Draft EU rules on sharing and protecting passenger name records (PNR) of people flying in and out of Europe have been approved by the civil liberties committee. They would not apply to flights between EU countries.
Meeting yesterday, members of the committee voted by a small margin to recommend the rules – which control how PNR data can be used by police in member states and by Europol to fight terrorism and serious transnational crime – to the European Parliament.
This data must only be used to prevent, detect, investigate and prosecute these crimes, said MEPs, inserting safeguards to ensure "the lawfulness of any storage, analysis, transfer and use of PNR data".
The rules were approved by 32 votes to 27 against.
Civil liberties committee rapporteur Timothy Kirkhope (ECR, UK) warned that failing to adopt the rules would leave EU governments to create their own systems for protecting passenger data. “That would leave gaps in the net and create a patchwork approach to data protection. With one EU-wide system, we can close the net and ensure high standards of data protection and proportionality are applied right across Europe. The emerging threat posed by so-called 'foreign fighters' has made this system even more essential", he said.
The next step is to discuss the rules with national governments with a view to reaching an agreement by the end of the year.
Safeguards inserted by MEPs include the following requirements:
- member states' "Passenger Information Units" (PIUs) would be entitled to process PNR data only for limited purposes, such as identifying a passenger who may be involved in a terrorist offence or serious transnational crime and who requires further examination;
- PIUs would have to appoint a data protection officer to monitor data processing and safeguards and act as a single contact point for passengers with PNR data concerns;
- all processing of PNR data would have to be logged or documented;
- passengers would have to be clearly and precisely informed about the collection of PNR data and their rights; and
- stricter conditions would govern any transfer of data to third countries.