European Data Protection Supervisor
European Data Protection Supervisor

EU Passenger Name Record: proposed system fails to meet necessity requirement, says EDPS

EU Passenger Name Record: proposed system fails to meet necessity requirement, says EDPS

28/03/2011
28
Mar
2011

EU Passenger Name Record: proposed system fails to meet necessity requirement, says EDPS

On 25 March 2011, the European Data Protection Supervisor (EDPS) adopted an opinion on a new Commission's proposal to oblige airline carriers to provide EU Member States with personal data on passengers (Passenger Name Record - PNR) entering or departing from the EU for the purpose of fighting serious crime and terrorism. Such data may include, for example, home address, mobile phone number, frequent flyer information, email address and credit card information.

The EDPS acknowledges the data protection improvements brought to the present Proposal, compared to an earlier proposal adopted in 2007, and in particular the efforts to restrict the scope of the Proposal and the conditions for processing PNR data.

The EDPS however recalls that the need to collect or store massive amounts of personal information must rely on a clear demonstration of the relationship between use and result (necessity principle). This is an essential prerequisite for any development of a PNR scheme. In the EDPS' view, the current Proposal and accompanying Impact Assessment fail to demonstrate the necessity and the proportionality of a system involving a large-scale collection of PNR data for the purpose of a systematic assessment of all passengers.

Peter Hustinx, EDPS, says: "Air passengers' personal data could certainly be necessary for law enforcement purposes in targeted cases, when there is a serious threat supported by concrete indicators. It is their use in a systematic and indiscriminate way, with regard to all passengers, which raises specific concerns."

In addition to this major shortcoming of the proposed system, the EDPS recommendations include the following:

  • scope of application: the scope of application should be much more limited with regard to the type of crimes involved. The EDPS recommends to explicitly define and rule out minor crimes from the scope and exclude the possibility for Member States to extend it;
  • data retention: no data should be kept beyond 30 days in an identifiable form, except in cases requiring further investigation;
  • data protection principles: a higher standard of safeguards, in particular in terms of data subjects' rights and transfers to third countries, should be developed;
  • list of PNR data: the EDPS welcomes the fact that sensitive data are not included in the list of data to be collected. This list remains however too extensive and should be further reduced;
  • evaluation of EU PNR system: the assessment of the implementation of the system should be based on comprehensive statistical data, including the number of persons effectively convicted - and not only prosecuted - on the basis of the processing of their personal data.

(*) Proposal of 2 February 2011 for a Directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime (COM(2011) 32 final)