Do you have any questions? Contact us.
Agreement on the processing and transfer of passenger name record data by air carriers to the United States Department of Homeland Security (2007 PNR Agreement)
Through this Agreement, the European Union and the United States strengthen and secure their cooperation in the field of the processing and transfer of passenger name record (PNR) data by European air carriers to the US Department of Homeland Security.
Council Decision 2007/551/CFSP/JHA of 23 July 2007 on the signing, on behalf of the European Union, of an Agreement between the European Union and the United States of America on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the United States Department of Homeland Security (DHS) (2007 PNR Agreement)
Agreement between the European Union and the United States of America on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the United States Department of Homeland Security (DHS) (2007 PNR Agreement).
The purpose of sharing passenger name record (PNR) data is to combat terrorism and organised crime, protect people's vital interests and prevent the flight of individuals from warrants or custody issued against them.
This Decision consists of the Agreement, the accompanying letter from the United States Department of Homeland Security (DHS) and the letter of the European Union (EU) in reply. Applicable for seven years, it requires airlines to transfer data to DHS concerning passengers transported to or from the United States. In return, DHS undertakes to guarantee a high level of protection. The Decision advocates the application of security measures on data transfers and calls on the parties to respect the fundamental rights and freedoms of passengers.
Type of passenger name record (PNR) data collected
DHS obtains PNR data from the air carriers, flight tickets and travel documents. The data collected concern:
- APIS information (name, civil status, date of birth, nationality, country of residence, etc.);
- the journey (date of reservation/issue of ticket, travel date, itinerary, baggage, seat number, travel status of passenger, travel agency used);
- the flight ticket (free tickets, upgrades, ticket issue, price, number, form of payment used and billing);
- PNR (record locator code, names on PNR, split/divided PNR information and all historical changes made to PNR);
- all available contact information;
- OSI (Other Service Information), SSI and SSR (Special Services) data.
"Sensitive" PNR data
Sensitive PNR data relate to ethnic origin, philosophical, political or religious beliefs, trade union membership and the health and sex life of the individual. Once this information has been received, DHS employs an automatic system to filter the sensitive codes and terms. DHS undertakes not to use this information and to delete it promptly.
However, where lives are in danger and the passenger has supplied such information, DHS is authorised to use it, provided that it maintains a log of access to these data and deletes them within thirty days. It is required to inform the European Commission (within 48 hours) that it has accessed these data.
PNR data protection and transmission
The letter from DHS accompanying the Agreement explains how the latter collects, uses and stores PNR data. It treats the information as sensitive and confidential. DHS may transmit it to the US authorities responsible for law enforcement, public security or counterterrorism and to countries capable of ensuring data protection, but only for the same purposes as those for which DHS received the data (mainly to combat terrorism and organised crime).
If the air carriers have a system complying with DHS technical requirements, they will transmit the data to DHS via a 'push' system. On the other hand, they will transmit the data via a 'pull' system if the carrier has not implemented such a system. It is for the carriers to initiate the transition to a 'push' system.
DHS receives PNR data 72 hours before the scheduled departure. It may ask to receive them earlier if necessary. It nevertheless undertakes to make this type of request judiciously and with proportionality.
DHS retains the data in an analytical database for 7 years, after which time the data are stored for a further 8 years, but in dormant, non-operational status. They may be accessed only with approval of a senior DHS official. The two parties will reach agreement to determine when PNR data must be destroyed. Only those related to a specific investigation in progress may be retained.
Right of access and right of inspection
DHS extends the American Privacy Act provisions to PNR in its possession. Administrative, civil and penal sanctions are therefore provided for in the event of failure to respect privacy and unauthorised disclosure.
The EU, US and the aviation industry cooperate so that passengers are informed about how the governments may use the information concerning them. DHS informs and replies to questions from the public on PNR data through publications in the Federal Register and standard notices made available and published on its website.
DHS undertakes not to disclose PNR data to the public (apart from the persons concerned).
Cooperation and reciprocity
DHS transmits analytical data flowing from PNR data to the European police and judicial authorities concerned, Europol and Eurojust. The European authorities do the same to the US authorities.
Both parties ensure that their systems work effectively. The Secretary of Homeland Security (DHS) and the Commissioner for Justice, Freedom and Security (EU) periodically review the application of this decision.
The transfer to the US authorities of PNR data held by European airlines has been the subject of successive agreements. The most recent is dated 19 October 2006 and expired on 31 July 2007. For this reason, the Council decided (on 22 February 2007) to authorise the Presidency to open negotiations, which gave rise to the present Agreement.
This Agreement is applicable as of the date of signature. It enters into force on the first day of the month after the date on which the parties have notified one another that they have completed their internal procedures.
|Act||Entry into force - Date of expiry||Deadline for transposition in the Member States||Official Journal|
|Decision 2007/551/CFSP/JHA||23.7.2007||-||OJ L 204 of 4.8.2007|