Procedure : 2011/0023(COD)
Document stages in plenary
Document selected : A8-0248/2015

Texts tabled :

A8-0248/2015

Debates :

PV 13/04/2016 - 16
CRE 13/04/2016 - 16

Votes :

PV 14/04/2016 - 7.3

Texts adopted :

P8_TA(2016)0127

SECOND REPORT     ***I
PDF 1338kWORD 971k
7 September 2015
PE 549.223v03-00 A8-0248/2015

on the proposal for a directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime

(COM(2011)0032 – C7-0039/2011 – 2011/0023(COD))

Committee on Civil Liberties, Justice and Home Affairs

Rapporteur: Timothy Kirkhope

DRAFT EUROPEAN PARLIAMENT LEGISLATIVE RESOLUTION
 EXPLANATORY STATEMENT
 OPINION of the Committee on Foreign Affairs
 OPINION of the Committee on Transport and Tourism
 PROCEDURE
 REFERRAL BACK TO COMMITTEE

DRAFT EUROPEAN PARLIAMENT LEGISLATIVE RESOLUTION

on the proposal for a directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime

(COM(2011)0032 – C7-0039/2011 – 2011/0023(COD))

(Ordinary legislative procedure: first reading)

The European Parliament,

–  having regard to the Commission proposal to Parliament and the Council (COM(2011)0032),

–  having regard to Article 294(2), point (d) of the second subparagraph of Article 82(1), and point (a) of Article 87(2) of the Treaty on the Functioning of the European Union, pursuant to which the Commission submitted the proposal to Parliament (C7-0039/2011),

–  having regard to Article 294(3) of the Treaty on the Functioning of the European Union,

–  having regard to the contributions submitted by the Bulgarian Parliament, the Czech Senate, the German Bundesrat, the Italian Senate, the Romanian Senate, the Austrian National Council, the Portuguese Parliament and the Dutch Senate on the draft legislative act,

–  having regard to the opinion of the European Economic and Social Committee of 5 May 2011(1),

–  having regard to the opinion of the European Data Protection Supervisor of 25 March 2011(2),

–  having regard to the judgment of the Court of Justice of 8 April 2014 in Joined Cases C-293/12 and C-594/12, Digital Rights Ireland and Seitlinger and others(3),

–  having regard to Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data(4),

–  having regard to Rules 59 and 188 of its Rules of Procedure,

–  having regard to the report of the Committee on Civil Liberties, Justice and Home Affairs and the opinions of the Committee on Foreign Affairs and the Committee on Transport and Tourism (A7-0150/2013),

–  having regard to the Decision of the Conference of Presidents of 18 September 2014 on unfinished business from the seventh parliamentary term,

–  having regard to the second report of the Committee on Civil Liberties, Justice and Home Affairs and the opinions of the Committee on Foreign Affairs and the Committee on Transport and Tourism (A8-0248/2015),

1.  Adopts its position at first reading hereinafter set out;

2.  Calls on the Commission to refer the matter to Parliament again if it intends to amend its proposal substantially or replace it with another text;

3.  Instructs its President to forward its position to the Council, the Commission and the national parliaments.

Amendment    1

Proposal for a directive

Title

Text proposed by the Commission

Amendment

Proposal for a

Proposal for a

DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime

on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious transnational crime

Amendment    2

Proposal for a directive

Recital 4 a (new)

Text proposed by the Commission

Amendment

 

(4a) The purpose of this Directive is to ensure security, to protect the life and safety of the public, and to create a legal framework for the protection and exchange of PNR data between Member States and law enforcement authorities.

Amendment    3

Proposal for a directive

Recital 5

Text proposed by the Commission

Amendment

(5) PNR data are necessary to effectively prevent, detect, investigate and prosecute terrorist offences and serious crime and thus enhance internal security.

(5) PNR data are necessary to effectively prevent, detect, investigate and prosecute terrorist offences and serious transnational crime and thus enhance internal security.

Amendment    4

Proposal for a directive

Recital 6

Text proposed by the Commission

Amendment

(6) PNR data help law enforcement authorities prevent, detect, investigate and prosecute serious crimes, including acts of terrorism, by comparing them with various databases of persons and objects sought, to construct evidence and, where relevant, to find associates of criminals and unravel criminal networks

(6) PNR data can help law enforcement authorities prevent, detect, investigate and prosecute serious transnational crime, including acts of terrorism, by comparing them with various databases of persons and objects sought, to find the necessary evidence and, where relevant, to find associates of criminals and unravel criminal networks.

Amendment    5

Proposal for a directive

Recital 7

Text proposed by the Commission

Amendment

(7) PNR data enable law enforcement authorities to identify persons who were previously "unknown", i.e. persons previously unsuspected of involvement in serious crime and terrorism, but whom an analysis of the data suggests may be involved in such crime and who should therefore be subject to further examination by the competent authorities. By using PNR data law enforcement authorities can address the threat of serious crime and terrorism from a different perspective than through the processing of other categories of personal data. However, in order to ensure that the processing of data of innocent and unsuspected persons remains as limited as possible, the aspects of the use of PNR data relating to the creation and application of assessment criteria should be further limited to serious crimes that are also transnational in nature, i.e. are intrinsically linked to travelling and hence the type of the data being processed.

(7) PNR data enable law enforcement authorities to identify persons who were previously "unknown", i.e. persons previously unsuspected of involvement in serious transnational crime and terrorism, but whom an analysis of the data suggests may be involved in such crime and who should therefore be subject to further examination by the competent authorities.

Amendment    6

Proposal for a directive

Recital 8

Text proposed by the Commission

Amendment

(8) The processing of personal data must be proportionate to the specific security goal pursued by this Directive.

(8) The processing of personal data must be necessary and proportionate to the specific aim pursued by this Directive.

Amendment    7

Proposal for a directive

Recital 10

Text proposed by the Commission

Amendment

(10) To prevent, detect, investigate and prosecute terrorist offences and serious crime, it is therefore essential that all Member States introduce provisions laying down obligations on air carriers operating international flights to or from the territory of the Member States of the European Union.

(10) To prevent, detect, investigate and prosecute terrorist offences and serious transnational crime, it is therefore essential that all Member States introduce provisions laying down obligations on air carriers and non-carrier economic operators operating international flights to or from the territory of the Member States.

Amendment    8

Proposal for a directive

Recital 11

Text proposed by the Commission

Amendment

(11) Air carriers already collect and process PNR data from their passengers for their own commercial purposes. This Directive should not impose any obligation on air carriers to collect or retain any additional data from passengers or to impose any obligation on passengers to provide any data in addition to that already being provided to air carriers.

(11) Air carriers and non-carrier economic operators already collect and process PNR data from their passengers for their own commercial purposes. This Directive should not impose any obligation on air carriers or non-carrier economic operators to collect or retain any additional data from passengers or to impose any obligation on passengers to provide any data in addition to that already being provided to air carriers and non-carrier economic operators.

Amendment    9

Proposal for a directive

Recital 11 a (new)

Text proposed by the Commission

Amendment

 

(11a) Non-carrier economic operators, such as travel agencies and tour operators, sell package tours making use of charter flights for which they collect and process PNR data from their customers, without necessarily transferring the data to the airline operating the passenger flight.

Amendment    10

Proposal for a directive

Recital 11 b (new)

Text proposed by the Commission

Amendment

 

(11b) Each Member State should be responsible for the costs of running and maintaining its own PNR system, including the costs of appointing and running a competent authority and a national supervisory authority. The costs incurred by transferring PNR data held by passenger airlines in their reservation systems to national law enforcement agencies and competent authorities should be borne by the airlines.

Amendment    11

Proposal for a directive

Recital 12

Text proposed by the Commission

Amendment

(12) The definition of terrorist offences should be taken from Articles 1 to 4 of Council Framework Decision 2002/475/JHA on combating terrorism37. The definition of serious crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA of 13 June 2002 on the European Arrest Warrant and the surrender procedure between Member States38. However, Member States may exclude those minor offences for which, taking into account their respective criminal justice system, the processing of PNR data pursuant to this directive would not be in line with the principle of proportionality. The definition of serious transnational crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA and the United Nations Convention on Transnational Organised Crime.

