Brussels, 2 February 2011
EU Passenger Name Record (PNR) - Frequently Asked Questions
What is PNR and what data does it contain?
PNR data is information provided by passengers, and collected by the air carriers for their own commercial purposes. It contains several different types of information, such as travel dates, travel itinerary, ticket information, contact details, travel agent at which the flight was booked, means of payment used, seat number and baggage information. The data is stored in the airlines' reservation and departure control databases.
PNR data has been used manually for almost 60 years by customs and law enforcement authorities around the world. Technological developments have made a more systematic use for law enforcement purposes possible.
What is the aim of this proposal?
The proposal for an EU PNR Directive is part of the wider agenda to better protect European citizens against security threats, such as terrorism or serious crime, as identified in the EU Internal Security Strategy in Action presented by the Commission in November 2010 (IP/10/1535).
The United States, Canada and Australia currently oblige EU air carriers to make PNR data available for all persons who fly to and from these countries. The experience of those countries, and of the Member States that use PNR data, shows that PNR data are necessary to fight serious crime and terrorism.
The proposal obliges air carriers to transfer the PNR data of passengers on international flights to the Member States of arrival or departure. There the PNR data will be analysed and used for the purpose of fighting serious crime and terrorism.
The proposal aims to create a coherent EU wide system which ensures close cooperation between law enforcement authorities within the EU. It also harmonises the national systems in order to avoid that, with several Member States preparing their own PNR legislation, up to 27 considerably diverging systems may be created. This could result in uneven levels of protection of personal data across the EU, security gaps, increased costs, and legal uncertainty for passengers and carriers.
What are PNR mainly used for?
PNR data may be used in three ways:
pro-actively: to establish general objective 'assessment criteria' for which passengers should be subject to additional checks before or upon arrival (e.g., passengers travelling on a particular route which an analysis of PNR data shows is particularly likely to be used by drug traffickers).
real-time: to check the PNR data against such objective assessment criteria prior to the arrival or departure of passengers and against databases of persons and objects sought, to prevent crimes being committed.
re-actively: after a crime has been committed to facilitate the investigation, prosecution, and unravelling of criminal networks.
How will the proposed EU PNR system work?
PNR data is recorded in electronic systems by airlines and travel agents when passengers book flights. The Directive proposal requires each Member State to collect and process the PNR data of passengers entering or departing from the EU to countries outside of the Union. Air carriers in the EU will be required to send the PNR data in their reservation systems to the competent authorities of the Member State it operates the flight from or to. These data will be retained for a short period of time and enable law enforcement authorities to compare them with other existing files, as well as analysing the data in order to identify previously 'unknown' persons. It will be a decentralised system, with data management at national level - each Member State informing its partners of the results obtained from analysing the data.
How will the Member Sates cooperate under the proposed EU PNR system?
Member States will share the alerts created from the processing of PNR data with other Member States, where such sharing is necessary for the prevention, detection, investigation and prosecution of terrorist offences and serious crime. In addition, Member States will have the right to request PNR data from another Member State in support of a specific investigation.
How long can the PNR data be retained?
PNR data will be retained for 30 days after the flight, and be kept in a dedicated unit in the Member State of arrival or departure. Member States must then make the data anonymous, and as such it must not be retained for more than five years. The anonymous PNR data can be re-personalised only under very strict conditions, i.e. one a case-by-case basis where there a person is suspected of serious crime or terrorist offence in a specific criminal investigation.
What about sensitive data?
Sensitive data are any personal data that could reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data concerning health or sexual life of the individual concerned. The proposal completely prohibits the use of sensitive data. To the extent that such data can be found in PNR, they may not be transmitted to Member States. If they are transferred, by mistake by air carriers, they must be deleted by the Member States.
How will the data be transmitted by the carriers to the Member States?
There are two methods of transmission of data by carriers: the "push" and "pull" methods. With the "push" method carriers transmit (push) the required PNR data into the database of the requesting authority. With the "pull" method, the requesting authority can reach in to the carrier's reservation system and extract (pull) a copy of the required data into their database. The proposal obliges all carriers to transmit the data using exclusively the "push" method.
What are the safeguards for the protection of personal data?
Purpose limitation: the scope of the proposal is limited to the processing of PNR data for the purpose of prevention, detection, investigation and prosecution of terrorist offences and serious crime1. For the pro-active use of PNR data, the scope is further limited to terrorist offences and transnational serious crime.
Retention period and anonymisation: PNR data must be anonymised after 30 days. The anonymous data is retained for a period of maximum five years.
Sensitive data: the collection and processing of sensitive data is completely prohibited.
Automated Individual Decisions: no decision producing an adverse legal effect on a person or seriously affects him/her may be taken only by reason of the automated processing of PNR data (i.e. an individual must always take the final decision to deny boarding/entry).
Mode of transmission: Member States will not be able to access the databases of air carriers, the data must be requested and sent to them by the air carriers concerned (‘push method’).
