22.6.2011   

EN

Official Journal of the European Union

C 181/24


Opinion of the European Data Protection Supervisor on the Proposal for a Directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime

2011/C 181/02

THE EUROPEAN DATA PROTECTION SUPERVISOR,

Having regard to the Treaty on the Functioning of the European Union, and in particular its Article 16,

Having regard to the Charter of Fundamental Rights of the European Union, and in particular its Articles 7 and 8,

Having regard to Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1),

Having regard to the request for an opinion in accordance with Article 28(2) of Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (2),

HAS ADOPTED THE FOLLOWING OPINION:

I.   INTRODUCTION

I.1.   Consultation of the EDPS

1.

On 2 February 2011, the Commission has adopted a Proposal for a Directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime (hereafter ‘the Proposal’) (3). The Proposal was sent to the EDPS for consultation on the same day.

2.

The EDPS welcomes the fact that he was consulted by the Commission. Already before the adoption of the Proposal, the EDPS was given the possibility to give informal comments. Some of these comments have been taken into account in the Proposal, and the EDPS notes that globally speaking data protections safeguards in the Proposal have been strengthened. Remaining concerns are however still present on a number of issues, especially in relation to the scale and purposes of the collection of personal data.

I.2.   The proposal in its context

3.

Discussions on a possible PNR scheme within the EU have been developing since 2007, when the Commission adopted a Proposal for a Council Framework Decision on this issue (4). The main purpose of an EU PNR scheme is the establishment of a system obliging air carriers operating international flights between the EU and third countries to transmit PNR data of all passengers to competent authorities, for the purpose of preventing, detecting, investigating and prosecuting terrorist offences and serious crimes. Data would be centralised and analysed by Passenger Information Units and the result of the analysis would be transmitted to competent national authorities in each Member State.

4.

Since 2007, the EDPS has been following closely the developments related to a possible EU PNR scheme, in parallel with developments regarding PNR schemes of third countries. On 20 December 2007, the EDPS adopted an opinion on this Commission proposal (5). At many further occasions, consistent remarks have been made, not only by the EDPS but also by the Article 29 Working Party (6), on the issue of compliance of the processing of PNR data for law enforcement purposes with the necessity and proportionality principles as well as other essential data protection safeguards.

5.

The main issue consistently raised by the EDPS focuses on the justification of the necessity of a European PNR scheme on top of a number of other instruments allowing for the processing of personal data for law enforcement purposes.

6.

The EDPS acknowledges the visible improvements in terms of data protection in the present Proposal, compared to the version on which he has previously advised. These improvements relate in particular to the scope of application of the Proposal, the definition of the role of different stakeholders (Passenger Information Units), the exclusion of the processing of sensitive data, the move towards a ‘push’ system without a transition period (7), and the limitation of data retention.

7.

The EDPS also welcomes the additional developments in the impact assessment on the reasons for an EU-PNR scheme. However, while there is a clear will to clarify the necessity of the scheme, the EDPS still fails to find in these new justifications a convincing basis to develop the system, especially with regard to large scale ‘prior assessment’ of all passengers. The necessity and proportionality will be analysed below in chapter II. Chapter III will concentrate on more specific aspects of the proposal.

II.   NECESSITY AND PROPORTIONALITY OF THE PROPOSAL

II.1.   Preliminary comments on necessity and proportionality

8.

The demonstration of the necessity and the proportionality of the data processing is an absolute prerequisite for the development of the PNR scheme. The EDPS has already insisted on previous occasions, notably in the context of the possible review of Directive 2006/24/EC (the ‘Data Retention Directive’), on the fact that the need to process or store massive amounts of information should rely on a clear demonstration of the relationship between use and result, and should allow the assessment sine qua non of whether comparable results could have been achieved with alternative, less privacy intrusive means (8).

9.

With a view to justify the scheme, the Proposal, and especially its Impact Assessment, include extensive documentation and legal arguments to establish both that the scheme is needed and that it complies with data protection requirements. It goes even further in stating that it brings added value in terms of harmonisation of data protection standards.

10.

