How would the proposed PNR system work?
Under the Commission proposal, air carriers operating flights between a third country and the territory of at least one EU member state would be obliged to send PNR data to the competent authorities of that member state.
Carriers would send this data by the so-called “push” method, meaning that member states would not have direct access to the carriers’ IT systems.
PNR data would be sent by air carriers to a single designated unit – the "Passenger Information Unit" (PIU) - of the member state in which the international flight arrives or from which it departs.
The PIU would be responsible for collecting PNR data, storing them, analysing them and supplying the results of the analysis to the competent authorities (each member state would have to approve a list of the competent authorities entitled to request or receive PNR data or the result of the processing of PNR data from the PIU). An independent national supervisory authority would be responsible for advising and monitoring how PNR data are processed.
Member states would share alerts created from the processing of PNR data where necessary for the prevention, detection, investigation and prosecution of terrorist offences or serious crime (e.g. human trafficking, drug trafficking, or child pornography). Member states would also have the right to request PNR data from another member state in support of a specific investigation.
The collection and use of sensitive data directly or indirectly revealing a person’s race or ethnic origin, religious or philosophical belief, political opinion, trade union membership, health or sexual life, would be prohibited.
The Commission proposal would allow PNR data to be retained for 5 years and 30 days.