EC plans to profile all passengers in and out EU

By EDRi · November 7, 2007

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The European Commission(EC) put forward on 6 November 2007 a PNR plan that
is almost similar to the EU-USA PNR (Passenger Name Records) agreement. The
EU PNR plan is part of a new package of proposals “aimed at improving the
EU’s capabilities in the fight against terrorism.”

According to this proposal, EU will have to collect 19 pieces of personal
data on air passengers coming into and leaving the EU space, including phone
number, e-mail address, travel agent, full itinerary, billing data and
baggage information. The information will be collected in analysis units
that will make a “risk assessment” of the traveller, which could lead to
the questioning or even refusal of the entry. The data is to be kept for
five years and then another eight years in a “dormant” database.

“The availability of PNR data … is necessary for the purpose of preventing
and fighting terrorist offences and organised crime,” is the reason
expressed by the draft.

In October 2007, Justice Commissioner Franco Frattini told Parliament
members that the creation of a PNR database was justified by the high level
of terrorist risk for Europe. “The Union is at least as much a potential
target of a terrorist attack as the United States, and the use and analysis
of passenger name records is an important law enforcement tool to protect
our citizens”.

However, legal experts, human-rights groups and data-protection activists
oppose this plan and find it a threat to privacy.

Tony Bunyan, editor of Statewatch stated: “This is yet another measure that
places everyone under surveillance and makes everyone a “suspect” without
any meaningful right to know how the data is used, how it is further
processed and by whom [.] We have already got the mandatory taking of
fingerprints for passports and ID cards and the mandatory storage of
telecommunications data of every communication, now we are to have the
mandatory logging of all travel in and out of the EU. The underlying
rationale for each of the measures is the same – all are needed to tackle
terrorism. Yet there is little evidence that the gathering of “mountain upon
mountain” of data on the activities of every person in the EU makes a
significant contribution. On the other hand, the use of this data for other
purposes, now or in the future, will make the EU the most surveilled place
in the world”.

MEP Sophie in ‘t Veld has also made an appeal to the European Commission to
make an analysis of the situation in USA and Canada in order to verify the
effectiveness of such a system before taking any decision on a similar
system in Europe. “EU counter-terrorism policies must be regularly assessed
on their effectiveness.their impact on reducing the threat and increasing
security, on improving cooperation and exchange between countries and
agencies, as well as an evaluation of the cumulative impact of individual
measures on privacy and civil liberties,” she stated.

The Commission’s proposal for EU PNR is proposed as a Framework Decision
meaning that the European Parliament is only consulted and its opinion can
be ignored as it happens on a regular basis. The European Council can, in
its secret working parties, change at will this legislative proposal.

Another question raised is why 2004 Directive on the collection of API
(Advance Passenger Information), meant to be applied by all member States by
September 2006, is not enough in supporting the fight against terrorism and
is not yet applied. The API data is more limited including only name,
nationality, passport number, date of birth and the details related to the

The proposal did not take into consideration the opinions of EU’s Article 29
Data Protection Working Party which, during the consultation period
concluded that they “have not seen any information presented by the
Commission that would substantiate the pressing need to process PNR data for
the purpose of preventing and fighting terrorism and related crimes or law
enforcement”. They also stated that “Bulk transfer of personal data, which
would include unsuspected travellers to other authorities would be
disproportionate, as data may only be provided to an authority if necessary
for a given purpose”.

Concerning data protection, the draft proposal has in view the Council
Framework Decision on the protection of data for police and judicial
cooperation that should apply to the proposed PNR scheme as well. However,
the decision has not been adopted and offers very little protection to
individuals. The decision ignored the opinions of the European Parliament,
the European Data Protection Supervisor, and the EU’s Article 29 Data
Protection Working Party and allows the personal data exchange with third
states such as USA.

On the other hand, the draft makes no reference to 1995 EC Directive on data
protection covering the collection of PNR data by the airlines.

PNR (passenger name record) scheme proposed to place under surveillance all
travel in and out of the EU (1.11.2007)

Draft Framework Decison on the use of PNR data (22.10.2007)

EU plans anti-terror screening for air passengers (5.11.2007)

EU plans to collect personal data on air passengers (4.11.2007)

Fight Against Terrorism: stepping up Europe’s capability to protect citizens
against the threat of terrorism (6.11.2007)

EDRI-gram Final agreements between EU and USA on PNR and SWIFT (4.07.2007)