EU proposes airline passenger data law

EU proposes airline passenger data law

Summary: The European Commission wants to harmonise the way airlines hand over passengers' personal information to member states on flights in and out of the EU

SHARE:
TOPICS: Security
0

The European Commission has given details of proposed legislation that will compel airlines to hand over passenger information to EU member states.

Under the Commission's proposals, announced on Wednesday, passenger name record (PNR) data will be held by a special unit in a dedicated database, and will only be used to tackle terrorism and serious crime. The data, drawn from air carriers' reservation systems, will be anonymised after a month.

Damian Green minister

Immigration minister Damian Green has said the UK has not yet decided whether it will opt in to the European Commission's proposed passenger name record scheme. Photo credit: Home Office

These measures will form the backbone of the future PNR Directive, as the Commission sees it. It will govern all of the 27 countries in the EU, which presently have different approaches to passenger data.

"The proposal obliges air carriers to provide EU member states with data on passengers entering or departing from the EU, whilst guaranteeing a high level of protection of privacy and personal data," the Commission said in a statement.

Passenger name records, which cover everyone entering or leaving a country by air, were originally drawn up for commercial purposes, but have since been used to track supected criminals. Many member states already have regulations that force carriers to hand over data, but with no common data protection practices or retention periods.

The EU has temporary agreements with the US, Canada and Australia to provide information on passengers headed for those countries before a flight. The Commission is currently in separate talks about these bilateral agreements.

UK decision

The UK, which has a choice about adopting the PNR Directive, has not yet reached a decision about whether it will do so, according to the Home Office.

"The government will be looking carefully at the EU directive before making a decision about whether to opt in," immigration minister Damian Green said in a statement on Thursday.

"The ability to collect and process Passenger Name Record data is a vital tool for law enforcement and national security. Information sharing, with the appropriate safeguards in place, supports our collective efforts to undermine terrorism, fight smuggling, counter fraud and reduce abuse of our immigration system," he added.

Read this

Commission refers UK to court over privacy laws

The European Commission has asked the ECJ to rule on whether the UK's privacy laws are adequate, in a case that began with complaints about BT's trials of Phorm advertising technology

Read more+

Under the current UK e-Borders programme, transport operators must collect passenger data. This is stored in a centralised Home Office database for five years and can be archived for a further five years. The data includes personal information such as passport details and credit card details.

The UK Borders Agency has failed to meet a Home Office target of tracking 95 percent of journeys by December 2010. Home Office minister Baroness Neville-Jones said in a written parliamentary answer on Tuesday that around 55 percent of inbound and 60 percent of outbound passenger movements from the UK are processed through e-Borders, with over 90 percent of non-EU aviation passengers being checked. Damian Green ended the e-Borders contract with IT company Raytheon in July 2010.

Michele Cercone, a spokesman for the Commission's Home Affairs unit, said that it was important to hold passenger data in dedicated servers, suggesting this could allay concerns about how the data might be used.

"The special unit would make sure the data is not held by police or law enforcement, and means member states would have to create systems where anonymisation is technically possible," Cercone told ZDNet UK. "Data will be anonymised for data protection reasons."

The European Parliament and Council of Ministers will now discuss the Commission proposals for the PNR Directive and vote on whether to approve the text. The process should take approximately two years.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion