Agreement between the European Union and Australia on the processing and transfer of European Union-sourced passenger name record (PNR) data by air carriers to the Australian customs service
OJ L 213, 8.8.2008, p. 49–57 (BG, ES, CS, DA, DE, ET, EL, EN, FR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
|Bilingual display: BG CS DA DE EL EN ES ET FI FR HU IT LT LV MT NL PL PT RO SK SL SV|
between the European Union and Australia on the processing and transfer of European Union-sourced passenger name record (PNR) data by air carriers to the Australian customs service
THE EUROPEAN UNION
of the one part, and
of the other part,
DESIRING effectively to prevent and combat terrorism and related crimes and other serious crimes, including organised crime, that are transnational in nature as a means of protecting their respective democratic societies and common values,
RECOGNISING that information sharing is an essential component of the fight against terrorism and related crimes and other serious crimes, including organised crime, that are transnational in nature, and that in this context, the use of passenger name record (PNR) data is an important tool,
RECOGNISING that, in order to safeguard public security and for law enforcement purposes, rules should be laid down to govern the transfer of European Union-sourced PNR data by air carriers to the Australian Customs Service,
RECOGNISING the importance of preventing and combating terrorism and related crimes and other serious crimes, including organised crime, that are transnational in nature, while respecting fundamental rights and freedoms, in particular privacy and data protection,
RECOGNISING that European Union and Australian data-protection law, policy and principles share a common basis and that any differences in the implementation of these principles should not present an obstacle to cooperation between the European Union and Australia pursuant to this Agreement,
HAVING REGARD to Article 17 of the International Covenant on Civil and Political Rights on the right to privacy,
HAVING REGARD to Article 6(2) of the Treaty on European Union on respect for fundamental rights, and in particular to the fundamental rights to privacy and the protection of personal data,
HAVING REGARD to the relevant provisions of the Customs Act 1901 of the Commonwealth (Cth), and in particular section 64AF thereof whereby, if requested, all international passenger air service operators, flying to, from or through Australia, are required to provide the Australian Customs Service with PNR data, to the extent that they are collected and contained in the air carrier’s reservations and departure control systems, in a particular manner and form; and to the Customs Administration Act 1985 (Cth), the Migration Act 1958 (Cth), the Crimes Act 1914 (Cth), the Privacy Act 1988 (Cth) and the Freedom of Information Act 1982 (Cth),
NOTING the European Union’s commitment to ensuring that air carriers with reservations systems, departure control systems and/or PNR data processed within the EU are not prevented from complying with Australian law regarding the transfer of European Union-sourced PNR data to the Australian Customs Service pursuant to this Agreement,
AFFIRMING that this Agreement does not constitute a precedent for any future discussions or negotiations between the European Union and Australia, or between either of the parties and any State regarding the processing and transfer of European Union-sourced PNR data or any other form of data,
SEEKING to enhance and encourage cooperation between the parties in the spirit of EU-Australian partnership,
HAVE AGREED AS FOLLOWS:
For the purposes of this Agreement:
(a) "Parties" shall mean the European Union (EU) and Australia;
(b) "Agreement" shall mean this Agreement and its Annex, including amendments thereof as from time to time agreed by the Parties. This Agreement shall be referred to as the EU-Australia PNR Agreement;
(c) "air carriers" shall mean air carriers that have reservation systems and/or PNR data processed in the territory of the Member States of the EU and operate passenger flights in international air transportation to, from or through Australia;
(d) "Customs" shall mean the Australian Customs Service;
(e) "passenger name record data" (PNR data) shall mean the record of each passenger’s travel requirements which contains all information necessary for the processing of reservations and their control by the booking and participating airlines as contained in air carriers’ reservation systems;
(f) "the Australian PNR system" shall mean the PNR system to be used by Customs after the expiry of the transition period referred to in Article 4(1) to process EU-sourced PNR data transferred by air carriers to Customs under the Agreement as specified in paragraph 11 of the Annex;
(g) "reservation system" shall mean an air carrier’s reservations and departure control systems;
(h) "processing" shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;
(i) "EU-sourced PNR data" shall mean PNR data transferred to Customs pursuant to this Agreement;
(j) "serious crime" shall mean conduct constituting an offence punishable by a maximum deprivation of liberty of at least four years or a more serious penalty.
1. Australia shall ensure that Customs processes EU-sourced PNR data in accordance with this Agreement.
2. The EU shall ensure that air carriers are not prevented from complying with Australian law regarding the transfer of EU-sourced PNR data to Customs pursuant to this Agreement.
