EU agree to adopt passenger name record scheme (PNR)
- UK demands that data can be kept indefinitely and accessible by all law enforcement agencies agreed



The meeting of the EU's Justice and Home Affairs Council meeting in Brussels on 30 March 2004 agreed to adopt by June an EU version of the highly controversial PNR scheme - the European Parliament voted on 31 March to reject handing over personal passenger data to the USA:
EP vote and the same scheme in the USA is running into major civil liberties and data protection concerns.

The plan has been on the table since early last year and has gone through significant amendment.When it was first proposed by the Spanish government it covered the obligation of airline to provide passenger data on all passengers - this was queried by other governments and it was changed so that it concerned third country nationals. Early this year it was changed back again to cover all passengers. Then at the demand of the UK another provision was changed so that personal data on every passenger has to be handed over in advance of the flight taking off ("by the end of check-in") - this will allow every passenger to be checked at "watch-lists" to decide whether or not they would be allowed to fly. This is known as APIS (Advance Passenger Information System) or "board/don't board" system - every passenger will be categorised as: Green (allowed to fly), Red (not allowed to fly - probably placed under arrest) or Yellow (held and questioned or placed under surveillance on arrival). The latter "Yellow" category is clearly the most dangerous as tests in the USA have shown that between 5-15% of passengers can be defined as "suspicious". See Statewatch's Observatory on PNR in the EU

The UK government chose to use the post-Madrid situation to put in two late changes (on 23 March) just prior to the JHA meeting on 30 March. These these were to Article 6 on Data processing:

The first was to add a new clause so that personal data does not have to be deleted after 24 hours (which had been agreed for weeks) - no time limit at all is set on how long the data can be held:

Article 6.1:

"After passengers have entered, these authorities shall delete the data, within 24 hours after transmission, unless the data are needed later for the purposes of exercising the statutory functions of the authorities responsible for carrying out checks on persons at external borders in accordance with national law and subject to data protection provisions under Directive 95/46/EC." (amendment in bold)

The second is also to Article 6.1. on data protection extends access to the data held on individuals from immigration officials responsible for those who enter to all "law enforcement agencies" by adding the following:

"In accordance with their national law and subject to data protection provisions under Directive 95/46/EC, Member States may also use the personal data referred to in Article 3(1) for law enforcement purposes."

Only Denmark and France objected to these changes but their reservations were withdrawn at the JHA Council. An early version (6015/04) had allowed for data to be retained for the "execution of measures to end the illegal presence in the territory of Member States" but this was deleted later (6620/04).

The second amendment above would exceed the legal base, to the extent that the data are used by law enforcement agencies for purposes other than migration control or border control. The amended Directive may now have to re-submitted to the European Parliament for its Opinion and for scrutiny in national parliaments. For example in the UK parliament was sent an Explanatory Memorandum on 15 March referring to an earlier version dated 23 February 2004.

Other changes from earlier versions are: 1) in Recital 4 there is the addition of a reference to the "use of biometric features"; 2) the proposal cover travel by air nit travel by sea and land (though the UK government notes that "this limitation will not prevent the Immigration Service from exercising domestic information gathering powers, which may apply in respect of passengers carried by air, sea and international rail carriers". This proposal will affect all airlines throughout the world flying into the EU.

Tony Bunyan, Statewatch editor, comments:

"The Justice and Home Affairs Council has agreed to make data protection of passenger data totally meaningless. Data can be held for unlimited periods and can be accessed and added to by any law enforcement agency in the EU.

This proposal has little or nothing to do with fighting terrorism and is going to place everyone's travel by air under surveillance. If a person is a suspected terrorist they would presumably be arrested when they book the flight or on arrival at the airport. If a person is unknown to the security and law enforcement agencies they will simply be allowed to fly.

The real worrying category is "Yellow" where a person may be questioned or placed under surveillance on the basis of "intelligence" where the current evidence shows that thousands of people could be caught up.

How long will it be before "suspected" football fans or people going to a demonstration or meeting in another EU country - who have not been convicted of a relevant criminal offence - are stopped from flying or are subject to interrogation?"

Documentation


1. Draft Council Directive on the obligation of carriers to communicate passenger data: document 7595/04 (pdf)
2. For background see: Statewatch Observatories on:
EU PNR and EU-USA PNR
Statewatch News online | Join Statewatch news e-mail list | Download a free sample issue of Statewatch bulletin

Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author.
Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement.