eu council formally approves signature of pnr agreement 13dec2011
TRANSCRIPT
-
8/3/2019 EU Council Formally Approves Signature of PNR Agreement 13Dec2011
1/1
Print this article |
Copyright 2008 Europolitics. Tous droits rservs.
EU/US
Council formally approves signature of PNRagreementBy Manon Malhre | Tuesday 13 December 2011
Meeting in Council, the member states' foreign ministers adopted by qualified majority the
decision on the signature of the agreement between the United States and the European Union
on the transfer of passenger name records (PNR), on 13 December. The agreement has to be
approved by Parliament before returning to the Council for conclusion.
Data on airline passengers are transferred at present on the basis of a 2007 agreement being
applied provisionally after the EP decided not to give its consent until its data protection
concerns had been addressed. In an opinion published on 9 December on the new agreement,
the European Data Protection Supervisor (EDPS) expresses serious reservations.
The text provides greater detail on the purposes for which the data are used (Article 4) by US
authorities, namely to combat terrorism and serious cross-border crime (serious infringements
punishable by at least three years' imprisonment).
It also contains provisions for depersonalising the data six months after receipt by the US
Department of Homeland Security (DHS). After five years, the data are then placed into a
"dormant database," protected by strict access restrictions. Data retention is limited to ten
years for serious forms of transnational crime and 15 years for terrorism. The agreement also
organises the transfer of PNR data under a 'push' method: data are transmitted to the US
authorities from air carriers' databases. The American authorities can nevertheless decide to
access these bases directly ('pull' method) in exceptional circumstances (Article 15-5).
To avoid 'profiling', the US authorities will not be allowed to take decisions against an
individual solely on the basis of automated data processing.
EDPS has misgivings
For the European Data Protection Supervisor (EDPS), the 15-year data retention period isexcessive and the purposes for which the data are used are defined too broadly. While these
are more precise than in the 2007 agreement, "there are still some vague concepts and
exceptions that could override the purpose limitation and undermine legal certainty," states its
opinion, published the same day. The EDPS also urges the parties to delete exceptions to the
'push' method and to exclude sensitive data from the list of data transferred to the US
authorities (racial or ethnic origin, political views or religious beliefs), even though such data
are automatically filtered and masked by the American authorities.
EUROPOLITICS /Sectorial policies
Page 1 of 1Europolitics
12/15/2011http://www.europolitics.info/external-policies/council-formally-approves-signature-of-pnr-agreeme...