Compliance with this Agreement by Customs shall, within the meaning of relevant EU data-protection law, constitute an adequate level of protection for EU-sourced PNR data transferred to Customs for the purpose of this Agreement.
Method of access
1. Customs shall make the transition to the Australian PNR system, as defined in Article 1(f), for EU-sourced PNR data, within two years of the date of the signing of this Agreement. During that transitional period, references in this Agreement to the transfer of PNR data shall be deemed to include access to PNR data by Customs in accordance with the existing system described in paragraph 2.
2. During the transitional period Customs shall use its existing PNR system, which does not store PNR data other than in circumstances related to on-arrival examination at airports or where an offence has been committed. The existing system permits real-time, online electronic access to the data fields specified in paragraph 9 of the Annex, as contained in air carriers’ reservation systems.
Purpose limitation for EU-sourced PNR data
1. Customs shall process EU-sourced PNR data and other personal information derived therefrom strictly for the purpose of preventing and combating:
(i) terrorism and related crimes;
(ii) serious crimes, including organised crime, that are transnational in nature;
(iii) flight from warrants or custody for crimes described above.
2. EU-sourced PNR data may also be processed on a case-by-case basis where necessary for the protection of the vital interests of the data subject or other persons, in particular as regards the risk of death or serious injury to the data subjects or others, or a significant public health risk, in particular as required by internationally recognised standards, such as the World Health Organisation’s International Health Regulations (2005).
3. In addition, EU-sourced PNR data may also be processed on a case-by-case basis where such processing is specifically required by court order or Australian law for the purpose of supervision and accountability of public administration, including requirements under the Freedom of Information Act 1982 (Cth), Human Rights and Equal Opportunity Commission Act 1986 (Cth), the Privacy Act 1988 (Cth), the Auditor-General Act 1997 (Cth) or Ombudsman Act 1976 (Cth). If future amendments to Australian law, as communicated by Australia under Article 6, expand the scope of EU-sourced PNR data that must be processed in accordance with Article 5(3), the EU may invoke the provisions of Articles 10 and 13.
Information on legislation concerning the Agreement
Customs shall advise the EU regarding the passage of any Australian legislation which directly relates to the protection of EU-sourced PNR data as set out in this Agreement.
Protection of personal data of individuals
1. Australia shall provide a system, accessible by individuals regardless of their nationality or country of residence, for seeking access to, and correction of, their own personal information. The protections afforded to EU-sourced PNR data stored by Australian Government agencies under the Privacy Act 1988 (Cth) shall apply regardless of the nationality or country of residence of the individual.
2. Customs shall process EU-sourced PNR data received and treat individuals concerned by such processing strictly in accordance with the data-protection standards set out in this Agreement and applicable Australian laws, without discrimination, in particular on the basis of nationality or country of residence.
Notification to individuals and public
Customs shall make publicly available, including to members of the travelling public, information regarding the processing of PNR data, including general information regarding the authority under which the data will be collected, the purpose of the data’s collection, the protection that will be afforded to the data, the manner and extent to which the data may be disclosed, the procedures available for redress and contact information for persons with questions or concerns.
Joint review of implementation
Australia and the EU shall periodically undertake a joint review of the implementation of this Agreement, including the data-protection and data-security guarantees, with a view to mutually assuring the effective implementation of the Agreement. In the review, the EU shall be represented by the European Commission’s Directorate-General for Justice, Freedom and Security, including representatives of data-protection and law-enforcement authorities, and Australia shall be represented by such senior Australian Government official or officeholder as may be appropriate, or by such official as each may mutually determine to designate. The EU and Australia will mutually determine the detailed modalities of the reviews.
Any dispute arising between the Parties under this Agreement with respect to its interpretation, application or implementation shall be settled by consultation or negotiation between the Parties; it shall not be referred to any third party or tribunal for resolution.
Amendments and review of the agreement
1. The Parties may agree, in writing, to amend this Agreement. An amendment shall enter into force only after the Parties have completed any necessary internal requirements and thereafter on such date as the Parties may agree.
2. The Parties may undertake a review of the terms of the Agreement four years after its signing. Notwithstanding that period, if a PNR system is implemented in the European Union, this Agreement shall be reviewed if and when such a review would facilitate the functioning of the European Union’s PNR system or the implementation of this Agreement.
3. Australia shall use its best endeavours to facilitate the functioning of the European Union’s PNR system in the event of review.