After analysing these elements, the EDPS considers that the Proposal with its current content does not meet the requirements of necessity and proportionality, imposed by Article 8 of the Charter of Fundamental Rights of the Union, Article 8 of the ECHR and Article 16 of the TFEU. The reasoning behind this consideration is developed in the next paragraphs.

II.2.   Documents and statistics provided by the Commission

11.

The EDPS notes that the Impact Assessment includes extensive explanations and statistics to justify the Proposal. These elements are however not convincing. As an illustration, the description of the threat of terrorism and serious crime in the impact assessment and in the explanatory memorandum of the Proposal (9) cites the number of 14 000 criminal offences per 100 000 population in the Member States in 2007. While this number may be impressive, it relates to undifferentiated types of crimes and cannot be of any support to justify a Proposal aiming and combating only a limited type of serious, transnational crimes and terrorism. As another example, citing a report on drug ‘problems’ without linking the statistics to the type of drug trafficking concerned by the proposal does not constitute in the view of the EDPS a valid reference. The same goes for indications of consequences of crimes, quoting the ‘value of property stolen’ and the psychological and physical impact on the victims, which are not data directly related to the purpose of the Proposal.

12.

As a last example, the Impact Assessment indicates that Belgium has ‘reported that 95 % of all drugs seizures in 2009 were exclusively or predominantly due to the processing of PNR data’. It should be stressed however that Belgium does not have (yet) a systematic PNR scheme implemented, comparable to the one foreseen in the Proposal. This could mean that PNR data may be useful in targeted cases, which the EDPS does not contest. It is rather the wide collection with a purpose of systematic assessment of all passengers which raises serious data protection issues.

13.

The EDPS considers that there is not enough relevant and accurate background documentation which demonstrates the necessity of the instrument.

II.3.   Conditions for limiting a fundamental right

14.

While the document notes the interference of the data processing measures with the Charter, the ECHR and Article 16 of the TFEU, it refers directly to the possible limitations to these rights and is satisfied with the conclusion that ‘as the proposed actions would be for the purpose of combating terrorism and other serious crimes, contained in a legislative act, they would clearly comply with such requirements provided they are necessary in a democratic society and comply with the principle of proportionality’ (10). However, a clear demonstration of the fact that the measures are essential and that there are no less intrusive alternatives is missing.

15.

In that sense, the fact that additional purposes such as immigration enforcement, ‘no-flight list’ and health safety have been envisaged and finally not included because of proportionality considerations does not mean that ‘limiting’ the processing of PNR data to serious crimes and terrorism is de facto proportionate because less invasive. The option of limiting the scheme to the fight against terrorism, without including additional crimes, as this was envisaged in earlier PNR schemes, notably in the previous Australian PNR scheme, has not been assessed either. The EDPS stresses that in this early scheme, on which the WP29 has adopted a positive opinion in 2004, the purposes were limited to ‘identification of those passengers who may pose a threat of terrorism or related criminal activity’ (11). The Australian system did not foresee either any retention of PNR data except for specific passengers identified as presenting a specific threat (12).

16.

Besides, as far as the predictability of the surveillance for data subjects is concerned, it is doubtful that the Proposal of the Commission fulfils the requirements of a sound legal basis under EU law: the ‘assessment’ of passengers (previously worded ‘risk assessment’) will be performed on the basis of constantly evolving and non-transparent criteria. As explicitly stated in the text, the main purpose of the scheme is not traditional border control, but intelligence (13) and arresting persons which are not suspects, before a crime has been committed. The development of such a system on a European scale, involving the collection of data on all passengers and the taking of decisions on the basis of unknown and evolving assessment criteria, raises serious transparency and proportionality issues.

17.

The only purpose which would, according to the EDPS, be compliant with the requirements of transparency and proportionality, would be the use of PNR-data on a case-by-case basis, as mentioned in Article 4.2(c), but only in case of a serious and concrete threat established by concrete indicators.

II.4.   The risk of function creep

18.