(12) The definition of terrorist offences should be taken from Articles 1 to 4 of Council Framework Decision 2002/475/JHA37. The definition of serious transnational crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA38 and should encompass the crimes listed in this Directive.

__________________

__________________

37 OJ L 164, 22.6.2002, p. 3. Decision as amended by Council Framework Decision 2008/919/JHA of 28 November 2008 (OJ L 330, 9.1.2.2008, p. 21)

37 Council Framework Decision of 13 June 2002 on combating terrorism (OJ L 164, 22.6.2002, p. 3).

38 OJ L 190, 18.7.2002, p. 1.

38 Council Framework Decision of 13 June 2002 on the European arrest warrant and the surrender procedures between Member States (OJ L 190, 18.7.2002, p. 1).

Amendment    12

Proposal for a directive

Recital 13

Text proposed by the Commission

Amendment

(13) PNR data should be transferred to a single designated unit (Passenger Information Unit) in the relevant Member State, so as to ensure clarity and reduce costs to air carriers.

(13) PNR data should be transferred to a single designated unit (Passenger Information Unit) in the relevant Member State, so as to ensure clarity and reduce costs to air carriers and non-carrier economic operators. Members States should exchange the information through the use of the Secure Information Exchange Network Application (SIENA), in order to ensure information sharing and interoperability between Member States.

Amendment    13

Proposal for a directive

Recital 14

Text proposed by the Commission

Amendment

(14) The contents of any lists of required PNR data to be obtained by the Passenger Information Unit should be drawn up with the objective of reflecting the legitimate requirements of public authorities to prevent, detect, investigate and prosecute terrorist offences or serious crime, thereby improving internal security within the Union as well as protecting the fundamental rights of citizens, notably privacy and the protection of personal data. Such lists should not contain any personal data that could reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data concerning health or sexual life of the individual concerned. The PNR data should contain details on the passenger’s reservation and travel itinerary which enable competent authorities to identify air passengers representing a threat to internal security.

(14) The contents of any lists of required PNR data to be obtained by the Passenger Information Unit should be drawn up with the objective of reflecting the legitimate requirements of public authorities to prevent, detect, investigate and prosecute terrorist offences or serious transnational crime, thereby improving internal security within the Union as well as protecting the fundamental rights of citizens, notably privacy and the protection of personal data, by applying high standards in accordance with the Charter of Fundamental Rights of the European Union (the ‘Charter'), the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data ('Convention No 108'), and the European Convention for the Protection of Human Rights and Fundamental Freedoms (the ‘ECHR’). Such data sets should not contain any personal data that could reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data concerning health or sexual life of the individual concerned. The PNR data should contain only details of the passenger's reservation and travel itinerary as referred to in this Directive.

Amendment    14

Proposal for a directive

Recital 15

Text proposed by the Commission

Amendment

(15) There are two possible methods of data transfer currently available: the ‘pull’ method, under which the competent authorities of the Member State requiring the data can reach into (access) the air carrier’s reservation system and extract (‘pull’) a copy of the required data, and the ‘push’ method, under which air carriers transfer (‘push’) the required PNR data to the authority requesting them, thus allowing air carriers to retain control of what data is provided. The ‘push’ method is considered to offer a higher degree of data protection and should be mandatory for all air carriers.

(15) There are two possible methods of data transfer currently available: the ‘pull’ method, under which the competent authorities of the Member State requiring the data can reach into (access) the air carrier’s reservation system and extract (‘pull’) a copy of the required data, and the ‘push’ method, under which air carriers and non-carrier economic operators transfer (‘push’) the required PNR data to the authority requesting them, thus allowing air carriers to retain control of what data is provided. The ‘push’ method is considered to offer a higher degree of data protection and should be mandatory for all air carriers and non-carrier economic operators.

Amendment    15

Proposal for a directive

Recital 16

Text proposed by the Commission

Amendment

(16) The Commission supports the International Civil Aviation Organisation (ICAO) guidelines on PNR. These guidelines should thus be the basis for adopting the supported data formats for transfers of PNR data by air carriers to Member States. This justifies that such supported data formats, as well as the relevant protocols applicable to the transfer of data from air carriers should be adopted in accordance with the advisory procedure foreseen in Regulation (EU) No….. of the European Parliament and the Council [……………..]

(16) The Commission supports the International Civil Aviation Organisation (ICAO) guidelines on PNR. These guidelines should thus be the basis for adopting the supported data formats for transfers of PNR data by air carriers and non-carrier economic operators to Member States. In order to ensure such transfer of PNR data, the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union (TFEU) should be delegated to the Commission in respect of adopting a list of such supported data formats as well as of the accepted common protocols applicable to the transfer of data. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level. The Commission, when preparing and drawing up delegated acts, should ensure a simultaneous, timely and appropriate transmission of relevant documents to the European Parliament and to the Council.

Amendment    16

Proposal for a directive

Recital 17

Text proposed by the Commission

Amendment

(17) The Member States should take all necessary measures to enable air carriers to fulfil their obligations under this Directive. Dissuasive, effective and proportionate penalties, including financial ones, should be provided for by Member States against those air carriers failing to meet their obligations regarding the transfer of PNR data. Where there are repeated serious infringements which might undermine the basic objectives of this Directive, these penalties may include, in exceptional cases, measures such as the immobilisation, seizure and confiscation of the means of transport, or the temporary suspension or withdrawal of the operating licence.

(17) The Member States should take all necessary measures to enable air carriers and non-carrier economic operators to fulfil their obligations under this Directive. Dissuasive, effective and proportionate penalties, including financial ones, should be provided for by Member States against those air carriers and against non-carrier economic operators failing to meet their obligations regarding the transfer of PNR data and the protection of that data. Where there are repeated serious infringements which might undermine the basic objectives of this Directive, these penalties may include, in exceptional cases, measures such as the immobilisation, seizure and confiscation of the means of transport, or the temporary suspension or withdrawal of the operating licence.

Amendment    17

Proposal for a directive

Recital 18

Text proposed by the Commission

Amendment

(18) Each Member State should be responsible for assessing the potential threats related to terrorist offences and serious crime.

(18) Each Member State should be responsible for assessing the potential threats related to terrorist offences and serious transnational crime.

Amendment    18

Proposal for a directive

Recital 19

Text proposed by the Commission

Amendment

(19) Taking fully into consideration the right to the protection of personal data and the right to non-discrimination, no decision that produces an adverse legal effect on a person or seriously affects him/her should be taken only by reason of the automated processing of PNR data. Moreover, no such decision should be taken by reason of a person’s race or ethnic origin, religious or philosophical belief, political opinion, trade union membership, health or sexual life.

(19) Taking fully into consideration the right to the protection of personal data and the right to non-discrimination, in accordance with Articles 8 and 21 of the Charter, no decision that produces an adverse legal effect on a person or seriously affects him/her should be taken only by reason of the automated processing of PNR data. Moreover, no such decision should be taken by reason of a person’s race or ethnic origin, religious or philosophical belief, political opinion, trade union membership, health or sexual life.

Amendment    19

Proposal for a directive

Recital 19 a (new)

Text proposed by the Commission

Amendment

 

(19a) The result of the processing of PNR data should in no circumstances be used by Member States as a ground to circumvent their international obligations under the Geneva Convention Relating to the Status of Refugees of 28 July 1951, as supplemented by the New York Protocol of 31 January 1967 and should not be used to deny asylum seekers safe and effective legal avenues to the Union territory to exercise their right to international protection.

