The new directive regulating the use of Passenger Name Record (PNR) data in
the EU for the prevention, detection, investigation and prosecution of
terrorist offences and serious crime was approved by Parliament on Thursday. It
will oblige airlines to hand national authorities passengers' data for all
flights from third countries to the EU and vice versa.
"We have adopted an important new tool for fighting terrorists and
traffickers. By collecting, sharing and analysing PNR information our
intelligence agencies can detect patterns of suspicious behaviour to be
followed up.
PNR is not a silver bullet, but countries that have national PNR
systems have shown time and again that it is highly effective”, said
Parliament's rapporteur for the proposal, Timothy Kirkhope (ECR, UK).
“There were understandable concerns about the collection and storage or
people's data, but I believe that the directive puts in place data safeguards,
as well as proving that the law is proportionate to the risks we face. EU
governments must now get on with implementing this agreement", Mr Kirkhope
added.
The text was approved by 461 votes to 179, with 9 abstentions.
Member states will have to set up "Passenger Information Units"
(PIUs) to manage the PNR data collected by air carriers. This information will
have to be retained for a period of five years, but after six months, the data
will be “masked out”, i.e., stripped of the elements, such as name, address and
contact details that may lead to the identification of individuals. PIUs will
be responsible for collecting, storing and processing PNR data, for
transferring them to the competent authorities and for exchanging them with the
PIUs of other member states and with Europol. The directive states that such
transfers shall only be made “on a case-by-case basis” and exclusively for the
specific purposes of “preventing, detecting, investigating or prosecuting
terrorist offences or serious crime”.
The directive is to apply to “extra-EU flights”, but member states could
also extend it to “intra-EU” ones (i.e. from an EU country to one or more other
EU countries), provided that they notify the EU Commission. EU countries may
also choose to collect and process PNR data from travel agencies and tour
operators (non-carrier economic operators), since they also manage flight
bookings.
Data protection
safeguards
·
National PIUs
will have to appoint a data protection officer responsible for monitoring the
processing of PNR data and implementing the related safeguards.
·
Access to the
full PNR data set, which enables users to immediately identify the data
subject, should be granted only under very strict and limited conditions after
the initial retention period.
·
All processing
of PNR data should be logged or documented.
·
Explicit
prohibition of processing personal data revealing a person´s race or ethnic
origin, political opinions, religion or philosophical beliefs, trade union
membership, health, sexual life or sexual orientation.
·
Review clause
The EU Commission will have to carry out a revision of the EU PNR directive
two years after its transposition into national laws. It must pay special
attention to compliance with personal data protection standards, the necessity
and proportionality of collecting and processing PNR data for each of the
stated purposes, the length of the data retention period, and also "the
effectiveness of the sharing of data between the member states".
Next steps
Following Parliament´s approval, the proposal needs now to be formally
approved by the Council. Once published in the EU Official Journal of the EU,
member states will have two years to transpose it into their national laws.
REF. :
20160407IPR21775
Updated: (14-04-2016 - 16:27)
Contacts
·
Estefania NARRILLOS
·
Press Service
·
Telephone number(+32) 2 28 31324 (BXL)
·
Telephone number(+33) 3 881 73661 (STR)
·
Mobile number(+32) 498 98 39 85
No comments:
Post a Comment