Article 4(2)(b) provides that a PIU may carry out an assessment of the passengers and in this activity may compare PNR data against ‘relevant databases’, as indicated in Article 4.2(b). This provision does not indicate which are the databases that are relevant. Therefore the measure is not predictable, also a requirement under the Charter and the ECHR. The provision moreover raises the question of its compatibility with the purpose limitation principle: according to the EDPS, it should be excluded for instance for a database such as Eurodac which has been developed for different purposes (14). Besides, it should be possible only in case there is a specific need, in a particular case where there is a pre-existing suspicion on a person after a crime has been committed. Checking for instance the database of the Visa Information System (15) on a systematic basis against all PNR data would be excessive and disproportionate.

II.5.   The added value of the proposal in terms of data protection

19.

The idea according to which the proposal would enhance data protection by providing for a uniform level playing field with regard to the rights of individuals is questionable. The EDPS acknowledges the fact that, would the necessity and the proportionality of the scheme be established, uniform standards among the EU, including data protection, would enhance legal certainty. However the present wording of the proposal, in its recital 28, mentions that ‘the Directive does not affect the possibility for Member States to provide, under their domestic law, for a system of collection and handling of PNR data for purposes other than those specified in this Directive, or from transportation providers other than those specified in this Directive, regarding internal flights (…)’.

20.

The harmonisation brought by the proposal is therefore limited. It may cover data subjects’ rights, but not purpose limitation, and it can be assumed that according to this wording PNR systems already used to combat for instance illegal immigration could continue to do so under the Directive.

21.

This means that, on the one hand, some differences would remain between Member States having already developed a PNR scheme, and on the other hand, the vast majority of Member States which do not systematically collect PNR data (21 out of 27 Member States) would be obliged to do so. The EDPS considers that from this perspective any added value in terms of data protection is highly questionable.

22.

To the contrary, the consequences of Recital 28 are a serious breach of the principle of purpose limitation. In the view of the EDPS, the proposal should explicitly provide that the PNR data may not be used for other purposes.

23.

The EDPS comes to a similar conclusion as the one drawn from the evaluation of the Data Retention Directive: in both contexts, absence of real harmonisation goes together with absence of legal certainty. Besides, additional collection and processing of personal data becomes compulsory for all Member States, where the real necessity of the scheme has not been established.

II.6.   Link with the Communication on information management in the Area of FSJ

24.

The EDPS further notes that the developments on PNR are linked with the ongoing general evaluation of all EU instruments in the field of information exchange management launched by the Commission in January 2010 and developed in the recent Communication on the overview of information management in the Area of Freedom, Security and Justice (16). There is notably a clear connection with the current debate on the European Information Management Strategy. The EDPS considers in this respect that the results of the current work on the European Information Exchange Model expected for 2012 should be taken into consideration in the assessment of the need for an EU PNR.

25.

In this context, and in view of the weaknesses of the Proposal and especially of its Impact Assessment, the EDPS considers that there is a need for a specific privacy and data protection impact assessment in cases like this one where the substance of the Proposal affects the fundamental rights to privacy and data protection. A general impact assessment is not sufficient.

III.   SPECIFIC COMMENTS

III.1.   Scope

26.

Terrorist offences, serious crimes and serious transnational crimes are defined in Article 2 (g), (h) and (i) of the Proposal. The EDPS welcomes the fact that the definitions — and their scope — have been refined, with a differentiation between serious crimes and serious transnational crimes. This distinction is welcome especially as it implies a different processing of personal data, excluding assessment against predetermined criteria when it comes to serious crimes which are not transnational.

27.

The definition of serious crimes is however still too broad in the view of the EDPS. This is acknowledged by the Proposal which indicates that Member States can still exclude minor offences falling under the definition of serious crimes (17) but which would not be in line with the principle of proportionality. This wording implies that the definition in the Proposal may well include minor offences, the processing of which would be disproportionate. What exactly should be covered by minor offences is not clear. Instead of leaving the faculty of narrowing the scope of application to Member States, the EDPS considers that the Proposal should explicitly list offences which should be included in its scope and those which should be excluded as they should be considered as minor and do not meet the proportionality test.

28.

