Frequently Asked Questions: Passenger Name Record
European Commission - MEMO/12/258 19/04/2012
Other available languages: none
Brussels, 19 April 2012
Frequently Asked Questions: Passenger Name Record
What is a Passenger Name Record (PNR)?
Passenger Name Record (PNR) is data provided by passengers when booking their flights. PNR are collected by air carriers to handle ticket reservations.
Why do the United States authorities require PNR data?
The analysis of PNR data is an important tool in the prevention of and fight against serious transnational crime and terrorism. U.S. law therefore requires all air-carriers operating to or from U.S. territory to provide PNR data to U.S. authorities.
For example, PNR data were of key importance in the cases of Mumbai plotter David Headley, New York City subway bomb plotter Najibullah and Time Square bomber Faisal Shahzad. In 2010, approximately one quarter of those individuals denied entry to the United States for having ties to terrorism were initially identified through the analysis of PNR data. PNR data is also one of the most used tools at United States borders to detect crimes such trafficking in illicit drugs and in human beings.
Why do we need the international agreement on PNR transfers to the US?
An agreement is necessary to ensure EU citizens' rights to privacy and protection of personal data. Such rules are also necessary to give air carriers legal certainty: in the absence of an international agreement on PNR transfers, air carriers would be forced to violate either U.S. law requiring PNR transfers or EU data protection rules prohibiting transfers of data to their countries without adequate legal guarantees set out in a binding agreement.
An EU-U.S. PNR agreement from 2007 exists already, but it applies only provisionally. The European Parliament considered that the 2007 agreement offered too little protection of privacy and personal data, and therefore asked the Commission to renegotiate it in 2010. The new agreement meets the Parliament’s concerns on the agreement from 2007, and offers long-term legal certainty.
For what purposes may the U.S. authorities use PNR data?
The new agreement allows the U.S. authorities to collect and use PNR data for the prevention or fight against serious transnational crime and terrorism. Both these terms are precisely defined drawing on relevant EU instruments. Serious crime is punishable by 3 or more years of imprisonment under U.S. law. This excludes, for example, the use of PNR for petty customs and immigration offences.
Is the EU-U.S. PNR agreement important for security in the EU?
Yes. The new agreement obliges the U.S. to share with law enforcement authorities in the EU leads (i.e. information obtained from analysis of PNR) on crime and terrorism which may affect the EU territory. This will contribute to the security of EU citizens.
How will the agreement improve data protection for individuals?
The agreement strengthens passengers’ rights: it clarifies that passengers have a right to information about the way their data is used, to access their PNR data held in U.S. databases, and it includes a new right for passengers to correct, and where relevant delete, their PNR data. There are also detailed provisions on the possibilities of administrative and judicial redress under U.S. law.
There are also important new provisions on data protection absent in the existing EU-U.S. PNR Agreement from 2007. In particular, the agreement prohibits decisions which affect passengers to be taken solely on the basis of an automated processing of data (so called ''profiling''), a human being must be involved to take the final decision.
The Agreement also describes how the use of PNR data will be subject to independent oversight by several U.S. entities, both inside and outside the U.S. Department of Homeland Security.
Does the PNR agreement protect EU citizens?
The agreement creates a legal obligation on the U.S. under international law to use its existing legislation to protect personal data in the way set out in the Agreement.
The U.S. will implement the Agreement in its national legal order through a System of records Notice (SORN) published in its Federal Register. Individuals can rely directly on the provisions transposing the Agreement into U.S. law.
This alone is a significant improvement of the existing EU-U.S. PNR agreement from 2007, which included most data protection provisions in a side letter - which raised concerns whether it was legally binding on the United States at all.
How long is PNR data stored?
The new Agreement specifies that PNR data may be used for not more than 10 years to prevent and combat serious transnational crimes, which is 5 years less than under the existing EU-U.S. PNR Agreement from 2007. For terrorist offences, the retention period remains at 15 years. By the end of the data retention period, all personal data elements are permanently deleted from the PNR.
Importantly, the Agreement requires PNR data to be depersonalized only 6 months after it is received, making the personal data elements (such as names, all available contact information or data collected from the passport) invisible to those U.S. officials normally working on the data. This alleviates data protection concerns related to the overall retention period.
