06 July 2020
The German Council Presidency has asked member states whether they are using passenger data collected by airline companies to track people infected with COVID-19, with an eye to expanding the scope of EU legislation on the issue. Currently EU rules are limited to using passenger data for "preventing, detecting, investigating and prosecuting terrorist offences and serious crime."
Note from: Presidency to: Delegations: Overview of the situation of Member States on the use of PNR for public health purposes(9031/20, 2 July 2020, pdf, emphasis added):
"One of the lessons learned from the experience of the COVID19 pandemic is that the relevant MS authorities have needed sufficient and quickly available intelligence on the spread of the disease from the very beginning. This highlights the wider issue of the processing of PNR (passenger name records) for public health purposes.
Information about travel movements and the contact persons of suspected infected individuals are of utmost importance.
PNR contain at least some of the data that could enable the tracing and contacting of affected people and could help facilitate effective measures being taken.
However, the use of PNR data in the fight against pandemics raises a legal question. Article 1(2) of the EU PNR Directive (EU) 2016/681 provides that PNR data collected in accordance with this Directive may be processed only for the purposes of preventing, detecting, investigating and prosecuting terrorist offences and serious crime.
The following questions aim to clarify the state of play as regards the current use of PNR to fight the pandemic and gather experiences from the Member States in order to examine possible requirements with regard to additional legislation or improvements that could be made to the existing legal framework."
PNR data is made up of information gathered by airlines and travel companies when individuals book airline tickets. EU rules cover 19 different data items (see Annex 1).
The questions from the Presidency come as the Commission is preparing to publish an evaluation of the PNR Directive, which mandates the police surveillance and profiling of all air passengers travelling into, out of, or within the EU. Discussions on using PNR data for public health purposes will likely feed into any proposed revision of those rules.
However, the PNR Directive is also currently subject to a legal challenge arguing that the introduction of mandatory data-gathering and profiling for all air passengers is "mass surveillance without any factual basis of suspicion whatsoever."
A consultation is also currently open on changing the rules governing the use of Advance Passenger Information (API), which is extracted from individual's travel documents and passed on to the authorities prior to flights departing.
See: Border & law enforcement - advance air passenger information (API) - revised rules (European Commission, link)
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: 10 Queen Street Place, London EC4R 1BE. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.