52008IP0512

Language
- My EUR-Lex
- Sign in
- Register
- My recent searches (0)

This document is an excerpt from the EUR-Lex website

Search tips

Need more search options? Use the Advanced search

EUROPA
EUR-Lex home
EUR-Lex - 52008IP0512 - EN

Document 52008IP0512

Help

Evaluation of the Australia-EU PNR agreementEuropean Parliament recommendation of 22 October 2008 to the Council concerning the conclusion of the Agreement between the European Union and Australia on the processing and transfer of European Union-sourced passenger name record (PNR) data by air carriers to the Australian customs service (2008/2187(INI)

OJ C 15E, 21.1.2010, p. 46–50 (BG, ES, CS, DA, DE, ET, EL, EN, FR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

Date of document:: 22/10/2008; Date of vote
Date of vote:: 22/10/2008

Author:: European Parliament, Committee on Civil Liberties, Justice and Home Affairs
Rapporteur:: IN 'T VELD Sophia
Form:: Own-initiative resolution
Parliamentary term:: Sixth legislature
Additional information:: INI 2008/2187

Procedure number:

2008/2187/INI

Link

Select all documents based on this document

Link

Select all documents mentioning this document

Instruments cited:

Link

EUROVOC descriptor:

Subject matter:

HTML

PDF

Official Journal

21.1.2010

Official Journal of the European Union

CE 15/46

Wednesday 22 October 2008
Evaluation of the Australia-EU PNR agreement

P6_TA(2008)0512

European Parliament recommendation of 22 October 2008 to the Council concerning the conclusion of the Agreement between the European Union and Australia on the processing and transfer of European Union-sourced passenger name record (PNR) data by air carriers to the Australian customs service (2008/2187(INI))

2010/C 15 E/09

The European Parliament,

having regard to the proposal for a recommendation to the Council by Sophia in 't Veld on behalf of the ALDE Group on the Agreement between the European Union and Australia on the processing and transfer of European Union-sourced passenger name record (PNR) data by air carriers to the Australian customs service (B6-0383/2008),

having regard to Articles 2, 6, 24, 29 and 38 of the Treaty on European Union (TEU) which are the legal foundation for a European area of freedom, security and justice and for international negotiations with third countries and organisations as far as police and judicial cooperation in criminal matters are concerned,

having regard to Council Decision 2008/651/CFSP/JHA of 30 June 2008 on the signing, on behalf of the European Union, of an Agreement between the European Union and Australia on the processing and transfer of European Union-sourced passenger name record (PNR) data by air carriers to the Australian Customs Service (1) and to the Agreement itself,

having regard to the fact that according to TEU Article 24(5), that Agreement is currently binding on a provisional basis only on those Member States which did not issue statements to the effect that they had to comply with their own constitutional procedure, as did Belgium, the Czech Republic, Germany, Ireland, Latvia, Hungary, Malta, the Netherlands, Poland and Finland (2),

having regard to the fact that, in view of the legal base chosen for the abovementioned Council Decision, namely TEU Articles 38 and 24 (the latter of which refers to external relations), TEU Article 21 would require the Presidency to consult Parliament on the main aspects and the basic choices of the common foreign and security policy,

having regard to its previous resolutions and recommendations on the PNR issue (3),

having regard to Article 8(2) of the European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) and Article 3(2) and Article 6(1) of Council Directive 2004/82/EC of 29 April 2004 on the obligation of carriers to communicate passenger data (4),

having regard to the basic principles of loyal cooperation between the institutions, which imply that Parliament will be fully informed and consulted and to the fact that Parliament was not even informed of the pending negotiations by the Commission and/or the Council, contrary to what happened in the case of other PNR- related Agreements and even during the first round of negotiations with Australia in 2003/2004 (5),

having regard to the fact that notwithstanding the unwillingness of the other institutions, Parliament should take a position on a matter which affects the fundamental rights of citizens and which is also currently under discussion as a possible subject for EU legislation,

having regard to Rule 114(3) and Rules 83(5) and 94 of its Rules of Procedure,

having regard to the report of the Committee on Civil Liberties, Justice and Home Affairs (A6-0403/2008),

