The European Data Protection Supervisor (EDPS) adopted on Friday an opinion on the Commission's proposal for a new agreement between the EU and the US on the exchange of passengers' data (Passenger Name Record - PNR)*. The agreement obliges airline companies to send to the US Department of Homeland Security (DHS) data relating to all passengers flying between the EU and the US.
The EDPS welcomes the safeguards on data security and oversight foreseen in the new agreement and the improvements in comparison with the 2007 agreement. However, a number of concerns remain:
Peter Hustinx, EDPS, states: "Any legitimate agreement providing for the massive transfer of passengers' personal data to third countries must fulfil strict conditions. Unfortunately, many concerns expressed by the EDPS and the national data protection authorities of the Member States have not been met. The same applies to the conditions required by the European Parliament to provide its consent."
PNR transfers are currently taking place on the basis of an agreement of 2007, which is being applied provisionally because the European Parliament decided not to give its consent until its data protection concerns were met. If the Parliament does not approve the new agreement, it will have to be renegotiated again.
(*) COM (2011) 807 final: Proposal for a Council Decision on the conclusion of the Agreement between the United States of America and the European Union on the use and transfer of Passenger Name Records to the United States Department of Homeland Security.
The European Data Protection Supervisor (EDPS) is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies. He does so by: