A new deal on the transfer of EU air passengers' personal data to the US Department of Homeland Security will be put to a vote on Thursday. It lays down legal requirements for, inter alia, data storage periods, the purpose of data use and data protection safeguards. MEPs have concerns about the data protection standards enshrined in the agreement, which is to replace another that has applied provisionally since 2007.
Passenger Name Record (PNR) data are collected by air carriers during the reservation process and include, inter alia, passengers' names, addresses, credit card details and seat numbers. Under US law, airlines must make these data available to the Department of Homeland Security (DHS) prior to passenger departure. This applies to flights to or from the US.
Under the proposed agreement, the US authorities would retain PNR data for up to 15 years. Thereafter, the data would be "anonymized", by deleting all information that could serve to identify a passenger. Several MEPs, including rapporteur Sophie in 't Veld (ALDE, NL), say that the data retention period is too long and that the data protection safeguards in the proposed agreement are not up to EU standards.
PNR data are used mainly to prevent, detect, investigate and prosecute terrorism and serious transnational crimes. Sensitive data, such as those revealing a passenger's racial origin, religious beliefs, state of physical or mental health or sexual orientation could be used, in exceptional circumstances, when a person's life is at risk. This data is most frequently tied to a religious meal choice or requests for assistance due to a medical condition.
The EU-US PNR deal was approved by the Civil Liberties Committee with 31 votes in favour, 23 against and one abstention. The EPP and ECR groups voted in favour. The ALDE, Greens/EFA and GUE/NGL groups followed the rapporteur's advice and voted against, mainly due to concerns over data protection safeguards. S&D MEPs were divided.
Debate/Vote: Thursday 19 April