Suspension of data flows
1. The competent authorities in EU Member States may exercise their existing powers to suspend data flows to Customs in order to protect individuals with regard to the processing of their personal data where there is a substantial likelihood that the standards of protection set out in this Agreement are being infringed, there are reasonable grounds for believing that Customs is not taking or will not take adequate and timely steps to settle the case at issue and the continuing transfer would create an imminent risk of grave harm to data subjects.
2. The competent authorities in EU Member States shall make reasonable efforts in the circumstances to provide Customs with notice and an opportunity to respond, as follows: any suspension shall be preceded by notification which allows a sufficient period of time during which time Customs and the relevant competent authorities in the EU Member States shall endeavour to achieve resolution; the EU shall notify Australia of any such resolution. Any decision to invoke powers under this Article shall be communicated to Australia by the EU.
3. Any suspension shall cease as soon as the standards of protection are assured to the satisfaction of Australia and of the relevant competent authorities in the EU Member States and Australia notifies the EU accordingly.
Termination of the agreement
1. Either party may terminate this Agreement at any time by notification through diplomatic channels. Termination shall take effect ninety (90) days from the date of the other party being notified thereof.
2. Notwithstanding the termination of this Agreement, all EU-sourced PNR data held by competent Australian authorities pursuant to this Agreement shall continue to be processed in accordance with the data protection standards laid down herein.
3. This Agreement and any obligations thereunder, other than the obligation under Article 13(2), shall expire and cease to have effect seven years after the date of signing, unless the parties mutually agree to replace this Agreement.
Non-derogation from laws
This Agreement shall not derogate from the laws of Australia or of the EU or its Member States. This Agreement shall not create or confer any right or benefit on any other person or entity, private or public, or any remedy other than as expressly stated in this Agreement.
Entry into force; provisional application; languages
1. This Agreement shall enter into force on the first day of the month after the date on which the Parties have exchanged notifications indicating that they have completed their internal procedures for this purpose.
2. This Agreement shall apply provisionally as of the date of signature.
3. Done at Brussels this thirtieth day of June 2008, in two originals, in the English language. The Agreement shall also be drawn up in the Bulgarian, Czech, Danish, Dutch, Estonian, Finnish, French, German, Greek, Hungarian, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovak, Slovenian, Spanish and Swedish languages, and the Parties shall approve those language versions by an exchange of diplomatic notes. Once approved, the versions in those languages shall be equally authentic.
FOR THE EUROPEAN UNION
+++++ TIFF +++++
+++++ TIFF +++++
Australian processing of EU-sourced passenger name record (PNR) data
1. Customs shall require EU-sourced PNR data only for those passengers travelling to, from or through Australia. That includes passengers who transit through Australia with or without visas. EU-sourced PNR data accessed by Customs includes all PNR data where the travel itinerary of the passenger or the normal routing for particular flights indicates an Australian destination or stopover.
Disclosure of EU-sourced PNR data
Disclosure within the Australian Government
2. Customs shall only disclose EU-sourced PNR data for the purpose stated in Article 5(1) of the Agreement within Australia to the Australian Government departments and agencies listed in the Schedule to this Annex, the functions of which are directly related to Article 5 of this Agreement.
3. The Schedule may be amended, by exchange of diplomatic notes between the Parties, to include:
(i) any successor departments or agencies of those already listed in the Schedule; and
(ii) any new departments and agencies established after the commencement of this Agreement;
the functions of which are directly related to Article 5(1) of this Agreement.
4. EU-sourced PNR data shall be disclosed to authorities listed in the Schedule only where necessary in response to specific written requests and on a case-by-case basis. In accordance with paragraphs 7 and 8, Customs shall release EU-sourced PNR information only after assessing the relevance of the specific request within the purposes of this Agreement. Customs shall maintain a log of such disclosures.
5. Customs shall not disclose in bulk any EU-sourced PNR data to authorities listed in the Schedule, other than EU-sourced PNR data which has been anonymised in such a way that a data subject is no longer identifiable. Such anonymised data shall be processed by the authorities listed in the Schedule only for the purpose of establishing statistics, in-depth and trend analysis, longitudinal studies and profile building related to the purpose stated in Article 5(1) of this Agreement. In any case, Customs shall not disclose in bulk any of the following EU-sourced PNR data to authorities listed in the Schedule:
(vi) other names on PNR, including number of travellers on PNR;
(vii) all available contact information (including originator information);
(xvii) general remarks including other supplementary information (OSI), special service information (SSI) and special service request (SSR) information, to the extent that it contains any information capable of identifying a natural person; and
(xviii) any collected advance passenger processing (APP) or advance passenger information (API) data.
