EU proposal on airline passenger data sharing: say no one more time
On 26 February 2015, MEP Timothy Kirkhope presented to the European Parliament’s Committee on Civil Liberties (LIBE) a revised draft of the European Union Passenger Name Records proposal (see revisions here).
The EU PNR proposal would make it so that the passenger data of everyone entering, leaving, or travelling across the EU would be systematically collected, retained, and analysed by national authorities. That’s deeply troubling, since the data contains detailed personal information, such as passengers’ personal and contact details, itinerary, payment methods, and sometimes even food preferences (see our previous articles here, and here).
Unfortunately, this latest revision to the PNR proposal doesn’t make many improvements when it comes to protecting private information. To make matters worse, several MEPs have proposed extending this type of data collection to other means of transport. This reinforces our concern that adoption of the PNR proposal could lead to the normalisation of mass surveillance, spreading to other areas of EU citizens’ personal life.
Access urges EU citizens to reach out their representatives in the LIBE Committee, asking them to hold out against the political pressure to adopt the EU PNR proposal, and once again reject it. Here’s why:
The PNR proposal is likely to undermine the EU Charter of Fundamental Rights
On March 19, the Article 29 Working Party (WP 29), representing data protection authorities of EU members states, sent a letter to the LIBE committee on this matter. The letter highlights the fact that the PNR proposal fails to demonstrate the necessity and proportionality requirements of Articles 7 and 8 of the EU Charter of Fundamental Rights.
The PNR proposal is likely to contradict the EU Court of Justice ruling on data retention
The data retention period in the PNR proposal is five years in cases of terrorism, and four years for serious “transnational” crime. Yet in April 2014, the Court of Justice of the EU invalidated the Data Retention Directive, notably because it included a provision to retain non-targeted data for up to two years. This shorter time period was considered abusive and “not sufficiently circumscribed to ensure that interference is actually limited to what is strictly necessary.”
The PNR proposal is not likely to be an effective anti-terrorism measure
There is still a lack of evidence to show that PNR schemes are an effective anti-terrorism measure. In fact, France participated to PNR pilot projects which unfortunately did not prevent the recent terrorist attacks on its soil. The pilot project was financed by the European Commission, which allocated €50 million to EU member states to establish national PNR systems. That was shortly after the European Parliament rejected the EU PNR proposal when it was first introduced two years ago. This means that the Commission spent millions of euros from EU taxpayers to bypass a democratic decision in the European Parliament, even at a time when the EU was facing a severe economic recession.
The Commission has tried to justify PNR in a letter addressed to the LIBE Committee, arguing that it would be in fact “less indiscriminate” than data retention. Others, such as Kirkhope, have argued that the PNR proposal could “reduce the need for profiling” yet at the same time have pushed for amendments to enable authorities to compare PNR data with data in other databases to “identify patterns” — a strategy also known as profiling.
Again, we urge you to contact your representatives in the LIBE Committee. The updated EU PNR proposal still fails to protect EU citizens’ rights and should be rejected.
Further information on the PNR proposal:
EDRI, Access and Panoptykon Foundation’s Briefing paper on EU PNR
EDRI, Access and Panoptykon Foundation’s Joint letter on EU PNR sent to the LIBE Committee
Revised draft report on EU PNR (by Timothy Kirkhope – ECR, UK)
EDRI, Access and Panoptykon Foundation’s Analysis of the revised draft report on EU PNR
Contribution by Justine Chauvin.