Addresses the following recommendations and observations to the Council:

Procedural aspects

(a)

considers that the procedure followed for the conclusion of the Agreement lacks democratic legitimacy, as at no stage there was any meaningful democratic scrutiny or Parliamentary approval; notes that the Council routinely chooses this procedure for the conclusion of international agreements that affect the fundamental rights of European Union citizens;

(b)

notes that despite its repeated requests, Parliament has at no point been informed or consulted on the adoption of the mandate, conduct of the negotiations or the conclusion of the Agreement; and accordingly considers that the procedure followed by the Council does not comply with the principles of loyal cooperation;

(c)

notes that national parliamentary approval is required in only ten out of the 27 EU Member States, without there being any possibility of proposing any modifications; considers this procedure to be totally inadequate; and notes that future modifications of the terms of the Agreement will be made without national parliamentary approval;

(d)

remains in doubt as to the legal basis chosen by the Council for an international agreement which is focused purely on the internal security needs of a third State and which has no added value as far as the security of the EU, of its Member States or of EU citizens is concerned; therefore reserves its right to intervene before the Court of Justice of the European Communities in the event of the legitimacy of the Agreement being called into question by a third party;

(e)	calls on the Council and the Commission to fully involve Parliament and national parliaments in the adoption of a mandate for negotiations and the conclusion of any future agreements on the transfer of personal data, particularly the current talks with South Korea on the transfer of PNR data;

Scope and purpose

(f)

notes that throughout the text of the Agreement a wide range of purposes is mentioned, and different terms are used side by side:

—	the fight against ‘terrorism and related crimes and other serious crimes, including organised crime, that are transnational in nature’ (introduction),

—	‘strictly for the purpose of preventing and combating’ terrorism and related crimes (Article 5(1)(i)) and other serious crimes, including organised crime, that are transnational in nature (Article 5(1)(ii)),

—	flight from warrants or custody for the crimes described above (Article 5(1)(iii)),

—	to safeguard public security and law enforcement (introduction),

—	customs, immigration and crime (references to respective Acts in introduction),

—	‘on a case by case basis’ where necessary for the protection of the vital interest of the data subject or other persons, in particular as regards the risk of death or serious injury to the data subject or others (Article 5(2)),

—	a significant public health risk (Article 5(2)),

—	supervision and accountability of public administration, including requirements under the Freedom of Information Act, the Human Rights and Equal Opportunities Commission Act, the Privacy Act, the Auditor General Act, or the Ombudsman Act (Article 5(3));

(g)

considers therefore that the purpose limitation is totally inadequate, making it impossible to establish whether the measures are justified and proportional; and that as a result, the Agreement may not conform to EU and international data protection standards, or comply with Article 8 of the ECHR, which requires a precise purpose limitation; considers that this might leave the Agreement open to legal challenge;

Data protection

(h)

welcomes the fact that the Australian Privacy Act will apply unabridged to EU citizens, but is concerned about any exceptions and exemptions that may leave EU citizens with incomplete legal protection; believes that the Agreement should be fully compliant not only with Australian data protection laws, but also and primarily with EU laws; insists that mere compliance with the Agreement cannot replace a formal adequacy finding, and that it is not sufficient that European Union and Australian data protection laws, policies and principles share a common base;

(i)	welcomes the decision to disclose data in bulk only when anonymised;

(j)

notes, with regard to the rights of the data subjects, that the Agreement provides that Australia shall provide a system, accessible by individuals regardless of their nationality or country of residence, for individuals to exercise their rights; with a view to informing passengers, the willingness of the Australian Customs Service to inform the public regarding the processing of PNR data should be welcome;

(k)

remarks that, unlike the Agreement between the European Union and the United States of America on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the United States Department of Homeland Security (DHS) (2007 PNR Agreement) (6), in the event of a dispute arising between the parties to the Australian Agreement there is provision for a conflict resolution mechanism, and the EU data protection authorities may exercise their existing powers to suspend data flows to protect individuals with regard to the processing of their personal data where there is a substantial likelihood that the provisions of the Agreement are being infringed;

