Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
April 21 — Justice ministers from the 28 European Union member states April 21 signed off on a law that will harmonize systems across the bloc for the collection and processing of airline passenger name record (PNR) data, for the purposes of tackling terrorism and serious crime.
The ministers' approval of the EU PNR Directive finalizes a process dating back to 2011, marked by disagreements over whether the collection and screening of PNR records for law enforcement purposes clashes with data protection principles of proportionality and necessity (10 PVLR 193, 2/7/11).
Following the ministers' approval, the PNR Directive will enter into force 20 days after its publication in the EU Official Journal, after which EU countries must adopt its provisions within two years.
Erik Valgaeren, a data protection lawyer at Stibbe in Brussels, told Bloomberg BNA April 21 that the PNR Directive “comes at the worst possible time” because of tensions around government access to data, as expressed through the invalidation of the U.S.-EU Safe Harbor framework (14 PVLR 1825, 10/12/15).
“There is a high risk” that the PNR Directive “will come under further scrutiny and could be challenged,” Valgaeren said.
The European Court of Justice April 2014 invalidated the EU Data Retention Directive, a law that required Internet and telecommunications companies to provide customer data to law enforcement agencies (13 PVLR 660, 4/14/14), similar to the way the PNR directive would require airlines to supply data.
European Parliament lawmakers blocked the draft PNR Directive in 2013, but subsequent terrorist attacks led some lawmakers and EU member state ministers to push again for the law. It was finally approved by the European Parliament April 14 (15 PVLR 791, 4/18/16).
The Council of the EU, which represents the governments of EU member states, said in an April 21 statement that the collection and processing of PNR data would apply to all flights into and out of the EU.
The PNR Directive leaves the collection and processing of PNR data from intra-EU flights optional, but justice ministers from all countries had committed to “make full use of the possibility” to require transfer to law enforcement agencies of data from intra-EU flights, the council statement said.
Ard van der Steur, security and justice minister of the Netherlands, which presently chairs the EU council, said that ministers also wanted to be able to exchange PNR data using a “single interface which would have access to different databases.”
According to a recent council briefing note, justice ministers discussed the “systematic feeding, consistent use and interoperability of European and international databases in the fields of security, travel and migration by making full use of technological developments and including privacy safeguards from the outset.”
Van der Steur, speaking after the justice ministers' meeting in Luxembourg, said “if you want to be effective in sharing information,” it was necessary “to have a system that will access that data in a very easy and effective way.”
However, “this is something we need to develop further because we will encounter practical and legal problems,” van der Steur said, without adding further details.
A number of EU lawmakers have said the PNR Directive could be vulnerable to legal challenge because it involves disproportionate data collection and retention. European Data Protection Supervisor Giovanni Buttarelli was particularly critical of the directive in a September 2015 opinion because, in his view, the PNR Directive was unclear over the permitted uses of data and who would be allowed to access it (14 PVLR 1761, 9/28/15).
Among the data protections included in the PNR Directive are a data retention period of five years with data anonymized after six months, the appointment by EU member states of data protection officers to oversee PNR data processing, limitations on transfers of PNR data to non-EU countries and an obligation to notify data subjects of high-risk data breaches.
PNR data covers 19 fields of information, including personal identity details, payment information, baggage information and travel itineraries.
To contact the reporter on this story: Stephen Gardner in Brussels at firstname.lastname@example.org
To contact the editor responsible for this story: Jimmy H. Koo at email@example.com
Text of the PNR Directive is available at http://data.consilium.europa.eu/doc/document/PE-71-2015-INIT/en/pdf.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)