Brussels, 17 November 2011
Frequently Asked Questions: the new EU-US agreement on the transfer of Passenger Name Record (PNR) data
The European Commission has initialled an agreement with the US that, if endorsed by the Council and the European Parliament, would replace the existing agreement from 2007 that currently regulates the transfer of Passenger Name Record (PNR) by air carriers to the US. The request to re-negotiate the existing PNR Agreement came from the European Parliament as part of its new role in the post-Lisbon era, and Commissioner Malmström started negotiations in December 2010 after receiving negotiating authorisation from the Council. The new text represents a substantial improvement over the existing 2007 Agreement and Commissioner Malmstrom intends to ask the green light of the Council and the European Parliament to sign it soon.
What is PNR data?
PNR data is information provided by passengers, and collected by air carriers for their own commercial purposes. It has been used manually for almost 60 years by customs and law enforcement authorities around the world. Technological developments have made a more systematic use for law enforcement purposes possible, which, in turn, has highlighted the need for rules on how the data is collected, used and stored.
PNR data is stored in airlines' reservation and departure control databases. It contains several different types of information, such as travel dates, travel itineraries, ticket information, contact details, the travel agent with which the flight was booked, the means of payment used, seat numbers and baggage information.
What purposes/offences will be covered by the Agreement?
The new agreement contains a detailed description of what purposes PNR will be used for. These are the prevention, detection, investigation and prosecution of terrorism and certain transnational crimes. Transnational crimes are defined as crimes punishable by 3 years of imprisonment or more under US law. This excludes minor crimes while allowing PNR to be used to tackle serious crimes such as drug trafficking, human trafficking and terrorism. PNR can also be used on a case-by-case basis for the protection of vital interests of passengers, for example to protect against communicable diseases, or if ordered by a US court.
The agreement further clarifies how PNR is relevant when passengers travel to or from the US. In particular, the agreement clarifies that PNR may, in accordance with its purpose and scope, be processed to identify persons who may require further examination. This ensures that authorities are adequately prepared for the arrival and departure of such persons. This process therefore provides very important advantages in terms of facilitating legitimate travel, by contributing towards faster border controls for persons who may not require further examination.
How long can PNR data be retained?
The new Agreement will ensure that data can only be stored for a limited period of time, and it introduces an important new element: depersonalisation of the data just 6 months after it is sent to the US. The new Agreement means that data can be retained a total of 15 years.
However, while the US will be allowed to use PNR data for terrorist-related offences for 15 years, it will only be allowed to use PNR data in order to prevent and fight transnational crime for 10 years, which is 5 years less than under the existing PNR Agreement from 2007.
Of the total of 15 years, after the first 5 years these data will be moved to a dormant database with additional controls and even stricter requirements for US officials to access them, including a depersonalisation of the data after just 6 months of retention. This is a considerable improvement compared to the existing PNR Agreement from 2007 which allows all PNR data to be retained for 15 years, without any depersonalisation at all, and with data moved to the dormant database only after 7 years.
How will PNR data be transmitted?
The new Agreement has clear rules on how PNR data should be transferred from air carriers' databases to the US, improving considerably the existing PNR Agreement from 2007. It recognises the so-called "push method" as, in principle, the only mode of transfer of PNR data. This means that air carriers send PNR data to the US and that US authorities will not access the air carriers' reservation systems to extract data themselves.
There are only two specific exceptions to that rule: A technical failure preventing an air carrier from sending data and, in very exceptional circumstances, where it is necessary to prevent an urgent and serious threat. So, over time the pull system will be used very rarely. Also on this point, there is considerable improvement over the existing PNR Agreement from 2007.
How much data will be transferred – more or less than today?
PNR data for passengers on all flights from the EU to the US will be transferred from air carriers' databases to the US Department of Homeland Security. The Agreement allows for 19 data types to be transferred. On these points, there is no change of the existing 2007 PNR Agreement.
How will personal data be protected?
Protection of personal data has been a priority for Commissioner Cecilia Malmström since the beginning of the negotiations in December 2010, and the new Agreement will include clear and robust provisions on passengers' rights to privacy.
First of all it introduces an important new element: just 6 months after it is sent to the US data will be depersonalised. In a nutshell, this means that elements of personally identifiable information contained in the PNR such as a person's name and contact information will be masked out and made inaccessible to US officials.
To make sure personal data are fully protected, the new Agreement also provides that passengers can obtain access to their PNR, can request the correction of their data, including their erasure and deletion, and can seek administrative and judicial redress as provided for under US law. Sensitive data (such as health information or the type of meal requested by the passenger) will be stored in a different archive and deleted after 30 days.
New data protection guarantees will also be part of the Agreement. For example, it will not be possible to take decisions adversely affecting passengers based only on automated processing of data. The aim of this is to prevent illegal profiling
Stricter rules will apply to prevent loss or unauthorised disclosure of personal data. Independent oversight of the processing of PNR data will be done by entities such as the Chief Privacy Officer, the Department of Homeland Security Office of inspector General, the US Government Accountability Office and the US Congress.
What does the redress mechanism look like?
All passengers will be able to seek administrative and judicial redress as provided for under US law. The new Agreement lays down clearly the options available under the US law to seek administrative and judicial redress. For example, any individual could petition for judicial review under the Freedom of Information Act or any individual can resolve travel-related enquiries under the Department of Homeland Security Traveller Redress Inquiry Program (DHS TRIP).
Can the US transfer PNR data to third countries?
The Agreement contains strict rules on sharing of PNR data by the Department of Homeland Security with other US authorities and with third countries. Sharing is limited to third countries offering a high level of data protection. PNR data may never be shared in bulk, only on a case-by-case basis, and only for the purposes of fighting transnational crime and terrorism.
Will the new agreement have a limited duration?
The Agreement will have duration of 7 years and is automatically renewable, to provide legal certainty in the long term. It is possible for both the EU and the US to terminate the agreement at any point in time. On the EU side, this means that the Commission has to submit a proposal to terminate the Agreement, which the Council has to adopt after the European Parliament has given its consent.
For more information