The same concern applies to the possibility left open in Article 5(5) to process data related to any kind of offence if detected in the course of an enforcement action, as well as to the possibility mentioned in Recital (28) to extend the scope of application to other purposes than those foreseen in the Proposal, or to other transportation providers.

29.

The EDPS is also concerned with regard to the possibility foreseen in Article 17 to include internal flights in the scope of the Directive, in the light of the experience gained by Member States which already collect them. Such a widening of the scope of the PNR scheme would threaten even more the fundamental rights of individuals and should not be envisaged before any proper analysis including a comprehensive impact assessment.

30.

To conclude, leaving the scope of application open and giving the Member States possibilities to extend the purpose is contrary to the requirement that the data may be collected only for specified and explicit purposes.

III.2.   Passenger Information Units

31.

The role of PIUs and the safeguards around the processing of PNR data raise specific questions, especially since the PIUs receive data of all passengers from the air carriers and they have — under the text of the Proposal — wide competences to process these data. This includes assessment of the behaviour of passengers who are not suspected of any crime and the possibility to match PNR data with undetermined databases (18). The EDPS notes that ‘restrictive access’ conditions are foreseen in the Proposal, but considers that those conditions alone are not sufficient, in view of the wide competences of the PIUs.

32.

In the first place, the nature of the authority designated as PIU and its composition remain unclear. The Proposal mentions the possibility that staff members may be ‘seconded from competent public authorities’, but does not offer any guarantees in terms of competence and integrity of the staff of the PIU. The EDPS recommends including such requirements in the text of the Directive, taking into account the sensitive character of the processing to be performed by PIUs.

33.

In the second place, the proposal allows for the possibility to designate one PIU for several Member States. This opens the door to risks of misuse and transmission of data outside the conditions of the Proposal. The EDPS recognises that there might be reasons of efficiency, in particular for smaller Member States, to combine forces, but recommends including in the text conditions for this option. These conditions should address the cooperation with competent authorities, as well as the oversight, in particular with regard to the Data Protection Authority responsible for supervision, and with regard to the exercise of the data subject's rights, as several authorities may be competent to supervise one PIU.

34.

There is a risk of function creep linked to the elements mentioned above, and in particular in view of the quality of the staff competent to analyse the data and the ‘sharing’ of a PIU between several Member States.

35.

In the third place, the EDPS questions the safeguards foreseen against abuse. The logging obligations are welcome but not sufficient. Self-monitoring should be complemented by external monitoring, in a more structured way. The EDPS suggests that audits are organised in a systematic way every four years. A comprehensive set of security rules should be developed and imposed horizontally on all PIUs.

III.3.   Exchange of data between Member States

36.

Article 7 of the Proposal envisages several scenarios allowing for the exchange of data between PIUs — this being the normal situation — or between competent authorities of a Member State and PIUs in exceptional situations. Conditions are also stricter depending on whether access is requested to the database foreseen at Article 9(1), where data are kept during the first 30 days, or to the database mentioned in Article 9(1) where data are further kept for five years.

37.

Conditions of access are more strictly defined when the access request goes beyond the normal procedure. The EDPS notes however that the wording used leads to confusion: Article 7(2) is applicable in a ‘specific case of prevention, detection, investigation or prosecution of terrorist offences or serious crime’; Article 7(3) mentions ‘exceptional circumstances in response to a specific threat or a specific investigation or prosecution related to terrorist offences or serious crimes’, while Article 7(4) concerns ‘immediate and serious threat to public security’, and Article 7(5) mentions ‘specific and actual threat related to terrorist offences or serious crimes’. The conditions of access by different stakeholders to the databases vary depending on these criteria. However the difference between a specific threat, an immediate and serious threat and a specific and actual threat is not clear. The EDPS underlines the need to further specify the precise conditions according to which transfers of data will be allowed.

III.4.   Applicable law

38.

The proposal refers as a general legal basis for data protection principles to the Council Framework Decision 2008/977/JHA, and it extends its scope to data processing at domestic level.

39.