How do air carriers transfer data to the US authorities?
The new Agreement has clear rules on how PNR data should be transferred by air carriers to the U.S., improving considerably the existing PNR Agreement from 2007. It recognises the push method as, in principle, the only mode of transfer of PNR data. This means that air carriers send PNR data to the U.S. and that U.S. authorities will not access the air carriers' reservation systems to extract data.
The Agreement allows pull of data by the U.S. only in very limited cases where air carriers are unable for technical reasons to respond to a timely request or in exceptional circumstances in order to respond to a specific, urgent and serious threat.
What are the means of redress for EU citizens in case his or her rights are violated?
The Agreement spells out what rights of redress any individual, irrespective of his or her nationality, have under U.S. law.
Anyone has full access to administrative redress and unlimited access to judicial review in the U.S. federal courts against any final decision of the U.S. authorities under the Administrative Procedure Act. Anyone can also appeal to a court against a decision refusing access to his data under the Freedom of Information Act.
The U.S. has implemented the Traveller Redress Inquiry Program available to everyone who believes that they have been delayed or prohibited from boarding a flight because they have been wrongly identified as a threat to security. Decisions under this programme and any other decision of the US Government can be subject to judicial review under the Administrative Procedure Act. If the court finds in favour of the complainant, it is possible to claim compensation.
May the U.S. authorities use sensitive data (revealing race, religion, health status)?
The Agreement provides extremely strict safeguards for processing of sensitive data. These data will be stored in a different database from other PNR data, and permanently deleted after 30 days.
Within the 30 day period, the data can only be accessed in exceptional cases, and with senior approval, where somebody's life is at stake or could be seriously impaired. Sensitive data are likely to be used very rarely: the last EU-U.S. joint review of how the existing EU-U.S. PNR Agreement from 2007 has been applied demonstrated that between 2007 and 2010 the authorities had never used such data although they had this possibility.
What does the Agreement say about onward transfers of PNR data from the U.S. to third countries?
The Agreement provides as a clear condition that onward transfers to third countries can only take place if the third country provides an equal level of data protection.
This means for example that the requirements on data security and retention periods must be applied by the third country. Data can only be transferred onward for use in support cases under examination or investigation.
The U.S. is obliged to notify the authorities of the relevant EU Member State when PNR data concerning one of its citizens is transferred onward. This ensures insight into the extent of the transfer of data.
Is the Agreement better than the existing EU-U.S. PNR Agreement from 2007?
Yes, the Agreement contains major improvements on the existing agreement from 2007.
First of all, contrary to the 2007 EU-U.S. PNR agreement, the Agreement is one single text, written in proper Treaty language, which leaves no doubts about the binding nature of the U.S. commitments.
The Agreement limits the use of PNR to the prevention, detection, investigation and prosecution of terrorism and serious transnational crime. The key notions "serious transnational crime" and "terrorism" are for the first time clearly defined drawing upon relevant EU instruments. A crime is considered as serious if it involves imprisonment of 3 years or more which is a great improvement compared to the existing EU-U.S. PNR Agreement under which PNR data was used to tackle offences punishable by 1 year of imprisonment.
The data retention period for serious transnational crime is shortened from 15 to 10 years. PNR data will be depersonalised six months after it is sent by air carriers, making those data elements which can be linked to an individual passenger (such as names, all available contact information or data collected from the passport) invisible to those U.S. officials normally working on it.
New provisions on data protection have been included such a prohibition on ‘automated decisions’, provisions on data security, on logging of all data processing to allow oversight and auditing, on correction and deletion of data by passengers, and on administrative and judicial redress as under United States law.
The Agreement also specifies how the use of PNR data will be subject to independent oversight by various data protection entities, and it establishes a system of regular joint reviews and a full evaluation after four years.
Finally, the Agreement obliges the United States to share PNR and leads on crime (analytical information derived from PNR data) with law enforcement authorities in the EU, to the benefit of security in the EU.
Is the EU-U.S. PNR Agreement compatible with the EU Treaties and EU data protection laws?
Yes. The Legal Service of the European Commission analysed the Agreement and found it compatible with the EU Treaties, the Charter of Fundamental Rights of the European Union and EU data protection laws. On that basis, the Agreement was approved by the Commission and by the Council of Ministers.