The European Data Protection Supervisor (EDPS) has slammed the use of passenger name records (PNRs) to profile international travellers to assess their risk to the destination country.
He has also come out against the indiscriminate transfer and use of the records by other state departments.
In an opinion issued on Tuesday, EDPS Peter Hustinx said, "The proactive use of PNR data of all passengers for risk assessment purposes requires more explicit justification and safeguards."
Hustinx was responding to the European Commission's communication on the transfer of Passenger Name Record (PNR) data to third countries (COM(2010) 492 final). The document sets out the data protection standards that any PNR agreement with a third country should be based on.
Hustinx welcomed the commission's "horizontal approach", but said he had "major concerns" about the need and legitimacy of key aspects of the proposed schemes.
"To be admissible, the conditions for collection and processing of PNR data should be considerably restricted. I am particularly concerned about the use of PNR schemes for risk assessment or profiling," he said.
He said the proposals should harmonise with EU-US talks on the use of PNR by other state departments, notably law enforcement. "Due account should be taken of the need for a consistent and harmonised approach on data protection," he said.
Hustinx called for stricter conditions to govern the processing of sensitive data, the transfer of such to other government authorities, and the retention of data.
He said any PNR agreement should provide explicitly for directly enforceable rights to concerned individuals, describing these as "essential".