EU sets new rules for collecting airline passenger data

The European Commission has proposed that airlines collect and retain data on passengers travelling in and out of EU states, mirroring similar initiatives in Australia, the United States and Canada.

The EC has proposed an EU Passenger Name Record (PNR) Directive which would require air carriers to provide EU Member States with data on passengers entering or departing from the EU.

The EC argued that the initiative would fight serious crime and terrorism, whilst guaranteeing "a high level of protection of privacy and personal data".

"The EC proposal requires Member States to anonymise all PNR data that is collected", said Cecilia Malmström, European Commissioner for Home Affairs.

The announcement noted that many law enforcement authorities in EU Member States already collect PNR data on a case-by-case or flight-by-flight basis. The Directive would enable "a more systematic use of the data" and create a coherent approach across all Member States.

The Directive asks that airlines:

1. Transfer data on passengers on international flights held in the carriers' reservation systems to a dedicated unit in the Member State of arrival or departure. Member States will analyse and retain the data for the purpose of preventing, detecting, investigating and prosecuting serious crime and terrorist offences.
2. PNR data may not be used for any purpose except fighting serious crime and terrorist offences. Law enforcement authorities in Member States must make the data anonymous within one month after the flight, and data must not be retained for more than five years in total (short retention period).
3. Passengers will also have a right to accurate information about the collection of PNR data and an ability to access, rectify, and delete their data, or access compensation and judicial remedies should the information be misused.

It was expected to take two years to negotiate the proposal in the Council of Ministers and the European Parliament.