Menu

Passenger ID Data [EU]

Use of passenger records to prevent terrorism and serious crime

Directive (EU) 2016/681 on the use of passenger name record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime

It aims to regulate the transfer of the passenger name record (PNR) data of passengers on international flights from airlines to the European Union (EU) Member States.
It also regulates the processing of these data by Member States’ competent authorities.

What are PNR data?

They consist of booking information stored by airlines in their reservation and departure control systems. The information collected includes:

travel dates;
travel itinerary;
ticket information;
contact details;
means of payment used;
baggage information.

Scope

Each Member State must establish a Passenger Information Unit (PIU). A PIU is responsible for:
collecting, storing and processing the data, as well as transferring the data or the results of the processing to the competent national authorities;
exchanging PNR data and the results of processing with other Member States and Europol.
Airlines must provide PIUs in Member States with the PNR data for flights entering or departing from the EU. It also allows — but does not require — Member States to collect PNR data concerning selected intra-EU flights.

Processing

The data collected may only be processed to prevent, detect, investigate and prosecute terrorist offences and serious crime. Data should only be processed in the following cases:

for a pre-arrival assessment of passengers against pre-determined risk criteria and relevant law enforcement databases;
for use in specific investigations/prosecutions;
as input in the development of risk assessment criteria.

Transfer and exchange of data

Member States should not be able to access airline companies’ databases.
PNR data are sent by the airline to the PIU of the Member State concerned.
When necessary and relevant, a Member State must supply PNR data on an identified person to the competent authorities of another Member State.
PNR data may be transferred to a non-EU country under certain specific conditions.

Storage

Data provided by airline carriers must be stored in a database by the PIU for 5 years from the time of its transfer to the Member State in which the flight is landing or from which it is departing.
After 6 months the transferred data must be ‘depersonalised’ to mask out certain information including;
name;
address and contact information;
all payment information including billing address.

Disclosure of the full PNR information after this 6-month period has expired is only permitted if:
it is reasonably believed to be necessary in order to respond to requests for PNR data made by competent authorities or Europol — on a case-by-case basis and;
it has been approved by a judicial or other national authority competent under national law to verify whether the conditions for disclosure are met.

Transfer of PNR data to non-EU countries

Part Three, Title III of the EU-UK Trade and Cooperation Agreement (see summary) deals with the issue of the transfer, processing and use of PNR data in relation to flights between the EU and the UK. It also sets out the rules for police and judicial cooperation in criminal matters between the UK and the EU in respect of PNR data.
The EU has also signed agreements specifically on the transfer of PNR data with Australia and with the United States of America.

Application and Background

It has applied since 24 May 2016 and had to become law in the Member States by 25 May 2018.

For further information, see:

Passenger Name Record (PNR) (European Commission).

MAIN DOCUMENT

Directive (EU) 2016/681 of the European Parliament and of the Council of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime (OJ L 119, 4.5.2016, pp. 132–149).

RELATED DOCUMENTS
Trade and Cooperation Agreement between the European Union and the European Atomic Energy Community, of the one part, and the United Kingdom of Great Britain and Northern Ireland, of the other part (OJ L 149, 30.4.2021, pp. 10–2539).

Agreement between the United States of America and the European Union on the use and transfer of passenger name records to the United States Department of Homeland Security (OJ L 215, 11.8.2012, pp. 5–14).

Agreement between the European Union and Australia on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the Australian Customs and Border Protection Service (OJ L 186, 14.7.2012, pp. 4–16).

Related Posts

error: Content is protected !!