Amendment    20

Proposal for a directive

Recital 19 b (new)

Text proposed by the Commission

Amendment

 

(19b) Taking fully into consideration the consequences of the judgment of the Court of Justice in Joined Cases C-293/12, Digital Rights Ireland and C-594/12, Seitlinger and others, the application of this Directive must ensure the full respect of fundamental rights and the right to privacy, the principle of proportionality. It must also genuinely meet the objectives of what is necessary and proportionate in order to achieve the general interests recognised by the Union and the need to protect the rights and freedoms of others in the fight against terrorism and serious transnational crime. The application of this Directive must be duly justified and the necessary safeguards must be in place in order to ensure the lawfulness of any storage, analysis, transfer and use of PNR data.

Amendment    21

Proposal for a directive

Recital 20

Text proposed by the Commission

Amendment

(20) Member States should share with other Member States the PNR data that they receive where such transfer is necessary for the prevention, detection, investigation or prosecution of terrorist offences or serious crime. The provisions of this Directive should be without prejudice to other Union instruments on the exchange of information between police and judicial authorities, including Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police Office (Europol)39 and Council Framework Decision 2006/960/JHA of 18 September 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union40. Such exchange of PNR data between law enforcement and judicial authorities should be governed by the rules on police and judicial cooperation.

(20) Member States should share with other Member States and at Union level, as through Europol, the PNR data that they receive where this is necessary for the prevention, detection, investigation or prosecution of terrorist offences or serious transnational crime or for the prevention of an immediate and serious threat to public security. Passenger Information Units should, in any case, without delay, transmit the result of the processing of PNR data to the Passenger Information Units of other Member States for further investigation. The provisions of this Directive should be without prejudice to other Union instruments on the exchange of information between police and judicial authorities, including Council Decision 2009/371/JHA39 and Council Framework Decision 2006/960/JHA40. Such exchange of PNR data between law enforcement and judicial authorities should be governed by the rules on police and judicial cooperation and should not undermine the high level of privacy and protection of personal data in accordance with the Charter, Convention No 108 and the ECHR.

__________________

__________________

39 OJ L 121, 15.5.2009, p. 37.

39 Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police Office (Europol) (OJ L 121, 15.5.2009, p. 37).

40 OJ L 386, 29.12.2006, p. 89.

40 Council Framework Decision 2006/960/JHA of 18 September 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union (OJ L 386, 29.12.2006, p. 89).

Amendment    22

Proposal for a directive

Recital 20 a (new)

Text proposed by the Commission

Amendment

 

(20a) The exchange of information through a secure Union system for the exchange of PNR data between Member States and between Member States and Europol should be guaranteed. The development and operational management of that system could be the responsibility of Europol. A one-stop shop could be created as part of that system to register and transmit the requests for information exchanges. The European Data Protection Supervisor should be responsible for monitoring the processing of the personal data performed through this Union system for exchange of PNR data with Europol.

Amendment    23

Proposal for a directive

Recital 21

Text proposed by the Commission

Amendment

(21) The period during which PNR data are to be retained should be proportionate to the purposes of the prevention, detection, investigation and prosecution of terrorist offences and serious crime. Because of the nature of the data and their uses, it is necessary that the PNR data are retained for a sufficiently long period for carrying out analysis and for use in investigations. In order to avoid disproportionate use, it is necessary that, after an initial period, the data are anonymised and only accessible under very strict and limited conditions.

(21) The period during which PNR data are to be retained should be necessary for, and proportionate to, the purposes of the prevention, detection, investigation and prosecution of terrorist offences and serious transnational crime. Because of the nature of the data and their uses, it is necessary that the PNR data are retained for a sufficiently long period for carrying out analysis and for use in investigations. In order to avoid disproportionate use, it is necessary that, after an initial period, the data are masked out and only accessible under very strict and limited conditions.

Amendment    24

Proposal for a directive

Recital 21 a (new)

Text proposed by the Commission

Amendment

 

(21a) PNR data should be processed to the greatest extent possible, subject to masking out, in order to ensure the highest level of data protection by making it impossible for those with access to that data to identify the data subject and to draw conclusions as to what persons are related to that data. Re-identifying masked out data should be possible only under conditions ensuring a high level of data protection.

Amendment    25

Proposal for a directive

Recital 23

Text proposed by the Commission

Amendment

(23) The processing of PNR data domestically in each Member State by the Passenger Information Unit and by competent authorities should be subject to a standard of protection of personal data under their national law which is in line with Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters41 (‘Framework Decision 2008/977/JHA’).

(23) The processing of PNR data domestically in each Member State by the Passenger Information Unit and by competent authorities should be subject to a standard of protection of personal data under their national law which is in line with Council Framework Decision 2008/977/JHA41, and Union data protection law, including the specific data protection requirements laid down in this Directive.

__________________

__________________

41 OJ L 350, 30.12.2008.

41 Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (OJ L 350, 30.12.2008).

Amendment    26

Proposal for a directive

Recital 24

Text proposed by the Commission

Amendment

(24) Taking into consideration the right to the protection of personal data, the rights of the data subjects to processing of their PNR data, such as the right of access, the right of rectification, erasure and blocking, as well as the rights to compensation and judicial remedies, should be in line with Framework Decision 2008/977/JHA.

(24) Taking into consideration the right to the protection of personal data, the rights of the data subjects to processing of their PNR data, such as the right of access, the right of rectification, erasure and blocking, as well as the rights to compensation and judicial remedies, should be in accordance with Framework Decision 2008/977/JHA, Union data protection law, and the high level of protection provided by the Charter and the ECHR.

Amendment    27

Proposal for a directive

Recital 25

Text proposed by the Commission

Amendment

(25) Taking into account the right of passengers to be informed of the processing of their personal data, Member States should ensure they are provided with accurate information about the collection of PNR data and their transfer to the Passenger Information Unit.

(25) Taking into account the right of passengers to be informed of the processing of their personal data, Member States should ensure they are provided with accurate information that is easily accessible and easy to understand about the collection of PNR data and their transfer to the Passenger Information Unit, as well as their rights as data subjects.

Amendment    28

Proposal for a directive

Recital 26

Text proposed by the Commission

Amendment

(26) Transfers of PNR data by Member States to third countries should be permitted only on a case-by-case basis and in compliance with Framework Decision 2008/977/JHA. To ensure the protection of personal data, such transfers should be subject to additional requirements relating to the purpose of the transfer, the quality of the receiving authority and the safeguards applicable to the personal data transferred to the third country.

(26) Transfers of PNR data by Member States to third countries should be permitted pursuant to an international agreement or on a case-by-case basis and in full compliance with the provisions laid down by Member States pursuant to Framework Decision 2008/977/JHA. To ensure the protection of personal data, such transfers should be subject to additional requirements relating to the purpose of the transfer, the quality of the receiving authority and the safeguards applicable to the personal data transferred to the third country, as well as to the principles of necessity and proportionality relating to the transfers, and to the high level of protection provided by the Charter, Convention No 108, and the ECHR. If the national supervisory authority finds the transfer of PNR data to a third country to be in breach of any of the principles referred to in this Directive, it should have the right to suspend the data flow to that third country.

Amendment    29

Proposal for a directive

Recital 28

Text proposed by the Commission

Amendment

(28) This Directive does not affect the possibility for Member States to provide, under their domestic law, for a system of collection and handling of PNR data for purposes other than those specified in this Directive, or from transportation providers other than those specified in the Directive, regarding internal flights subject to compliance with relevant data protection provisions, provided that such domestic law respects the Union acquis. The issue of the collection of PNR data on internal flights should be the subject of specific reflection at a future date.

deleted

Amendment    30

Proposal for a directive

Recital 29

Text proposed by the Commission

Amendment

(29) As a result of the legal and technical differences between national provisions concerning the processing of personal data, including PNR, air carriers are and will be faced with different requirements regarding the types of information to be transmitted, as well as the conditions under which this information needs to be provided to competent national authorities. These differences may be prejudicial to effective cooperation between the competent national authorities for the purposes of preventing, detecting, investigating and prosecuting terrorist offences or serious crime.

(29) As a result of the legal and technical differences between national provisions concerning the processing of personal data, including PNR, air carriers and non-carrier economic operators are and will be faced with different requirements regarding the types of information to be transmitted, as well as the conditions under which this information needs to be provided to competent national authorities. These differences may be prejudicial to effective cooperation between the competent national authorities for the purposes of preventing, detecting, investigating and prosecuting terrorist offences or serious transnational crime.

Amendment    31

Proposal for a directive

Recital 32

Text proposed by the Commission

Amendment

(32) In particular, the scope of the Directive is as limited as possible, it allows retention of PNR data for period of time not exceeding 5 years, after which the data must be deleted, the data must be anonymised after a very short period, the collection and use of sensitive data is prohibited. In order to ensure efficiency and a high level of data protection, Member States are required to ensure that an independent national supervisory authority is responsible for advising and monitoring how PNR data are processed. All processing of PNR data must be logged or documented for the purpose of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of the data processing. Member States must also ensure that passengers are clearly and precisely informed about the collection of PNR data and their rights.

(32) In particular, the scope of this Directive is as limited as possible, and allows retention of PNR data for a period of time not exceeding five years, after which the data should be deleted, the data should be masked out after 30 days, the collection and use of sensitive data should be prohibited. In order to ensure efficiency and a high level of data protection, it should be ensured that an independent national supervisory authority and, in particular, its data protection officer is responsible for advising and monitoring how PNR data are processed. All processing of PNR data should be logged or documented for the purpose of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of the data processing. Member States should also ensure that passengers are clearly and precisely informed about the collection of PNR data and their rights.

Amendment    32

Proposal for a directive

Article 1

Text proposed by the Commission

Amendment

CHAPTER I

CHAPTER I

GENERAL PROVISIONS

GENERAL PROVISIONS

Article 1

Article 1

Subject matter and scope

Subject matter and scope

1. This Directive provides for the transfer by air carriers of Passenger Name Record data of passengers of international flights to and from the Member States, as well as the processing of that data, including its collection, use and retention by the Member States and its exchange between them.

1. This Directive provides for the transfer by air carriers and non-carrier economic operators of Passenger Name Record data of passengers of international flights to and from the Member States, as well as the processing of that data, including its collection, use and retention by the Member States and its exchange between the Member States and between the Member States and Europol.

2. The PNR data collected in accordance with this Directive may be processed only for the following purposes:

2. The PNR data collected in accordance with this Directive may be processed only for the purposes of the prevention, detection, investigation and prosecution of terrorist offences and of certain types of serious transnational crime in accordance with Article 4(2) or the prevention of an immediate and serious threat to public security.

(a) The prevention, detection, investigation and prosecution of terrorist offences and serious crime according to Article 4(2)(b) and (c); and

 

(b) The prevention, detection, investigation and prosecution of terrorist offences and serious transnational crime according to Article 4(2)(a) and (d).

 

Amendment    33

Proposal for a directive

Article 2

Text proposed by the Commission

Amendment

Article 2

Article 2

Definitions

Definitions

For the purposes of this Directive the following definitions shall apply:

For the purposes of this Directive the following definitions apply:

(a) ‘air carrier’ means an air transport undertaking with a valid operating licence or equivalent permitting it to carry out carriage by air of passengers;

(a) ‘air carrier’ means an air transport undertaking with a valid operating licence or equivalent permitting it to carry out carriage by air of passengers;

 

(aa) 'non-carrier economic operator' means an economic operator, such as travel agencies and tour operators, which provides travel-related services, including the booking of flights for which they collect and process PNR data of passengers;

(b) ‘international flight’ means any scheduled or non-scheduled flight by an air carrier planned to land on the territory of a Member State originating in a third country or to depart from the territory of a Member State with a final destination in a third country, including in both cases any transfer or transit flights;

(b) ‘international flight’ means any scheduled or non-scheduled flight by an air carrier planned to land on the territory of a Member State originating in a third country or to depart from the territory of a Member State with a final destination in a third country, including in both cases any transfer or transit flights;

(c) ‘Passenger Name Record’ or 'PNR data' means a record of each passenger’s travel requirements which contains information necessary to enable reservations to be processed and controlled by the booking and participating air carriers for each journey booked by or on behalf of any person, whether it is contained in reservation systems, Departure Control Systems (DCS) or equivalent systems providing the same functionalities;

(c) ‘Passenger Name Record’ or 'PNR data' means a record of each passenger’s travel requirements which contains information necessary to enable reservations to be processed and controlled by the booking and participating air carriers for each journey booked by or on behalf of any person, whether it is contained in reservation systems, Departure Control Systems (DCS) or equivalent systems providing the same functionalities;

(d) ‘passenger’ means any person, except members of the crew, carried or to be carried in an aircraft with the consent of the carrier;

(d) ‘passenger’ means any person, except members of the crew, carried or to be carried in an aircraft with the consent of the carrier;

(e) ‘reservation systems’ means the air carrier’s internal inventory system, in which PNR data are collected for the handling of reservations;

(e) ‘reservation systems’ means the air carrier’s or non-carrier economic operator’s internal inventory system, in which PNR data are collected for the handling of reservations;

(f) ‘push method’ means the method whereby air carriers transfer the required PNR data into the database of the authority requesting them;

(f) ‘push method’ means the method whereby air carriers or non-carrier economic operators transfer the required PNR data listed in the Annex into the database of the authority requesting them;

(g) ‘terrorist offences’ means the offences under national law referred to in Articles 1 to 4 of Council Framework Decision 2002/475/JHA;

(g) ‘terrorist offences’ means the offences under national law referred to in Articles 1 to 4 of Framework Decision 2002/475/JHA;

(h) ‘serious crime’ means the offences under national law referred to in Article 2(2) of Council Framework Decision 2002/584/JHA if they are punishable by a custodial sentence or a detention order for a maximum period of at least three years under the national law of a Member State, however, Member States may exclude those minor offences for which, taking into account their respective criminal justice system, the processing of PNR data pursuant to this directive would not be in line with the principle of proportionality;

 

(i) ‘serious transnational crime’ means the offences under national law referred to in Article 2(2) of Council Framework Decision 2002/584/JHA if they are punishable by a custodial sentence or a detention order for a maximum period of at least three years under the national law of a Member State, and if :

(i) 'serious transnational crime' means the following offences, where they are punishable by a custodial sentence or a detention order for a maximum period of at least three years under the national law of a Member State, as referred to in Article 2(2) of Council Framework Decision 2002/584/JHA;

(i) They are committed in more than one state;

 

(ii) They are committed in one state but a substantial part of their preparation, planning, direction or control takes place in another state;

 

(iii) They are committed in one state but involve an organised criminal group that engages in criminal activities in more than one state; or

 

(iv) They are committed in one state but have substantial effects in another state.

 

 

- participation in a criminal organisation,

 

- trafficking in human beings, facilitation of unauthorised entry and residence, illicit trade in human organs and tissue,

 

- sexual exploitation of children and child pornography, rape, female genital mutilation,

 

- illicit trafficking in narcotic drugs and psychotropic substances,

 

- illicit trafficking in weapons, munitions and explosives,

 

- serious fraud, fraud against the financial interests of the EU, laundering of the proceeds of crime, money laundering and counterfeiting currency,

 

- murder, grievous bodily injured, kidnapping, illegal restraint and hostage-taking, armed robbery,

 

- serious computer-related crime and cybercrime,

 

- environmental crime, including illicit trafficking in endangered animal species and in endangered plant species and varieties,

 

- forgery of administrative documents and trafficking therein, illicit trafficking in cultural goods, including antiques and works of art, counterfeiting and piracy of products,

 

- unlawful seizure of aircraft/ships,

 

- espionage and treason,

 

- illicit trade and trafficking in nuclear or radioactive materials and their precursor and in this regard non-proliferation related crimes,

 

- crimes within the jurisdiction of the International Criminal Court.