The EDPS has highlighted already in 2007 (19) the shortcomings of the Framework Decision with regard to data subjects’ rights. Among the elements missing in the Framework Decision, there are notably some requirements for information to the data subject in case of a request of access to his data: information should be given in an intelligible form, the purpose of the processing should be indicated, and there is a need for more developed safeguards in case of appeal to the Data Protection Authority in case direct access is denied.

40.

The reference to the Framework Decision has consequences as well with regard to the identification of the Data Protection Authority competent to monitor the application of the future Directive, as it may not necessarily be the same DPA as the one competent for (ex) first pillar matters. The EDPS considers it unsatisfactory to rely solely on the Framework Decision in the post-Lisbon context, when one of the main objectives is to adapt the legal framework to ensure a high and harmonised level of protection across the (ex) pillars. He considers that additional provisions are needed in the Proposal to complement the reference to the Council Framework Decision where shortcomings have been identified, especially in relation to the conditions of access to personal data.

41.

These concerns are also fully valid with regard to the provisions on transfers of data to third countries. The Proposal refers to Article 13.3(ii) of the Framework Decision, which includes wide exceptions to data protection safeguards: it derogates especially from the adequacy requirement in case of ‘legitimate prevailing interests, especially important public interests’. This exception has a vague wording which could potentially apply in many cases of processing of PNR data, if interpreted broadly. The EDPS considers that the proposal should explicitly prevent the application of the exceptions of the Framework Decision in the context of the processing of PNR data, and maintain the requirement for a strict adequacy assessment.

III.5.   Data retention

42.

The proposal foresees a period of 30 days of retention, with an additional period of five years in archive. This retention period is considerably reduced if compared to previous versions of the document, where retention went up to five plus eight years.

43.

The EDPS welcomes the reduction of the first period of retention to 30 days. He nevertheless questions the additional retention period of five years: it is unclear to him whether there is a need to keep these data further in a form that still renders possible the identification of individuals.

44.

He stresses also a terminology issue in the text, which has important legal consequences: Article 9(2) indicates that passengers data will be ‘masked out’, and will be therefore ‘anonymised’. However, later-on the text mentions that it is still possible to access ‘the full PNR data’. If this is possible, it means that PNR data have never been totally anonymised: while being masked out, they remain identifiable. The consequence is that the data protection framework remains fully applicable, which raises the fundamental question of necessity and proportionality as to keeping identifiable data of all passengers for five years.

45.

The EDPS recommends that the Proposal should be reworded, by keeping the principle of real anonymisation with no way back to identifiable data, which means that no retro-active investigation should be allowed. These data could still — and solely — be used in order to serve general intelligence purposes based on the identification of terrorism and related crime patterns in migration flows. This should be distinguished from the retention of data in identifiable form — subject to certain safeguards — in cases that have given rise to a concrete suspicion.

III.6.   List of PNR data

46.

The EDPS welcomes the fact that sensitive data are not included in the list of data to be processed. He stresses however that the Proposal still foresees the possibility that these data are sent to the Passenger Information Unit, which then has the obligation to delete them (Article 4(1), Article 11). It is unclear from this wording whether PIUs still have a routine obligation to filter out sensitive data sent by airlines, or if they should do it only in the exceptional case where airlines have sent them by mistake. The EDPS recommends that the text is amended in order to make clear that no sensitive data should be sent by airlines, at the very source of the data processing.

47.

Apart from sensitive data, the list of data which can be transferred mirrors to a large extent the US PNR list, which has been criticized as being too extensive in several opinions of the Article 29 Working Party (20). The EDPS considers that this list should be reduced in accordance with the opinion of the Working Party, and that any addition be duly justified. This is the case especially for the field ‘general remarks’ which should be excluded from the list.

III.7.   Automated individual decisions

48.

According to Article 4.2.(a) and (b), assessment of individuals against pre-determined criteria or against relevant databases can involve automated processing but it should be reviewed individually by non automated means.

49.

The EDPS welcomes the clarifications brought to this new version of the text. The ambiguity of the previous scope of the provision, in relation to automated decisions producing ‘an adverse legal effect on a person or significantly affect(ing) him (…)’ has been replaced by a more explicit wording. It is now clear that any positive match will be reviewed individually.

50.

