Out-Law News 1 min. read
01 Apr 2011, 12:28 pm
Plans to record information on every passenger entering and leaving the EU cannot be justified under European data protection law, European Data Protection Supervisor (EDPS) Peter Hustinx said in an opinion published this week.
The Commission has proposed a Passenger Name Record (PNR) Directive, which will extend the passenger-tracking systems already in use in the UK and US to all flights to and from countries outside the EU for the first time.
PNR data may include personal information such as home addresses, mobile phone numbers, frequent flyer information, email addresses and credit card details.
Hustinx said that the collection and use of PNR was sometimes justified, but that current plans go too far.
"Air passengers' personal data could certainly be necessary for law enforcement purposes in targeted cases, when there is a serious threat supported by concrete indicators," he said. "It is their use in a systematic and indiscriminate way, with regard to all passengers, which raises specific concerns."
To meet European data protection safeguards Hustinx insisted that data should be deleted after 30 days. He also called for further restrictions on the type of passenger information that could be collected.
Hustinx said that any system should be measured to determine whether it was working. This should be based not on the number of people prosecuted using PNR information but on the number of successful convictions, said the opinion.
He insisted that EU countries should be stopped from using the data in relation to minor crimes, An explicit definition of the types of crimes the information could be used to solve should be created, he said.
Hustinx proposed better data protection safeguards, particularly in relation to airline passengers' rights and the transfer of any information collected to countries outside of the EU.
The European Parliament has questioned the need for PNR arrangements with the US in the past, and has previously blocked transfer deals with US authorities.
The Home Office has expressed concern that the draft PNR Directive does not go far enough, and has indicated its support for extending any passenger-tracking system to flights between EU countries as well as those outside the region.
Earlier this month, the House of Lords urged the Government to opt in to the proposals, to ensure that it is changed to include all international flights.
Pinsent Masons and AmberhawkTraining will be running a data protection law update session on 11 April. Details and booking information (4-page / 164KB PDF)
