonian, Greek, anglais, Spanish, français, Italian, Latvian, Lithuanian, Hungarian, Maltese, Dutch, Polish, Portuguese, Romanian, Slovak, Slovenian, Finnish, Swedish
Topics
Droits de l'individu
Droit d'accès
Droit de rectification
Prise de décision individuelle automatisée
Nécessité et Proportionalité
Responsabilité du responsable du traitement
Accords internationaux
PNR
Transferts de données
Adequacy Decision
11
Apr
2008
Opinions

Systèmes informatisés de réservation

Avis sur la proposition de règlement instaurant un code de conduite pour l'utilisation de systèmes informatisés de réservation, JO C 233, 11.09.2008, p. 1

The EDPS issued an opinion on the proposal for a Regulation on a Code of conduct for computerised reservation systems (CRSs).

The objective of the proposal is to update the provisions of the Code of Conduct for Computerized Reservation Systems that was established in 1989 by Regulation 2299/89. The Code would need simplification in order to reinforce competition - while maintaining basic safeguards, and ensuring the provision of neutral information to consumers.
A specific article on data protection has been developed in the proposal with a view to complementing the provisions of Directive 95/46/EC which continues to apply as a lex generalis.

The EDPS welcomes the inclusion of such principles in the proposal. He stresses that these provisions could nevertheless be usefully complemented by additional safeguards on three points:

  • ensuring the fully informed consent of data subjects for the processing of sensitive data;
  • providing for security measures taking into account the different services offered by CRSs;
  • protecting marketing information relating to individuals from access by third parties.

With regard to the scope of application of the proposal, the criteria that make the proposal applicable to CRSs established in third countries raise the question of its practical enforcement, taking into account the complexity of the CRS network.

It is deemed as essential to put the CRS question in this global context and to be aware of the implications of having a large amount of personal data, some of them sensitive, processed in a global network practically accessible to third state authorities.

The EDPS considers it as decisive that effective compliance is ensured by competent authorities for enforcement (i.e. the Commission), as foreseen in the proposal, as well as data protection authorities.

Langues disponibles: Bulgarian, Czech, Danish, allemand, Estonian, Greek, anglais, Spanish, français, Italian, Latvian, Lithuanian, Hungarian, Maltese, Dutch, Polish, Portuguese, Romanian, Slovak, Slovenian, Finnish, Swedish
COM(2007) 709 final du 15.11.2007
Langues disponibles: anglais, français
Topics
Accords internationaux
PNR
Transferts de données
Consommateurs
Transports
Technologies
20
Dec
2007
Opinions

Dossiers passagers européens

Avis sur le projet de décision-cadre du Conseil relative à l'utilisation des données des dossiers passagers (Passenger Name Record - PNR) à des fins répressives, JO C 110, 01.05.2008, p. 1

The European Data Protection Supervisor (EDPS) has issued an Opinion on 20 December 2007 onthe proposal of the Commission for a Council Framework Decision on the use of Passenger Name Record (PNR) data for law enforcement purposes. The proposal involves obligations for air carriers to transmit data about all passengers on flights to or from an EU Member State.
 
The Opinion emphasizes the major impact the proposal would have on privacy and data protection rights of air passengers. While acknowledging that the fight against terrorism is a legitimate purpose, the EDPS expresses serious concerns about the necessity and proportionality of the proposal which, in his view, are not sufficiently established in the proposal. In addition, the EDPS takes a critical stance on the lack of clarity in relation to various aspects of the proposal, in particular the applicable legal framework, the identity of the recipients of personal data, and the conditions of transfer of data to third countries.
 
The Opinion focuses on four key issues and draws the following conclusions: 
 
  • legitimacy of the processing: the proposal does not provide for sufficient elements of justification to support and demonstrate the legitimacy of the processing of data;
  • applicable legal framework: a significant lack of legal certainty is noted as regards the regime applicable to the different actors involved in the matter;
  • the identity of data recipients: the draft Decision does not provide for any specification concerning the identity of the recipients of personal data collected by airlines companies;
  • transfer of data to third countries: it is imperative that conditions of transfer of PNR data to third countries be coherent and subject to a harmonised level of protection. 

Finally,  the EDPS advises not to adopt the draft Decision before the new Lisbon Treaty's entry into force, so that it can follow the co-decision procedure foreseen by the new Treaty and the European Parliament is fully involved.

Langues disponibles: Bulgarian, Czech, Danish, allemand, Estonian, Greek, anglais, Spanish, français, Italian, Latvian, Lithuanian, Hungarian, Maltese, Dutch, Polish, Portuguese, Romanian, Slovak, Slovenian, Finnish, Swedish
COM(2007) 654 final du 06.11.2007
Langues disponibles: anglais, français
Topics
Accords internationaux
PNR
Coopération policière
Sécurité
Système PNR de l'UE
28
Sep
2007
International Conferences

Montreal

Résolution sur l’urgence d’établir des normes mondiales visant la protection des données des passagers dont se serviront les gouvernements pour appliquer les lois et assurer la sécurité frontalière
Langues disponibles: allemand, anglais, Spanish, français
Résolution sur l’élaboration de normes internationales
Langues disponibles: allemand, anglais, Spanish, français
Résolution sur la coopération internationale
Langues disponibles: anglais, français
Topics
Accords internationaux
PNR
Coopération internationale