A new agreement on the transfer of EU air passengers' personal data to the US authorities was approved by the European Parliament on Thursday. The deal sets legal conditions and covers issues such as storage periods, use, data protection safeguards and administrative and judicial redress. The agreement, which will apply for 7 years, will replace a provisional deal in place since 2007.
Justice and Home Affairs Ministers will formally approve the agreement on April 26.
The EU-US Passenger Name Record (PNR) agreement was adopted with 409 votes in favor, 226 against and 33 abstentions during a Plenary session of the European Parliament. A significant minority of MEPs voted against the deal due to concerns over data protection safeguards. A proposal to refer the agreement to the European Court of Justice was rejected.
Following the vote, rapporteur Sophie in'T Veld withdrew her name from the report since it didn't reflect her recommendation.
Under the new agreement, which its supporters say is a vital step in the fight against terrorism, US authorities will keep PNR data in an active database for up to 5 years. After the first 6 months, all information which could be used to identify a passenger would be "depersonalized", meaning that data such as the passenger's name or her/his contact information would be codified.
After the first 5 years, the data will be moved to a "dormant database" for up to 10 years, with stricter access requirements for US officials. Thereafter, the agreement says, data would be fully "anonymized" by deleting all information which could serve to identify the passenger. Data related to any specific case will be retained in an active PNR database until the investigation is archived.
PNR data will be used mainly to prevent, detect, investigate and prosecute terrorism and serious transnational crimes. Transnational crimes are defined as crimes punishable by 3 years of imprisonment or more under US law. PNR data will also serve "to identify persons who would be subject to closer questioning or examination".
Sensitive data such as those revealing the ethnic origin, religious beliefs, physical or mental health or sexual orientation of a passenger could be used in exceptional circumstances when a person's life is at risk. This data is most frequently tied to a religious meal choice or requests for assistance due to a medical condition. This data will be accessed only case-by-case and will be permanently deleted after 30 days from receipt, unless it is used for a specific investigation.
Should their data be misused, EU citizens will have the right to administrative and judicial redress in accordance with US law. They will also have the right to access their own PNR data and seek rectification by the US Department of Homeland Security (DHS), including the possibility of erasure, if the information is inaccurate.
PNR data are collected by air carriers during the reservation process and include names, addresses, credit card details and seat numbers of air passengers. Under US law, air companies are obliged to make these data available to the DHS prior to passenger departure. This applies to flights to or from the US.
In May 2010, Parliament postponed its vote on a PNR agreement with the US applied provisionally since 2007, mainly due to data protection concerns. MEPs urged then the European Commission to negotiate a new deal, which the Commission did in 2011.
The European Parliament adopted a PNR deal with Australia in October last year. The EU is currently negotiating a similar agreement with Canada.
by RTT Staff Writer
For comments and feedback: firstname.lastname@example.org