Amendment    34

Proposal for a directive

Article 3

Text proposed by the Commission

Amendment

1. Each Member State shall set up or designate an authority competent for the prevention, detection, investigation or prosecution of terrorist offences and serious crime or a branch of such an authority to act as its ‘Passenger Information Unit’ responsible for collecting PNR data from the air carriers, storing them, analysing them and transmitting the result of the analysis to the competent authorities referred to in Article 5. Its staff members may be seconded from competent public authorities.

1. Each Member State shall set up or designate an authority competent for the prevention, detection, investigation or prosecution of terrorist offences and of serious transnational crime and for the prevention of immediate and serious threats to public security, or a branch of such an authority, to act as its ‘Passenger Information Unit’. The Passenger Information Unit shall be responsible for collecting PNR data from air carriers and non-carrier economic operators, storing, processing and analysing those data and transmitting the result of the analysis to the competent authorities referred to in Article 5. The Passenger Information Unit shall also responsible for the exchange of PNR data and of the result of the processing thereof with the Passenger Information Units of other Member States and with Europol in accordance with Articles 7 and 7a, and for conducting the assessments referred to in Article 4. Its staff members may be seconded from competent public authorities. Member States shall provide the Passenger Information Unit with adequate resources in order to fulfil its tasks.

2. Two or more Member States may establish or designate a single authority to serve as their Passenger Information Unit. Such Passenger Information Unit shall be established in one of the participating Member States and shall be considered the national Passenger Information Unit of all such participating Member States. The participating Member States shall agree on the detailed rules for the operation of the Passenger Information Unit and shall respect the requirements laid down in this Directive.

2. Two or more Member States may establish or designate a single authority to serve as their Passenger Information Unit. Such Passenger Information Unit shall be established in one of the participating Member States and shall be considered the national Passenger Information Unit of all such participating Member States. The participating Member States shall agree jointly on the detailed rules for the operation of the Passenger Information Unit and shall respect the requirements laid down in this Directive.

3. Each Member State shall notify the Commission thereof within one month of the establishment of the Passenger Information Unit and may at any time update its declaration. The Commission shall publish this information, including any updates, in the Official Journal of the European Union.

3. Each Member State shall notify the Commission thereof within one month of the establishment of the Passenger Information Unit and shall at any time update its declaration. The Commission shall publish this information, including any updates, in the Official Journal of the European Union.

Amendment    35

Proposal for a directive

Article 3 a (new)

Text proposed by the Commission

Amendment

 

Article 3a

 

Data protection officer in the Passenger Information Unit

 

1. All staff members of the Passenger Information Unit who have access to PNR data shall receive specifically tailored training on processing of PNR data in full compliance with data protection principles and fundamental rights.

 

2. The Passenger Information Unit shall appoint a data protection officer responsible for monitoring the processing of PNR data and implementing the related safeguards.

 

3. Member States shall ensure that the data protection officer is designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and ability to fulfil the tasks referred to in this Directive. Member States shall provide that any other professional duties of the data protection officer are compatible with that person's tasks and duties as data protection officer and do not result in a conflict of interest. The data protection officer shall:

 

(a) raise awareness and advise staff members of the Passenger Information Unit regarding their obligations concerning the protection of personal data, including the training of staff members and the assignment of responsibilities;

 

(b) monitor the implementation and application of data protection requirements laid down in this Directive, in particular through conducting random sampling of data processing operations;

 

(c) ensure that all documentation is maintained and records kept in accordance with this Directive, and monitor documentation, notification and communication of personal data breaches and report wrongful conduct as regards the data protection requirements laid down in this Directive to the appropriate authorities;

 

(d) monitor responses to requests from the national supervisory authority and cooperate with the national supervisory authority, especially on matters relating to data transfers to other Member States or to third countries, and act as contact point for the national supervisory authority on issues related to the processing of PNR data, where appropriate, contacting the national supervisory authority on his or her own initiative.

 

Member States shall provide data protection officers with the means to perform their duties and tasks in accordance with this Article effectively and independently.

 

4. Member States shall ensure that the data subject has the right to contact the data protection officer, as a single point of contact, on all issues relating to the processing of the data subject’s PNR data. Member States shall ensure that the name and contact details of the data protection officer are communicated to the national supervisory authority and to the public.

Amendment    36

Proposal for a directive

Article 4

Text proposed by the Commission

Amendment

Article 4

Article 4

Processing of PNR data

Processing of PNR data

1. The PNR data transferred by the air carriers, pursuant to Article 6, in relation to international flights which land on or depart from the territory of each Member State shall be collected by the Passenger Information Unit of the relevant Member State. Should the PNR data transferred by air carriers include data beyond those listed in the Annex, the Passenger Information Unit shall delete such data immediately upon receipt.

1. The PNR data transferred by the air carriers and the non-carrier economic operators, pursuant to Article 6, in relation to international flights which land on or depart from the territory of a Member State shall be collected by the Passenger Information Unit of that Member State. Should the PNR data transferred by air carriers and non-carrier economic operators include data beyond those listed in the Annex, the Passenger Information Unit shall delete such data immediately and permanently upon receipt.

2. The Passenger Information Unit shall process PNR data only for the following purposes:

2. The Passenger Information Unit shall process PNR data only for the following purposes:

(a) carrying out an assessment of the passengers prior to their scheduled arrival or departure from the Member State in order to identify any persons who may be involved in a terrorist offence or serious transnational crime and who require further examination by the competent authorities referred to in Article 5. In carrying out such an assessment, the Passenger Information Unit may process PNR data against pre-determined criteria. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated means in order to verify whether the competent authority referred to in Article 5 needs to take action;

(a) carrying out an assessment of the passengers prior to their scheduled arrival to, or departure from, the Member State in order to identify any persons who may be involved in a terrorist offence or serious transnational crime and who require further examination by the competent authorities referred to in Article 5 and, where relevant, by Europol, in accordance with Article 7a. In carrying out such an assessment, the Passenger Information Unit may process PNR data against pre-determined criteria in accordance with this Directive, and may compare PNR data against relevant databases, including international or national databases or national mirrors of Union databases, where they are established in compliance with Union law, on persons or objects sought or under alert, in accordance with Union, international and national rules applicable to such files, in accordance with the requirements set out in paragraph 3. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated means in order to verify whether the competent authority referred to in Article 5 needs to take action;

(b) carrying out an assessment of the passengers prior to their scheduled arrival or departure from the Member State in order to identify any persons who may be involved in a terrorist offence or serious crime and who require further examination by the competent authorities referred to in Article 5. In carrying out such an assessment the Passenger Information Unit may compare PNR data against relevant databases, including international or national databases or national mirrors of Union databases, where they are established on the basis of Union law, on persons or objects sought or under alert, in accordance with Union, international and national rules applicable to such files. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated means in order to verify whether the competent authority referred to in Article 5 needs to take action;

(b) carrying out an assessment of the passengers prior to their scheduled arrival or departure from the Member State in order to identify any persons who may be involved in a terrorist offence or serious transnational crime and who require further examination by the competent authorities referred to in Article 5. In carrying out such an assessment the Passenger Information Unit may compare PNR data against relevant databases, including national databases or national mirrors of Union databases, on persons or objects sought or under alert, in accordance with Union and national rules applicable to such databases for the purpose of preventing, detecting, investigating and prosecuting terrorist offences and serious transnational crime. In carrying out such an assessment, the Passenger Information Unit may compare PNR data against the Schengen Information System and the Visa Information System. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated means in order to verify whether the competent authority referred to in Article 5 needs to take action;

(c) responding, on a case-by-case basis, to duly reasoned requests from competent authorities to provide PNR data and process PNR data in specific cases for the purpose of prevention, detection, investigation and prosecution of a terrorist offence or serious crime, and to provide the competent authorities with the results of such processing; and

(c) responding, on a case-by-case basis based on sufficient evidence, to duly reasoned requests from competent authorities to provide PNR data and process PNR data in specific cases for the purpose of prevention, detection, investigation and prosecution of a terrorist offence or of serious transnational crime listed in point (i) of Article 2 or for the prevention of an immediate and serious threat to public security, and to provide the competent authorities or, where appropriate, Europol with the results of such processing; and

(d) analysing PNR data for the purpose of updating or creating new criteria for carrying out assessments in order to identify any persons who may be involved in a terrorist offence or serious transnational crime pursuant to point (a).

(d) analysing PNR data for the purpose of updating or creating new criteria for carrying out assessments in order to identify any persons who may be involved in a terrorist offence or serious transnational crime pursuant to point (a).

3. The assessment of the passengers prior to their scheduled arrival or departure from the Member State referred to in point (a) of paragraph 2 shall be carried out in a non-discriminatory manner on the basis of assessment criteria established by its Passenger Information Unit. Member States shall ensure that the assessment criteria are set by the Passenger Information Units, in cooperation with the competent authorities referred to in Article 5. The assessment criteria shall in no circumstances be based on a person’s race or ethnic origin, religious or philosophical belief, political opinion, trade union membership, health or sexual life.

3. The assessment of the passengers prior to their scheduled arrival or departure from the Member State referred to in point (a) of paragraph 2 shall be carried out in a non-discriminatory manner on the basis of assessment criteria established by its Passenger Information Unit. This assessment criteria must be targeted, specific, justified, proportionate and fact-based. A regular review shall involve the data protection officer; Member States shall ensure that the assessment criteria are set by the Passenger Information Units, in cooperation with the competent authorities referred to in Article 5 and regularly reviewed. The assessment criteria shall in no circumstances be based on person’s race or ethnic origin, political opinions, religion or philosophical beliefs, sexual orientation or gender identity, trade-union membership or activities, and the processing of data concerning health or sexual life;

4. The Passenger Information Unit of a Member State shall transfer the PNR data or the results of the processing of PNR data of the persons identified in accordance with points (a) and (b) of paragraph 2 for further examination to the relevant competent authorities of the same Member State. Such transfers shall only be made on a case-by-case basis.

4. The Passenger Information Unit of a Member State shall transfer the PNR data or the results of the processing of PNR data of the persons identified in accordance with points (a) and (b) of paragraph 2 for further examination to the relevant competent authorities of the same Member State. Such transfers shall only be made on a case by-case basis by human action.

 

4a. Member States shall ensure that the data protection officer has access to all data transmitted to the Passenger Information Unit and from the Passenger Information Unit to a competent authority pursuant to Article 5. If the data protection officer considers that transmission of any data was not lawful, he or she shall refer the matter to the national supervisory authority, which shall have power to order the receiving competent authority to delete that data.

 

4b. The storage, processing and analysis of PNR data shall be carried out exclusively within a secure location within the territory of the Member States of the European Economic Area.

 

4c. Member States shall bear the costs of use, retention and exchange of PNR data.

Amendment    37

Proposal for a directive

Article 5

Text proposed by the Commission

Amendment

Article 5

Article 5

Competent authorities

Competent authorities

1. Each Member State shall adopt a list of the competent authorities entitled to request or receive PNR data or the result of the processing of PNR data from the Passenger Information Units in order to examine that information further or take appropriate action for the purpose of preventing, detecting, investigating and prosecuting terrorist offences and serious crime.

1. Each Member State shall adopt a list of the competent authorities entitled to request or receive masked out PNR data or the result of the systematic processing of PNR data from the Passenger Information Units in order to examine that information further or take appropriate action for the specific purpose of preventing, detecting, investigating and prosecuting terrorist offences and serious transnational crime, or the prevention of an immediate and serious threat to public security. Europol shall be entitled to receive PNR data or the result of the processing of PNR data from the Passenger Information Units of the Member States within the limits of its mandate and, where necessary, for the performance of its tasks.

2. Competent authorities shall consist of authorities competent for the prevention, detection, investigation or prosecution of terrorist offences and serious crime.

2. Competent authorities shall consist of authorities competent for the prevention, detection, investigation or prosecution of terrorist offences and serious transnational crime or the prevention of immediate and serious threats to public security.

3. Each Member State shall notify the list of its competent authorities to the Commission twelve months after entry into force of this Directive at the latest, and may at any time update its declaration. The Commission shall publish this information, as well as any updates, in the Official Journal of the European Union.

3. By …* [12 months after the date of entry into force of this Directive], each Member State shall notify the list of its competent authorities to the Commission and shall at any time update its declaration. The Commission shall publish this information, as well as any updates, in the Official Journal of the European Union.

4. The PNR data of passengers and the result of the processing of PNR data received by the Passenger Information Unit may be further processed by the competent authorities of the Member States only for the purpose of preventing, detecting, investigating or prosecuting terrorist offences or serious crime.

4. The PNR data of passengers and the result of the processing of PNR data received by the Passenger Information Unit may be further processed by the competent authorities of the Member States only for the specific purpose of prevention, detection, investigation or prosecution of terrorist offences and of serious transnational crime, upon request, in accordance with Article 4(2) or for the prevention of an immediate and serious threat to public security.

5. Paragraph 4 shall be without prejudice to national law enforcement or judicial powers where other offences, or indications thereof, are detected in the course of enforcement action further to such processing.

5. Paragraph 4 shall be without prejudice to national law enforcement or judicial powers where other offences, or indications thereof, are detected in the course of enforcement action further to processing for which it was originally intended.

6. The competent authorities shall not take any decision that produces an adverse legal effect on a person or significantly affects a person only by reason of the automated processing of PNR data. Such decisions shall not be taken on the basis of a person’s race or ethnic origin, religious or philosophical belief, political opinion, trade union membership, health or sexual life.

6. The competent authorities shall not take any decision that produces an adverse legal effect on a person or significantly affects a person only by reason of the automated processing of PNR data. Such decisions shall not be taken on the basis of data revealing a person’s race or ethnic origin, political opinions, religion or philosophical beliefs, sexual orientation or gender identity, trade-union membership or activities, and the processing of data concerning health or sexual life.

Amendment    38

Proposal for a directive

Article 6

Text proposed by the Commission

Amendment

Article 6

Article 6

Obligations on air carriers

Obligations on air carriers and non-carrier economic operators

1. Member States shall adopt the necessary measures to ensure that air carriers transfer ('push') the PNR data as defined in Article 2(c) and specified in the Annex, to the extent that such data are already collected by them, to the database of the national Passenger Information Unit of the Member State on the territory of which the international flight will land or from the territory of which the flight will depart. Where the flight is code-shared between one or more air carriers, the obligation to transfer the PNR data of all passengers on the flight shall be on the air carrier that operates the flight. Where the flight has one or more stop-overs at the airports of the Member States, air carriers shall transfer the PNR data to the Passenger Information Units of all the Member States concerned.

1. Member States shall adopt the necessary measures to ensure that air carriers and non-carrier economic operators transfer all pushed PNR data as defined in point (c) of Article 2 and specified in the Annex, to the extent that such data are already collected by them in the normal course of their business, to the database of the national Passenger Information Unit of the Member State on the territory of which the international flight will land or from the territory of which the flight will depart. Where the flight is code-shared between one or more air carriers the obligation to transfer the PNR data of all passengers on the flight shall be on the air carrier and the non-carrier economic operator that operates the flight. Where the flight has one or more stop-overs at the airports of the Member States, air carriers and non-carrier economic operators shall transfer the PNR data to the Passenger Information Units of all the Member States concerned.

2. Air carriers shall transfer PNR data by electronic means using the common protocols and supported data formats to be adopted in accordance with the procedure of Articles 13 and 14 or, in the event of technical failure, by any other appropriate means ensuring an appropriate level of data security:

2. Air carriers and non-carrier economic operators shall transfer PNR data by electronic means using the common protocols and supported data formats to be adopted in accordance with Articles 13 and 14 or, in the event of technical failure, by any other appropriate means ensuring an appropriate level of data security:

(a) 24 to 48 hours before the scheduled time for flight departure;

(a) once, 24 to 48 hours before the scheduled time for flight departure;

and

and

(b) immediately after flight closure, that is once the passengers have boarded the aircraft in preparation for departure and it is no longer possible for further passengers to board.