It is also clear in the new version that in no circumstances can an assessment be based on a person's race or ethnic origin, religious or philosophical belief, political opinion, trade union membership, health or sexual life. In other words, the EDPS understands from this new wording that no decision can be taken, even partly, on the basis of sensitive data. This is consistent with the provision according to which no sensitive data can be processed by PIUs, and should also be welcomed.

III.8.   Review and statistical data

51.

The EDPS considers of the utmost importance that a thorough assessment of the implementation of the Directive is conducted, as foreseen in Article 17. He considers that the review should not only assess general compliance with data protection standards, but more fundamentally and specifically whether the PNR schemes constitute a necessary measure. The statistical data mentioned in Article 18 play an important role in this perspective. The EDPS considers that this information should include the number of law enforcement actions, as foreseen in the draft, but also the number of effective convictions which have resulted — or not — from the enforcement actions. Such data are essential for the result of the review to be conclusive.

III.9.   Relationship to other instruments

52.

The proposal is without prejudice to existing agreements with third countries (Article 19). The EDPS considers that this provision should refer more explicitly to the objective of a global framework providing for harmonised data protection safeguards in the field of PNR, within and outside the EU, as requested by the European Parliament and developed by the Commission in its Communication of 21 September 2010‘On the global approach to Transfers of passenger Name Record (PNR) data to third countries’.

53.

In that sense, agreements with third countries should not include provisions below the data protection threshold of the Directive. This is of particular importance now that agreements with the United States, Australia and Canada are being re-negotiated in this perspective of a global — and harmonised — framework.

IV.   CONCLUSION

54.

The development of an EU-PNR scheme, along with the negotiation of PNR agreements with third countries, has been a long-drawn-out project. The EDPS acknowledges that, compared to the Proposal for a Council Framework Decision on EU PNR of 2007, visible improvements have been brought to the draft text. Data protection safeguards have been added, benefiting from debates and opinions of different stakeholders including notably the Article 29 Working Party, the EDPS and the European Parliament.

55.

The EDPS welcomes these improvements and especially the efforts to restrict the scope of the Proposal and the conditions for processing of PNR data. He is however obliged to observe that the essential prerequisite to any development of a PNR scheme — i.e. compliance with necessity and proportionality principles — is not met in the Proposal. The EDPS recalls that in his view, PNR data could certainly be necessary for law enforcement purposes in specific cases and meet data protection requirements. It is their use in a systematic and indiscriminate way, with regard to all passengers, which raises specific concerns.

56.

The Impact Assessment gives elements aiming at justifying the need for PNR data to fight against crime, but the nature of this information is too general, and it fails to support the large scale processing of PNR data for intelligence purposes. In the view of the EDPS, the only measure compliant with data protection requirements would be the use of PNR-data on a case-by-case basis, when there is a serious threat established by concrete indicators.

57.

In addition to this fundamental shortcoming, the comments of the EDPS concern the following aspects:

The scope of application should be much more limited with regard to the type of crimes involved. The EDPS questions the inclusion in the Proposal of serious crimes which have no link with terrorism. In any case, minor crimes should be explicitly defined and ruled out. The EDPS recommends excluding the possibility for Member States to widen the scope of application.

The nature of the different threats allowing for exchange of data between PIUs or with Member States has not sufficiently been defined.

The data protection principles applicable should not only rely on Council Framework Decision 2008/977/JHA which includes shortcomings, notably in terms of data subjects’ rights and transfers to third countries. A higher standard of safeguards, based on the principles of Directive 95/46/EC, should be developed in the Proposal.

No data should be kept beyond 30 days in an identifiable form, except in cases warranting further investigation.

The list of PNR data to be processed should be reduced, in accordance with previous recommendations of the WP29 and the EDPS. In particular, the ‘general remarks’ field should not be included.

The evaluation of the Directive should be based on comprehensive data, including the number of persons effectively convicted — and not only prosecuted — on the basis of the processing of their data.

58.

The EDPS further recommends that the developments on EU PNR are assessed in a broader perspective including the ongoing general evaluation of all EU instruments in the field of information exchange management launched by the Commission in January 2010. In particular, the results of the current work on the European Information Exchange Model expected for 2012 should be taken into consideration in the assessment of the need for an EU PNR scheme.