Disclosure to third country governments
6. Customs shall disclose EU-sourced PNR data only to specific third country government authorities the functions of which are directly related to the purpose stated in Article 5(1) of the Agreement. Any such disclosure must be on a case-by-case basis and when necessary for the purpose of preventing or combating the offences listed in Article 5(1) of the Agreement. Customs shall maintain a log of such disclosures.
Disclosure — the Customs Administration Act 1985 (Cth)
7. Any disclosure under paragraphs 2 to 6 shall also be in accordance with section 16 of the Customs Administration Act 1985 (Cth) and the Privacy Act 1988 (Cth) which, taken together, provide that a person, body or agency to whom personal information is disclosed, shall not use or disclose the information for any purpose other than the purpose for which the information was given to the person, body or agency.
8. In disclosing EU-sourced PNR data to Australian Government authorities or third country government authorities pursuant to section 16 of the Customs Administration Act 1985 (Cth), Customs shall as a condition of disclosure, stipulate to the recipient:
(i) that the EU-sourced PNR data must not be further disclosed without the permission of Customs, which permission shall not be granted by Customs except for the purpose stated in Article 5(1) of the Agreement or in the case of the Australian Government authorities pursuant to Article 5(2) or (3) of the Agreement;
(ii) that the recipient must treat such EU-sourced PNR data as law-enforcement sensitive, confidential personal information of the data subject;
(iii) other than in emergency circumstances where the life or physical safety of a data subject or of others is under threat, that the recipient must apply to the EU-sourced PNR data data-protection standards equivalent to the data-protection standards set out in the Agreement, including those relating to the data-retention period.
Types of information collected
9. Types of EU-sourced PNR data collected:
(i) PNR locator code;
(ii) date of reservation/issue of ticket;
(iii) date(s) of intended travel;
(v) available frequent flier and benefit information (i.e. free tickets, upgrades, etc.);
(vi) other names on PNR, including number of travellers on PNR;
(vii) all available contact information (including originator information);
(viii) all available payment/billing information (not including other transaction details linked to a credit card or account and not connected to the travel transaction);
(ix) travel itinerary for specific PNR;
(x) travel agency/travel agent;
(xi) code share information;
(xii) split/divided information;
(xiii) travel status of passenger (including confirmations and check-in status);
(xiv) ticketing information, including ticket number, one way tickets and automated ticket fare quote;
(xv) all baggage information;
(xvi) seat information, including seat number;
(xvii) general remarks including other supplementary information (OSI), special service information (SSI) and special service request (SSR) information;
(xviii) any collected advance passenger processing (APP) or advance passenger information (API) data;
(xix) all historical changes to the PNR data listed in numbers (i) to (xviii).
10. PNR data will at times contain certain sensitive data, namely data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and data concerning health or sex life ("sensitive EU-sourced data"). Customs shall filter out all such sensitive EU-sourced data and shall delete all such data without any further processing.
Transfer of EU-sourced PNR data
11. Customs shall work with individual air carriers to ensure that EU-sourced PNR data transfer requirements are judicious and proportionate, consistent with the need to ensure the timeliness, accuracy and completeness of the EU-sourced PNR data.
Under normal circumstances, Customs shall require an initial transmission of EU-sourced PNR data at 72 hours before scheduled departure and shall require a maximum of only five routine transmissions of EU-sourced PNR data in respect of any particular flight. Irrespective of the 72-hour time-frame, Customs may in addition require ad hoc pushes where necessary to assist in responding to specific threats to a flight, set of flights, route or other circumstances associated with the purpose defined in Article 5(1) of this Agreement. In exercising this discretion, Customs will act judiciously and proportionately.
12. Customs shall retain EU-sourced PNR data for no more than three-and-a-half years after the date of receipt of the PNR data by Customs, after which time the data may be archived for two further years. Archived PNR data may be accessed only on a case-by-case basis for investigative purposes.
13. Notwithstanding paragraph 12, no EU-sourced PNR data anonymised by Customs need be archived, but in any event shall not be retained by Customs or other agencies for more than five-and-a-half years after the date of receipt of the PNR data by Customs.
14. Customs must delete EU-sourced PNR data at the end of that period, except as provided for in paragraph 15.
15. Data that relates to ongoing judicial proceedings or a criminal investigation may be retained until the proceedings or investigations are concluded. The issue of data retention will be considered as part of the review conducted under Article 11 of this Agreement.
