EU Passenger Name Records directive finally takes off

14-Apr-2016 @ 12:00

No items found. No items found. No items found.

An EU law allowing the collection and sharing of flight passenger data – to detect terrorist and serious criminal activity - finally took off today after five years of talks between MEPs and European governments.

The EU Passenger Name Records (PNR) directive has been steered through the European Parliament by Conservative MEP Timothy Kirkhope. It allows for the transfer of basic passenger information given at the time of booking a flight in the EU to identify patterns of suspect behaviour. Despite previous rejections, stiff opposition and even an earlier rejection by the European Parliament's civil liberties committee, the parliament in Strasbourg today adopted the law, which EU governments are expected to implement swiftly to assist in the detection of radicalised 'foreign fighters' returning from Syria.

Passenger Name Records are used already in the USA and UK to detect terrorist activity, drug and people trafficking. The data collected has proven valuable to highly-trained analysts and today's agreement will allow all data to be collected on all flights into and out of the EU, as well as flights within the EU as well.

Speaking after the adoption of the proposals Mr Kirkhope, MEP for Yorkshire and the Humber, said: "We have adopted an important new tool for fighting terrorists and traffickers.

"By collecting, sharing and analysing PNR information our intelligence agencies can detect patterns of suspicious behaviour to be followed up. PNR is not a silver bullet, but countries that have national PNR systems have shown time and again that it is highly effective.

"It has taken a number of years and hundreds of hours of negotiation, but finally we have an agreement. There were understandable concerns about the collection and storage or people's data, but I believe that the directive that we have adopted puts in place data safeguards, as well as proving that the law is proportionate to the risks we face.

"EU governments must now get on with implementing this agreement. We cannot afford to waste any more time in developing a robust response to the terrorist threat."



Specific details of the legislation include:

* A 5 years retention period of data for both terrorism and serious criminal offences.

* After 6 months of storage, data will be masked out (anonymised) by authorities.

* There is a specific and closed list of offences the data can be used to investigate and prosecute.

* There is a clear framework of rules for the use of data, including the need for a data protection officer in the relevant law enforcement units, guidance on handling the data, independent oversight and monitoring, and a clear reference to the new EU Data Protection legislation.

* The Directive also states that there will be a robust review mechanism after 2 years. The review includes assessing the need for non-carrier economic operators to be included in the scope. And for all aspects of the Directive to be assessed in light of proportionality and necessity; with particular reference to the requirements of the ECJ data retention Directive.

For background information on PNR, visit:

« Back