(b) once, immediately after flight closure, that is once the passengers have boarded the aircraft in preparation for departure and it is no longer possible for further passengers to board.

3. Member States may permit air carriers to limit the transfer referred to in point (b) of paragraph 2 to updates of the transfer referred to in point (a) of paragraph 2.

3. Member States shall permit air carriers and non-carrier economic operators to limit the transfer referred to in point (b) of paragraph 2 to updates of the transfer referred to in point (a) of that paragraph.

4. On a case-by-case basis, upon request from a Passenger Information Unit in accordance with national law, air carriers shall transfer PNR data where access earlier than that mentioned in point (a) of paragraph 2 is necessary to assist in responding to a specific and actual threat related to terrorist offences or serious crime.

4. On a case-by-case basis, upon request from a Passenger Information Unit in accordance with national law, air carriers and non-carrier economic operators shall transfer PNR data where access earlier than that mentioned in point (a) of paragraph 2 is necessary to assist in responding to a specific, imminent, and actual threat related to terrorist offences or serious transnational crime.

 

4a. Air carriers and non-carrier economic operators shall duly inform passengers of the type of personal data being collected for law enforcement purposes, their rights regarding their data as a passenger. Such information shall be provided to passengers proactively, in an easily understandable format.

Amendment    39

Proposal for a directive

Article 7

Text proposed by the Commission

Amendment

Article 7

Article 7

Exchange of information between Member States

Exchange of information between Member States

1. Member States shall ensure that, with regard to persons identified by a Passenger Information Unit in accordance with Article 4(2)(a) and (b), the result of the processing of PNR data is transmitted by that Passenger Information Unit to the Passenger Information Units of other Member States where the former Passenger Information Unit considers such transfer to be necessary for the prevention, detection, investigation or prosecution of terrorist offences or serious crime. The Passenger Information Units of the receiving Member States shall transmit such PNR data or the result of the processing of PNR data to their relevant competent authorities.

1. Passenger Information Units shall automatically exchange data on the results of the processing of PNR data. Member States shall ensure that the results of the processing of PNR data, either analytical information obtained from PNR data or the results with regard to persons identified by a Passenger Information Unit in accordance with Article 4(2), which is transmitted for further examination to their relevant competent authorities in accordance with Article 4(4), is proactively transmitted by a Passenger Information Unit to the Passenger Information Units of the other Member States without delay. The Passenger Information Unit of the receiving Member States shall transmit such results of the processing of PNR data to their relevant competent authorities, in accordance with Article 4(4). Where appropriate, an alert shall be entered in accordance with Article 36 of Council Decision 2007/533/JHA1a.

2. The Passenger Information Unit of a Member State shall have the right to request, if necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’s database in accordance with Article 9(1), and, if necessary, also the result of the processing of PNR data. The request for such data may be based on any one or a combination of data elements, as deemed necessary by the requesting Passenger Information Unit for a specific case of prevention, detection, investigation or prosecution of terrorist offences or serious crime. Passenger Information Units shall provide the requested data as soon as practicable and shall provide also the result of the processing of PNR data, if it has already been prepared pursuant to Article 4(2)(a) and (b).

2. Passenger Information Units shall have the right to request, if necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’s database in accordance with Article 9(1) and, if necessary, also the result of processing thereof, if it has already been prepared pursuant to points (a) and (b) of Article 4(2). The duly reasoned request for such data shall be strictly limited to the data necessary in the specific case and may be based on any one or a combination of data elements, as deemed necessary by the requesting Passenger Information Unit for a specific case of prevention, detection, investigation or prosecution of terrorist offences or serious transnational crime or for the prevention of an immediate and serious threat to public security. Passenger Information Units shall provide the requested data as soon as possible using the common protocols and supported data formats. Such a request shall be justified in writing.

3. The Passenger Information Unit of a Member State shall have the right to request, if necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’s database in accordance with Article 9(2), and, if necessary, also the result of the processing of PNR data. The Passenger Information Unit may request access to specific PNR data kept by the Passenger Information Unit of another Member State in their full form without the masking out only in exceptional circumstances in response to a specific threat or a specific investigation or prosecution related to terrorist offences or serious crime.

3. Passenger Information Units shall have the right to request, if necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that have been already masked out and that are kept in the latter’s database in accordance with Article 9(2), and, if necessary, also the result of the processing of PNR data. The Passenger Information Unit may request access to specific PNR data kept by the Passenger Information Unit of another Member State in their full form without the masking out only in the most exceptional circumstances in response to a specific real-time threat or with regard to a specific investigation or prosecution related to terrorist offences or serious transnational crime or to the prevention of an immediate and serious threat to public security. Such access to the full PNR data shall be permitted only with the approval of the Head of the requested Passenger Information Unit.

4. Only in those cases where it is necessary for the prevention of an immediate and serious threat to public security may the competent authorities of a Member State request directly the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’s database in accordance with Article 9(1) and (2). Such requests shall relate to a specific investigation or prosecution of terrorist offences or serious crime and shall be reasoned. Passenger Information Units shall respond to such requests as a matter of priority. In all other cases the competent authorities shall channel their requests through the Passenger Information Unit of their own Member State.

 

5. Exceptionally, where early access is necessary to respond to a specific and actual threat related to terrorist offences or serious crime, the Passenger Information Unit of a Member State shall have the right to request the Passenger Information Unit of another Member State to provide it with PNR data of flights landing in or departing from the latter’s territory at any time.

5. Exceptionally, where early access is strictly necessary to respond to a specific and actual threat related to terrorist offences or serious transnational crime or to prevent an immediate and serious threat to public security, the Passenger Information Unit of a Member State shall have the right to request the Passenger Information Unit of another Member State to provide it with PNR data of flights landing in or departing from the latter’s territory at any time, where such data has been retained. That procedure shall cover only requests for the PNR data already collected and retained by the Passenger Information Unit which is requested to provide the data.

6. Exchange of information under this Article may take place using any existing channels for international law enforcement cooperation. The language used for the request and the exchange of information shall be the one applicable to the channel used. Member States shall, when making their notifications in accordance with Article 3(3), also inform the Commission with details of the contacts to which requests may be sent in cases of urgency. The Commission shall communicate to the Member States the notifications received.

6. Exchange of information under this Article shall take place using existing channels for Union and international law enforcement cooperation, in particular Europol, its Secure Information Exchange Network Application (SIENA) and national units established in accordance with Article 8 of Decision 2009/371/JHA. The language used for the request and the exchange of information shall be the one applicable to the channel used. Member States shall, when making their notifications in accordance with Article 3(3), also inform the Commission with details of the contacts to which requests may be sent in cases of urgency. The Commission shall communicate to the Member States the notifications received.

 

6a. Where analytical information obtained from PNR is transferred pursuant to this Directive, the safeguards provided for in paragraph 1 shall be complied with.

 

__________________

 

1a Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System (SIS II) (OJ L 205, 7.8.2007, p. 63).

Amendment    40

Proposal for a directive

Article 7 a (new)

Text proposed by the Commission

Amendment

 

Article 7a

 

Conditions for access to PNR data by Europol

 

1. Europol may submit, on a case-by-case basis, an electronic and duly reasoned request to the Passenger Information Unit of any Member State for the transmission of specific PNR data or the results of the processing of specific PNR data, when this is strictly necessary to support and strengthen action by Member States to prevent, detect or investigate a specific terrorist offence or serious transnational crime in so far as such an offence or crime is within Europol's competence pursuant to Decision 2009/371/JHA. The reasoned request shall set out reasonable grounds on the basis of which Europol considers that the transmission of PNR data or the results of the processing of PNR data will substantially contribute to the prevention, detection, investigation or prosecution of the criminal offence concerned.

 

2. Upon receipt of a request by Europol, a court or an independent administrative body of the Member State shall verify, in a timely manner, whether all the conditions set out in paragraph 1 are met. The Passenger Information Unit shall provide the requested data to Europol as soon as practicable, provided that those conditions are met.