(l)	welcomes the participation of the data protection authorities in the joint review, but regrets that no firm deadline has been set for such a review; calls on the Commission and the Council to request a review before June 2010, and to present the findings of that review to Parliament;

(m)	welcomes, in relation to onward transfers, the fact that there are limited possibilities for onward transfers, in particular since onward transfers take place only on a case-by-case basis and the Australian Customs Service maintains a log of all disclosures;

(n)

notes that according to Article 2(2) no data will be stored, but that a retention period of 5,5 years is mentioned in the Annex, point 12; though shorter than in the agreements with the US, Parliament considers that the proportionality of a retention period of 5,5 years cannot be established, as the purposes for which passenger data are being stored are insufficiently specified;

(o)

remarks, with regard to sensitive data, that the Australian Customs Service have specifically stated they do not want or need sensitive data, which begs the question of why other jurisdictions such as Canada and US need them and gives greater assurance that the Australian Customs Service will actually filter out and delete any sensitive data which they may receive; however, the fact that the responsibility of the data controller for filtering sensitive EU-sourced data is given to the recipient of the data, i.e. the Australian Customs Service, is consistent with accepted data protection standards, such as those of Convention 108 of 28 January 1981 of the Council of Europe (7) and Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and the free movement of such data (8);

(p)	insists that an exchange of diplomatic notes is an unacceptable method for amending the list of departments and agencies that may have access to PNR data;

(q)

deplores the fact that, taking into account the categories of data transferred to the Australian Customs Service, the data requested are the same categories of data as in the above mentioned 2007 US Agreement (the 34 data fields were grouped in 19 categories of data, giving the impression that the amount of transferable data had been markedly reduced, which was actually not the case); such a wide collection of data is not justified and must be considered disproportionate;

2.	Invites the Member States and the national parliaments which are currently examining this Agreement and/or the one with the US (Belgium, the Czech Republic, Spain, Hungary, the Netherlands and Poland) to take in account the observations/recommendations raised above;

3.	Reminds the Council that in the event of the entry into force of the Treaty of Lisbon, Parliament should be associated on a fair basis with the review of all the PNR agreements;

* *

4.	Instructs its President to forward this recommendation to the Council and, for information, to the Commission and to the governments and parliaments of the Member States and to the government and parliament of Australia.

(1) OJ L 213, 8.8.2008, p. 47.

(2) Some of the Member States adopted specific declarations published in the Council Minutes and accessible at the following address: http://register.consilium.europa.eu/pdf/en/08/st10/st10439.en08.pdf

(3) Parliament resolutions of 13 March 2003 on transfer of personal data by airlines in the case of transatlantic flights (OJ C 61 E, 10.3.2004, p. 381), of 9 October 2003 on transfer of personal data by airlines in the case of transatlantic flights: state of negotiations with the USA (OJ C 81 E, 31.3.2004, p. 105) and of 31 March 2004 on the draft Commission decision noting the adequate level of protection provided for personal data contained in the Passenger Name Records (PNRs) transferred to the US Bureau of Customs and Border Protection (OJ C 103 E, 29.4.2004, p. 665), recommendation of 7 September 2006 to the Council on the negotiations for an agreement with the United States of America on the use of passenger name records (PNR) data to prevent and combat terrorism and transnational crime, including organised crime (OJ C 305 E, 14.12.2006, p. 250) and position of 7 July 2005 on the proposal for a Council decision on the conclusion of an Agreement between the European Community and the Government of Canada on the processing of Advance Passenger Information (API)/Passenger Name Record (PNR) data (OJ C 157 E, 6.7.2006, p. 464).

(4) OJ L 261, 6.8.2004, p. 24.

(5) The Committee on Civil Liberties, Justice and Home Affairs took note of these negotiations also on the basis of the Article 29 Data Protection Working Party's opinion on this subject. See: http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2004/wp85_en.pdf

(6) OJ L 204, 4.8.2007, p. 18.

(7) Council of Europe Convention of 28 January 1981 for the protection of individuals with regard to automatic processing of personal data and subsequent amendments thereto.

(8) OJ L 281, 23.11.1995, p. 31.

Top

All