Done at Brussels, 25 March 2011.

Peter HUSTINX

European Data Protection Supervisor


(1)  OJ L 281, 23.11.1995, p. 31.

(2)  OJ L 8, 12.1.2001, p. 1.

(3)  COM(2011) 32 final.

(4)  COM(2007) 654 final.

(5)  Opinion of the EDPS of 20 December 2007 on the Proposal for a Council Framework Decision on the use of Passenger Name Record (PNR) data for law enforcement purposes (OJ C 110, 1.5.2008, p. 1).

(6)  

Opinion of 19 October 2010 on the global approach to transfers of Passenger Name Record (PNR) data to third countries, available at http://www.edps.europa.eu/EDPSWEB/edps/Consultation/OpinionsC/OC2010

The opinions of the Article 29 Working Party are available at the following link: http://ec.europa.eu/justice/policies/privacy/workinggroup/wpdocs/index_en.htm#data_transfers

(7)  This means that PNR data shall be actively transmitted by the airlines, and not ‘pulled’ by public authorities through direct access to the airlines’ database.

(8)  See ‘The moment of truth for the Data Retention Directive’, speech of Peter Hustinx given at the conference ‘Taking on the Data Retention Directive’, Brussels, 3 December 2010, available at http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/Publications/Speeches/2010/10-12-03_Data_retention_speech_PH_EN.pdf

(9)  Impact Assessment, chapter 2.1.1, and Explanatory Memorandum, Chapter 1, first paragraph.

(10)  Impact assessment, chapter 3.2, second paragraph.

(11)  Opinion 1/2004 of 16 January 2004 on the level of protection ensured in Australia for the transmission of Passenger Name Record data from airlines, WP85.

(12)  The WP29 opinion explains further that ‘regarding retention of PNR data, there is no statutory obligation on Customs to retain PNR data. Likewise there is no statutory prohibition on Customs to store these data. The PNR data of passengers assessed via the automated profile analysis software and assessed as low risk (95 % to 97 % of passengers) are not retained and no record is kept of their PNR information. So Customs applies a general policy of non-retention for these data. For those 0,05 % to 0,1 % of passengers who are referred to Customs for further evaluation, the airline PNR data are temporarily retained, but not stored, pending resolution of the border evaluation. After resolution, their PNR data are erased from the PC of the Customs PAU officer concerned and are not entered into Australian databases.’

(13)  Explanatory Memorandum, Chapter 1. Context of the proposal, Consistency with EU's other policies and objectives.

(14)  The purpose of Eurodac ‘shall be to assist in determining which Member State is to be responsible pursuant to the Dublin Convention for examining an application for asylum lodged in a Member State, and otherwise to facilitate the application of the Dublin Convention under the conditions set out in this Regulation’, according to Article 1(1) of Council Regulation (EC) No 2725/2000 of 11 December 2000 concerning the establishment of ‧Eurodac‧ for the comparison of fingerprints for the effective application of the Dublin Convention (OJ L 316, 15.12.2000, p. 1).

(15)  ‘The VIS shall have the purpose of improving the implementation of the common visa policy, consular cooperation and consultation between central visa authorities by facilitating the exchange of data between Member States on applications and on the decisions relating thereto’, according to Article 2 of Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) (OJ L 218, 13.8.2008, p. 60).

(16)  COM(2010) 385 final.

(17)  As referred to in Council Framework Decisions 2008/841/JHA and 2002/584/JHA.

(18)  See on PIUs also the EDPS Opinion of 20 December 2007.

(19)  Third opinion of the European Data Protection Supervisor of 27 April 2007 on the Proposal for a Council Framework Decision on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters, OJ C 139, 23.6.2007, p. 1.

(20)  Opinion of 23 June 2003 on the Level of Protection ensured in the United States for the Transfer of Passengers’ Data, WP78. This opinion and subsequent opinions of the Working Party on this issue are available at: http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/wpdocs/index_en.htm#data_transfers