Data retention issue stymies EU air passenger bill

BRUSSELS - Attempts to finalise the EU-wide passenger name records bill before the end of year seem increasingly unlikely given the wide political differences between a handful of leading MEPs and member states.

The European Commission’s proposal is to create a legal basis for airlines to exchange personal details of passengers with member states’ authorities in efforts to track criminals, terrorists, and so-called foreign fighters.

But a handful of leading MEPs in the civil liberties committee on Tuesday (11 November) remained unconvinced that the proposal, as it stands, fully complies with a recent European Court of Justice ruling on data retention.

The EU had to scrap its controversial data retention law after the Luxembourg judges declared its mass-scale and indiscriminate collection of data as a serious violation of fundamental rights.

The judgement has created additional complications for the commission proposal, which foresees data to be retained for up to five years.

“I don’t see, after this judgment, that we can just go back to business as usual,” said German Green Jan Phillip Albrecht i.

“It [EU PNR] is foreseeing the blanket retention of all travelers entering the European Union or going outside”.

The commission, for its part, is revisiting the bill in light of the judgment.

“It’s clear that the proposal at hand needs to be carefully examined in the light of the principals and criteria set out in the Court of Justice ruling on the data retention directive,” a commission representative told the MEPs.

Some of the deputies pointed out that the Brussels executive is already financing national PNR systems in 15 member states.

British conservative Timothy Kirkhope i, the parliament’s lead negotiator on the bill and one of its primary backers, noted that Austria, Bulgaria, Estonia, Finland, France, Hungary, Latvia, Lithuania, the Netherlands, Portugal, Romania, Slovenia, Spain, Sweden, and the UK, all received EU money to set up their own PNR systems.

“The current system is burdensome for airlines,” he said, adding that a legal basis is needed to make the data exchanges coherent.

He said criminals and terrorists are able to “exploit the gaps in the current exchange system between law enforcement authorities.”

Kirkhope added that the bill should be passed as soon as possible and that data issues would be dealt with once the EU has signed off on the broader data protection reforms, currently stuck at member-state level.

Not everyone is convinced by the arguments.

Dutch liberal Sophie In’t Veld i said the EU funding for the 15 member states is an underhanded way of forcing an EU law into existence.

“Giving money to the member states to create national systems, so that all of a sudden there is a need for harmonisation, ‘hey look we have a reason for a directive’, it’s called bribing and I find this a despicable way of making policies and law,” she noted.

UK threatens to ban EU airlines

An EU source says the UK is doing something similar by threatening to ban EU airlines from landing in its territory if member states refuse to hand over personal details of passengers.

Last week, one of Britain’s most senior home office officials, Mark Sedwill, said EU airlines must give the UK information on passenger lists or face a landing ban.

Sedwill said German airlines are at greatest risk.

“We are in discussions, which for obvious reasons I have to keep somewhat private, with other EU countries to change their data protection legislation in order to require this data of the carrier,” he said, according to British daily The Guardian.

The UK reportedly wants the type of data - like credit card numbers and home addresses - which would normally be included in a fully-fledged PNR agreement.

But the EU commission told this website that the UK cannot force airlines to give such information.

"Airlines are currently not obliged under EU law to transfer passenger name record data to member states," a commission official said in an email.

Instead, a so-called Advanced Passenger Information (API) instrument - an EU law since 2004 - only requires member states to hand over limited data.

API data are the biographical information taken from the machine-readable part of a passport and contain the name, place of birth, and nationality of the person, their passport number and its expiry date.

The data are given to border-control authorities, at the request of each member state, for flights entering the territory of the EU. The information is typically used to deal with border control and irregular migration issues.