8/3/2019 EU Council Formally Approves Signature of PNR Agreement 13Dec2011

1/1

Print this article |

Copyright 2008 Europolitics. Tous droits rservs.

EU/US

Council formally approves signature of PNRagreementBy Manon Malhre | Tuesday 13 December 2011

Meeting in Council, the member states' foreign ministers adopted by qualified majority the

decision on the signature of the agreement between the United States and the European Union

on the transfer of passenger name records (PNR), on 13 December. The agreement has to be

approved by Parliament before returning to the Council for conclusion.

Data on airline passengers are transferred at present on the basis of a 2007 agreement being

applied provisionally after the EP decided not to give its consent until its data protection

concerns had been addressed. In an opinion published on 9 December on the new agreement,

the European Data Protection Supervisor (EDPS) expresses serious reservations.

The text provides greater detail on the purposes for which the data are used (Article 4) by US

authorities, namely to combat terrorism and serious cross-border crime (serious infringements

punishable by at least three years' imprisonment).

It also contains provisions for depersonalising the data six months after receipt by the US

Department of Homeland Security (DHS). After five years, the data are then placed into a

"dormant database," protected by strict access restrictions. Data retention is limited to ten

years for serious forms of transnational crime and 15 years for terrorism. The agreement also

organises the transfer of PNR data under a 'push' method: data are transmitted to the US

authorities from air carriers' databases. The American authorities can nevertheless decide to

access these bases directly ('pull' method) in exceptional circumstances (Article 15-5).

To avoid 'profiling', the US authorities will not be allowed to take decisions against an

individual solely on the basis of automated data processing.

EDPS has misgivings

For the European Data Protection Supervisor (EDPS), the 15-year data retention period isexcessive and the purposes for which the data are used are defined too broadly. While these

are more precise than in the 2007 agreement, "there are still some vague concepts and

exceptions that could override the purpose limitation and undermine legal certainty," states its

opinion, published the same day. The EDPS also urges the parties to delete exceptions to the

'push' method and to exclude sensitive data from the list of data transferred to the US

authorities (racial or ethnic origin, political views or religious beliefs), even though such data

are automatically filtered and masked by the American authorities.

EUROPOLITICS /Sectorial policies

Page 1 of 1Europolitics

12/15/2011http://www.europolitics.info/external-policies/council-formally-approves-signature-of-pnr-agreeme...