Access and redress
16. The Privacy Act 1988 (Cth) (Privacy Act) governs the collection, use, storage and disclosure, security and access and alteration of personal information held by most Australian Government departments and agencies. Customs is subject to the Privacy Act and is required to handle EU-sourced PNR data in accordance with the Privacy Act.
Disclosure of PNR data and information
17. PNR data furnished by or on behalf of an individual must be disclosed to the individual in accordance with the Privacy Act and the Freedom of Information Act 1982 (Cth) (FOI Act) upon request. Customs must not disclose PNR data to the public, except to the data subjects or their agents in accordance with Australian law. Requests for access to personal information contained in PNR data that was provided by the requestor may be submitted to Customs.
Data protection measures — Privacy Act 1988 (Cth)
18. Any personal information retained by Customs that is "personal information" within the meaning of, and for the purposes of, the Privacy Act must meet the requirements of the Privacy Act regarding the protection of such information. Customs must handle PNR information in accordance with the Privacy Act, in particular as regards the collection, use, storage, security, access and alteration and disclosure of any such data.
19. Complaints by individuals concerning Customs handling of its PNR data may be made directly to Customs and then pursuant to the Privacy Act to the Privacy Commissioner.
Data protection measures — Privacy audits
20. Australia’s independent Privacy Commissioner can investigate compliance by agencies with the Privacy Act, and monitor and investigate the extent to which Customs complies with the Privacy Act.
21. Under the Privacy Act, Customs has put arrangements in place for the Office of the Privacy Commissioner to undertake regular formal audits of all aspects of Customs EU-sourced PNR data use, handling and access policies and procedures. In addition, Customs has its own internal audit program directed at ensuring the highest levels of protection for passenger information and EU-sourced PNR data.
Data protection measures — Freedom of Information Act 1982 (Cth)
22. Customs is subject to the FOI Act which requires Customs to release documents to any person who requests them, subject to the exceptions and exemptions in the FOI Act. The FOI Act requires decisions on exemptions to be made on a case-by-case basis. There are a range of exemptions in the FOI Act to protect sensitive information from disclosure, including exemptions for documents affecting national security, defence, international relations, law enforcement, protection of public safety and personal privacy. Customs shall inform the EU of any decision regarding the public disclosure of EU-sourced PNR data under the FOI Act within one month of the decision having been taken.
23. Requests for the rectification of PNR data held in the Customs database may be made directly to Customs pursuant to the FOI Act or the Privacy Act.
Other protection measures — Ombudsman Act 1976 (Cth)
24. Air passengers have the right to complain to the Commonwealth Ombudsman regarding their treatment by Customs during border processing on the basis of the Ombudsman Act 1976 (Cth).
Customs PNR data security measures
25. Customs shall continue to have the following data-security measures in place:
(i) access to PNR data shall be restricted to a limited number of officers within Customs who are specifically authorised by the Chief Executive Officer of Customs under the Customs Act 1901 (Cth) for the purposes of processing PNR data; and
(ii) a comprehensive physical and electronic security system for PNR data shall be in place — namely a computer system and network that:
(a) isolates PNR data from the general Customs environment and is separate to all other Customs IT systems and networks;
(b) is located in a secure, limited access area of Customs in Australia; and
(c) requires a secure, layered level of logins to access PNR data.
26. Administrative, civil, and criminal enforcement measures, including the right of every data subject to have access to administrative or judicial remedy, are available under Australian law for violations of Australian privacy laws and rules, and unauthorised disclosure of information. For example, the Crimes Act 1914 (Cth), the Public Service Act 1999 (Cth), the Customs Administration Act 1985 (Cth), the Australian Federal Police Act 1979 (Cth) and internal disciplinary codes of the agencies specified in the attached Schedule, provide penalties in the case of violations up to and including imprisonment.
27. In order to foster police and judicial cooperation, Customs shall encourage the transfer of analytical information flowing from PNR data by competent Australian Government authorities to the police and judicial authorities in the EU Member States concerned and, where appropriate, to Europol and Eurojust subject to Australian Government assessment of the adequacy of data-protection measures available within EU jurisdictions.
Schedule to the Annex
The following are listed, in alphabetical order, for the purposes of paragraph 2 of this Annex:
1. Australian Crime Commission;
2. Australian Federal Police;
3. Australian Security Intelligence Organisation;
4. Commonwealth Director of Public Prosecutions; and
5. Department of Immigration and Citizenship.