The European Union will adopt soon a Directive on the long-term storage and use of “Passenger Name Records” (PNR) for the purpose of profiling individuals as possible serious criminals or terrorists.
What is a Passenger Name Records (PNR)?
Passenger Name Records (PNR) include information provided by passengers and collected by air carriers for commercial purposes. PNR can contain several pieces of additional information such as dates, itinerary and contact details. All PNR data is stored in airlines’ databases.
PNR was originally intended to be used only as a record that contains the itinerary for a passenger or for a passengers travelling as part of a group. The idea was to allow the exchange of reservation information between airlines in case passengers required using different companies in order to reach their final destination. The PNR is created when someone books a flight. At that moment, the travel agent or the website managing the trip creates a PNR in a computer reservation system (CRS).
Are records anonymised or encrypted after six months?
No. Contrary to the evidence presented to the EU’s highest court, the Court of Justice of the European Union, by the European Commission, records will not be anonymised or encrypted. Certain personal information will be “masked out” after six months, but the data can be easily re-personalised.
Will the legislation ensure better cooperation among EU Member States?
No. Shockingly, the Member States insisted that there should be no obligation for better cooperation or better data sharing.
What kind of data is included?
Passenger Name Records (PNR) now can include every type of data provided by the passengers, such as, but not only, the date of the trip and complete itinerary, the name and contact information, the form of payment, frequent flyer information, meal preferences and medical information. In some cases, the airlines will have access to other data such as hotel bookings, car rentals, train journeys, travel associates, etc.
Optionally, agencies may also require more data, such as fare details, tax amounts paid, the form of payment used, further contact details, age details if it is relevant to the travel, frequent flyer data and special Service Requests.
The full list of data required by the EU PNR Directive is:
- PNR record locator
- Date of reservation/issue of ticket
- Date(s) of intended travel
- Address and contact information (t elephone number, e-mail address)
- All forms of payment information, including billing address
- Complete travel itinerary for specific PNR
- Frequent flyer information
- Travel agency/travel agent
- Travel status of passenger, including confirmations, check-in status, no show or go show information
- Split/divided PNR information
- General remarks (including all available information on unaccompanied minors under 18 years, such as name and gender of the minor, age, language(s) spoken, name and contact details of guardian on departure and relationship to the minor, name and contact details of guardian on arrival and relationship to the minor, departure and arrival agent)
- Ticketing field information, including ticket number, date of ticket issuance and one-way tickets, Automated Ticket Fare Quote fields
- Seat number and other seat information
- Code share information
- All baggage information
- Number and other names of travellers on PNR
- Any Advance Passenger Information (API) data collected (inter alia document type, document number, nationality, country of issuance, date of document expiration, family name, given name, gender, date of birth, airline, flight number, departure date, arrival date, departure port, arrival port, departure time, arrival time)
- All historical changes to the PNR listed in numbers 1 to 18
What does PNR add in terms of prevention of terrorism and transnational crimes to other existing systems?
Nothing. There are other ways to access this type of information. For example, law enforcement agencies and intelligence agencies can require to access PNR data via a court order, following the regular procedures prescribed by law.
Furthermore, other measures that authorities can use to identify subjects who may be involved in criminal activity, such as the Schengen Information System(1), the Visa Information System(2), Eurodac(3) and ECRIS(4) and API data (Advance Passenger Information).
Is it true that PNR will help to stop terrorists?
No. In many of the recent terrorist attacks the terrorists had already been flagged as people who needed further tracking. Thus, the attackers from the last terrorist incident in Paris were already known to French authorities and details of their travels were also known (7). An EU PNR Directive would not have brought any more security, only more risks. For example, there have already been cases of people being wrongly labeled on these lists based on profiling schemes and, consequently, handed over to repressive regimes and tortured (8).
Rather than creating new surveillance measures, the EU should look for more active and effective cooperation between law enforcement agencies in the EU(5)(6).
Has the EU PNR Directive been proved to be effective, proportionate or necessary?
No. The Directive is being adopted despite concerns raised by the Fundamental Rights Agency (FRA), the European Data Protection Supervisor (EDPS) and Article 29 Working Party. A study undertaken for the Council of Europe explained that “no serious, verifiable evidence has been produced by the proponents of compulsory suspicionless data collection to show that data mining and profiling by means of the bulk data in general, or the compulsory addition of bulk PNR data to the data mountains already created in particular, is even suitable to the ends supposedly being pursued –let alone that it is effective”.(9)
However, the supporters for PNR seem to follow the unquestioning belief that any form of long-term data storage – including PNR – will be valuable.
What is EDRi’s view on PNR systems?
The right to privacy and the right to data protection are fundamental rights. They are not just a social convention, but legally enforceable rights, enshrined in the Treaties, laws and the Charter of Fundamental Rights. In line with the Charter of Fundamental Rights, infringements of fundamental rights (by long-term storage of such data) are only permissible if they “genuinely meet objectives of general interest”. PNR does not respect this principle.
What are the main problems of the EU PNR proposal?
- Unlawful Blanket Data Retention: After the European Court of Justice ruling that the invalidated the Data Retention Directive, it is difficult to believe that the current PNR proposal would be considered lawful.
- Excessive Data Retention Period: Even if the retention of data would be considered legitimate, in the PNR context the proposed five-year period significantly longer than could be reasonably deemed as necessary or proportionate. In the European Court hearing on data retention, neither the European Commission nor the individual Member States were able to give any justification for the retention periods demanded.
- Lack of concrete protections from arbitrariness: In the text, it is unclear how the profiling will be done.
- There are existing measures (VIS(10), SIS(11) and API(12) which already provide sufficient information: There is no evidence on whether another system would be needed.
- Lack of evidence showing that these measures are effective, necessary and proportionate in the investigation or prevention of serious crimes: From the European Commission’s own impact assessment (13), there is no concrete evidence on the actual usefulness of PNR collection for the tackling of serious crime or terrorist offences. It is particularly worrying that the European Commission states in its proposal that “PNR data is unverified information provided by passengers” (14) while remaining convinced – despite their questionable accuracy – it could be used in real time “to prevent a crime”.
- Lack of proportionality: Fundamental Rights Agency (FRA), the European Data Protection Supervisor (EDPS) and Article 29 Working Party agree on the lack of proportionality of the proposal. The proposed EU PNR system foresees data collection and analysis for all passengers on international flights without any sort of targeting.
- Excessive costs: Transposing such Directive will bring significant costs for Member States. The high expenditure is confirmed by the European Commission’s impact assessment, which put the cost at hundreds of millions of euro.
13 European Commission impact assessment on the proposal for an EU PNR Directive: http://ec.europa.eu/smart-regulation/impact/ia_carried_out/docs/ia_2011/sec_2011_0132_en.pdf
14 Commission proposal for a Directive on the use of Passenger Name records, Page 3: http://ec.europa.eu/home-affairs/news/intro/docs/com_2011_32_en.pdf