Confidentiality of processing: Member States must treat PNR data in a confidential manner.
Data Security: PNR data must be protected against misuse and unlawful access by all appropriate technical, security procedures and measures to safeguard the security, confidentiality and integrity of the data.
Right of Information: Passengers will be informed about the purpose of processing of personal data, whom will be processing the data, what legislation applies, the types of third parties to whom data could be disclosed and how and from where redress can be sought.
Access, rectification and deletion: Passengers will be provided with access to his or her PNR data as well as, where appropriate, the right to seek rectification and deletion of his or her PNR data.
Redress: Passengers will have the right to effective administrative and judicial redress where data protection rules have been violated, as well as the right to compensation.
Institutional setup: Member States are required to establish a single designated unit (Passenger Information Unit) responsible for handling and protecting the PNR data.
Oversight: The national supervisory authorities that have been established in Member States under Council Framework Decision Framework Decision 2008/977 on the Protection of Personal Data will have power to exercise oversight over the activities carried out under the draft Directive.
Restrictions on onwards transfer to third countries: A Member State may only transfer PNR data to a third country on a case-by-case basis where necessary for the purpose of this Directive and if the third country agrees not to transfer to another third country without the express authorisation of the Member State. Furthermore, the safeguards provided for in Council Framework Decision 2008/977 on the Protection of Personal Data must be respected.
How does this proposal relate to past initiatives?
In 2007, the European Commission adopted a proposal for a Council Framework Decision on the use of Passenger Name Record data for law enforcement purposes. With the entry into force of the Lisbon Treaty, this draft framework, which had not been adopted by the Council by that date, became obsolete.
The Council's Stockholm programme on freedom, justice and security subsequently called for the re-tabling of this proposal and the Commission announced its intention to proceed in its Action Plan implementing the Stockholm Programme.
The current proposal replaces the one from 2007 and is presented under the provisions and the procedures of the Lisbon Treaty. It takes into account the views expressed by Member States in Council discussions on the draft Framework decision, as well as the recommendations of the European Parliament as stated in its Resolution of 20 November 2008 and the opinion of the European Data Protection Supervisor.
What impact will the proposal have on fundamental rights?
The proposed Directive builds upon the draft Framework Decision it replaces, but is based on a new impact assessment study and addresses the opinions/concerns of interested parties. Both had a major impact in shaping the legislative proposal. The proposed Directive further adapts the proposal to the Lisbon Treaty framework and enhances/increases the data protection safeguards.
The provisions of the draft Directive are fully compatible with inter alia the right to protection of personal data of Article 8 of the Charter of Fundamental Rights of the EU and Article 16 of the Treaty on the Functioning of the European Union. The proposal is also in line with the data protection principles of the Council Framework Decision on the Protection of Personal Data processed in the Framework of Police and Judicial Co-operation in Criminal Matters 2008/977/JHA and in certain cases goes even further, for example by providing for an absolute prohibition of the use of sensitive data and stricter conditions on transfers of data to third countries.
The national supervisory authorities that have been established in Member States under Council Framework Decision Framework Decision 2008/977 on the Protection of Personal Data will have power to exercise oversight over the activities carried out under the draft Directive.
Why is the proposal only covering air transport?
Only air carries collect PNR data in a systematic way. The proposal will not oblige carriers to collect any information that they do not already collect for their own commercial purposes. It merely aims at using the information that carriers already collect.
Why is the proposal only covering international flights?
Given that the objectives pursued by the collection of PNR data are the same inside and outside of the EU, there would be an added value in including internal flights, i.e. flights between Member States. Making the instrument applicable to all travel, including internal travel, though favoured by some Member States, is however considered premature at this stage. Considering the large number of travellers on internal flights, which is three times more than the number of passengers on international flights, the costs of setting up and operating the system would be much higher. A system including internal flights could however be considered in the future. The draft Directive proposes to assess the possibility and necessity of including internal flights in an in-depth evaluation a couple of years after the measure has been in operation. The experience of those Member States that collect PNR data on internal flights by that point should be taken into account in the evaluation.
How will the existing national PNR systems in some Member States be affected?
Member States would, in some instances, have to adjust their national systems to comply with the draft Directive.
What has been done so far in the field of PNR cooperation with non-EU countries?
Currently there are PNR agreements between the EU and three third countries, the United States, Canada and Australia which are provisionally applicable. They require air carriers to make available to the competent authorities the PNR data of all persons who fly to and from the USA, Canada and Australia for the purpose of combating terrorism and transitional serious crime.
In September 2010 (IP/10/1150), the European Commission adopted a package of proposals on the exchange of PNR data with third countries, consisting of an EU external PNR strategy and recommendations for negotiating directives for new PNR agreements with the United States, Australia and Canada (negotiations have since started and are ongoing).
For more information
Homepage of Cecilia Malmström, EU Commissioner for Home Affairs:
Homepage of DG Home:
As defined in the European Arrest Warrant Framework Decision (2002/584/JHA)