EU Air Passenger Records Law Gains Committee OK

By Stephen Gardner

Dec. 10 — The European Parliament's Civil Liberties, Justice and Home Affairs Committee (LIBE) Dec. 10 endorsed a draft European Union directive on the retention of the personal data of airline passengers.

In a 38-19 vote with 2 abstentions, LIBE paved the way for the adoption of the directive on passenger name records (PNR), which was informally agreed by the EU institutions Dec. 4 (See previous story, 12/07/15).

It must still be ratified by the full European Parliament in early 2016.

The PNR directive was first proposed in 2011 , but was blocked by LIBE in 2013 because of concerns that it would allow excessive collection and retention of personal data . The directive was revived after terrorist attacks in Paris in January 2015, and narrowly passed a second LIBE vote in July .

The PNR directive would require EU countries to set up systems for the collection and retention of airline passenger data for screening by law enforcement agencies in order to detect serious crime and terrorism suspects. The directive would allow storage of the data for five years—though data would have to be anonymized after six months—would require pre-notification of passengers and would oblige EU countries to establish units to manage the data, including appointment of data protection officers to monitor processing operations.

The directive would cover flights entering and leaving the EU, and would also allow EU member states to choose to collect PNR data for flights entering their territories from other EU countries.

Once ratified, EU member states would have two years to incorporate the directive into their national codes of law.

Necessity and Proportionality

Lawmakers from the various European Parliament political groups backed the directive as a counter-terrorism measure.

German lawmaker Axel Voss of the center-right European People's Party group, said Dec. 10 that “common sense has prevailed” following terrorist attacks in Europe. The directive is “a good piece of EU law and the EU PNR system will help the investigations of criminal and terrorist offences, thus helping prevent further attacks,” Voss said.

However, European Data Protection Supervisor Giovanni Buttarelli (EDPS) disagreed.

The directive would lead to the collection of personal data from “millions of non-suspect passengers,” Buttarelli said.

In its April 2014 cancellation of the EU Data Retention Directive , which placed obligations similar to those on airlines under the PNR directive on to telecommunications and Internet companies, the European Court of Justice had “defined a high threshold for the untargeted and indiscriminate collection of data,” he said.

The necessity and proportionality of data collection were “a pre-requisite for its lawfulness and legitimacy,” and necessity and proportionality hadn't been demonstrated in the case of the draft PNR directive, Buttarelli added.

To contact the reporter on this story: Stephen Gardner in Brussels at

To contact the editor responsible for this story: Jimmy H. Koo at