EC lawyers declare EU/US passenger name record unlawful on data protection grounds

Lawyers for the European Commission (EC) have warned that a US-European agreement to store the personal data of air passengers for 15 years is unlawful.

Lawyers for the European Commission (EC) have warned that a US-European agreement to store the personal data of air passengers for 15 years is unlawful.

The Passenger Name Record agreement - under which EU governments collect, store and share details about users of scheduled transport - is in the process of being finalised.

But a note from the EC's legal service says it has grave doubts that the Passenger Name Record (PNR) agreement complies with the fundamental right to data protection, according to The Guardian.

Prevailing official legal opinion could prove crucial, as the PNR needs the approval of the European parliament as well as ministers. But commission officials say the PNR's legality can only be tested in the courts.

Lawyers say the biggest concerns surround: the widely-drawn limits on the use of the personal data; the disproportionate storage period of 15 years; the lack of independent oversight; and proper access to the courts for those seeking redress over misuse of their details.

The legal advice concludes that the draft agreement does not constitute a sufficiently substantial improvement of the previous agreement rejected by the European parliament on data protection grounds.

Some members of the European parliament say the EU is acting against its own legal advice and have called for the draft agreements with the US, Australia and Canada on passenger record retention to be renegotiated, to ensure the agreements are in line with EU data protection law.

The US Aviation and Transportation Security Act of 19th November 2001 introduced the requirement that airlines operating passenger flights to, from or through the United States provide US authorities, upon request, with electronic access to PNR data contained in their reservation and departure control systems.

European authorities and the US signed an initial agreement on sharing passenger information in 2004, but the parties have since struggled to reach a final agreement on the issue because of persistent concerns about data protection.

Read more about EU/US data sharing

Read more on IT legislation and regulation

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...