 

3. Europol shall inform the data protection officer appointed in accordance with Article 28 of Decision 2009/371/JHA of each exchange of information under this Article.

 

4. Exchange of information under this Article shall take place by way of SIENA and in accordance with Decision 2009/371/JHA. The language used for the request and the exchange of information shall be that applicable to SIENA.

Amendment    41

Proposal for a directive

Article 8

Text proposed by the Commission

Amendment

Article 8

Article 8

Transfer of data to third countries

Transfer of data to third countries

A Member State may transfer PNR data and the results of the processing of PNR data to a third country, only on a case-by-case basis and if:

1. A Member State may transfer PNR data and the results of the processing of PNR data to a third country, only on a case-by-case basis, subject to a duly reasoned request based on sufficient evidence, where the transfer is necessary for the prevention, investigation, detection or prosecution of criminal offences, the prevention of an immediate and serious threat to public security or the execution of criminal penalties and the receiving competent authority in the third country is responsible for the prevention, investigation, detection or prosecution of criminal offences, the prevention of an immediate and serious threat to public security or the execution of criminal penalties, provided that:

(a) the conditions laid down in Article 13 of Council Framework Decision 2008/977/JHA are fulfilled,

(a) the third country concerned ensures an adequate level of protection as referred to in Directive 95/46/EC of the European Parliament and of the Council1a for the intended data processing, subject to meeting all the other conditions laid down in this Directive;

(b) the transfer is necessary for the purposes of this Directive specified in Article 1(2), and

(b) the Member State from which the data were obtained has given its consent to the transfer in compliance with national law.

(c) the third country agrees to transfer the data to another third country only where it is necessary for the purposes of this Directive specified in Article 1(2) and only with the express authorisation of the Member State.

In exceptional circumstances, transfers of PNR data without prior consent in accordance with paragraph 1 shall be permitted only if such transfers are essential for the prevention of an immediate and serious threat to public security of a Member State or a third country or to protect the essential interests of a Member State and prior consent cannot be obtained in good time. The authority responsible for giving consent shall be informed without delay and the transfer shall be duly recorded and subject to an ex-post verification.

 

By way of derogation from the first subparagraph, transfers of data shall be permitted on a systematic basis following the conclusion of an international agreement between a third country and the Union.

 

2. Member States shall transfer PNR data to competent authorities of third countries only under terms consistent with this Directive and only upon ascertaining that the use that the recipients intend to make of the PNR is consistent with those terms and safeguards;

 

3. Onward transfers to other third countries shall be prohibited.

 

4. Where PNR data relating to a citizen or a resident of another Member State are transferred to a third country, the competent authorities of that Member State shall be informed of the matter at the earliest appropriate opportunity.

 

5. The data protection officer shall be informed each time a Member State transfers PNR data pursuant to this Article. The data protection officer shall inform the national supervisory authority of the transmission of data pursuant to this Article on a regular basis.

 

__________________

 

1a Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ L 281, 23.11.1995, p. 31).

Amendment    42

Proposal for a directive

Article 9

Text proposed by the Commission

Amendment

Article 9

Article 9

Period of data retention

Period of data retention

1. Member States shall ensure that the PNR data provided by the air carriers to the Passenger Information Unit are retained in a database at the Passenger Information Unit for a period of 30 days after their transfer to the Passenger Information Unit of the first Member State on whose territory the international flight is landing or departing.

1. Member States shall ensure that the PNR data provided by the air carriers and non-carrier economic operators to the Passenger Information Unit pursuant to Article 4(2) are retained in a database at the Passenger Information Unit for a period of 30 days after their transfer to the Passenger Information Unit of the first Member State on whose territory the international flight is landing or departing.

2. Upon expiry of the period of 30 days after the transfer of the PNR data to the Passenger Information Unit referred to in paragraph 1, the data shall be retained at the Passenger Information Unit for a further period of five years. During this period, all data elements which could serve to identify the passenger to whom PNR data relate shall be masked out. Such anonymised PNR data shall be accessible only to a limited number of personnel of the Passenger Information Unit specifically authorised to carry out analysis of PNR data and develop assessment criteria according to Article 4(2)(d). Access to the full PNR data shall be permitted only by the Head of the Passenger Information Unit for the purposes of Article 4(2)(c) and where it could be reasonably believed that it is necessary to carry out an investigation and in response to a specific and actual threat or risk or a specific investigation or prosecution.

2. Upon expiry of the period of 30 days after the transfer of the PNR data to the Passenger Information Unit referred to in paragraph 1, the data shall be retained at the Passenger Information Unit for a further period of five years. During this period, all data elements which could serve to identify the passenger to whom PNR data relate shall be masked out. Such masked out PNR data shall be accessible only to a limited number of personnel of the Passenger Information Unit specifically authorised to carry out analysis of PNR data and develop assessment criteria according to point (d) of Article 4(2).

 

2a. After consulting the data protection officer for the purposes of point (b) of Article 4(2), the national supervisory authority shall authorise re-identification of masked out PNR data and access to the full PNR data where it reasonably believes that such re-identification is necessary to carry out an investigation in response to a specific and actual threat or risk relating to terrorist offences, to carry out a specific investigation or prosecution relating to a serious transnational crime, or to prevent an immediate and serious threat to public security. Such access to the full data shall be allowed for a period of four years after the data has been masked out in cases concerning serious transnational crime and for the entire five-year period referred to in paragraph 2 in cases concerning terrorist offences.

For the purposes of this Directive, the data elements which could serve to identify the passenger to whom PNR data relate and which should be filtered and masked out are:

For the purposes of this Directive, the data elements which could serve to identify the passenger to whom PNR data relate and which should be filtered and masked out are:

– Name (s), including the names of other passengers on PNR and number of travellers on PNR travelling together;

– Name(s), including the names of other passengers on PNR and number of travellers on PNR travelling together;

– Address and contact information;

– Address and contact information;

– General remarks to the extent that it contains any information which could serve to identify the passenger to whom PNR relate; and

– General remarks to the extent that it contains any information which could serve to identify the passenger to whom PNR relate; and

– Any collected Advance Passenger Information.

– Any collected Advance Passenger Information.

3. Member States shall ensure that the PNR data are deleted upon expiry of the period specified in paragraph 2. This obligation shall be without prejudice to cases where specific PNR data have been transferred to a competent authority and are used in the context of specific criminal investigations or prosecutions, in which case the retention of such data by the competent authority shall be regulated by the national law of the Member State.

3. Member States shall ensure that the PNR data are deleted permanently upon expiry of the period specified in paragraph 2. This obligation shall be without prejudice to cases where specific PNR data have been transferred to a competent authority and are used in the context of specific criminal investigations or prosecutions, in which case the retention of such data by the competent authority shall be regulated by the national law of the Member State.

4. The result of matching referred to in Article 4(2)(a) and (b) shall be kept by the Passenger Information Unit only as long as necessary to inform the competent authorities of a positive match. Where the result of an automated matching operation has, further to individual review by non-automated means, proven to be negative, it shall, however, be stored so as to avoid future ‘false’ positive matches for a maximum period of three years unless the underlying data have not yet been deleted in accordance with paragraph 3 at the expiry of the five years, in which case the log shall be kept until the underlying data are deleted.

4. The result of matching referred to in points (a) and (b) of Article 4(2) shall be kept by the Passenger Information Unit only as long as necessary to inform the competent authorities of a positive match. Where the result of an automated matching operation has, subject to human intervention by a member of the Passenger Information Unit, proven to be negative, it shall, however, be stored so as to avoid future ‘false’ positive matches for a maximum period of three years unless the underlying data have not yet been deleted in accordance with paragraph 3 at the expiry of the five years, in which case the log shall be kept until the underlying data are deleted.

Amendment    43

Proposal for a directive

Article 10

Text proposed by the Commission

Amendment

Article 10

Article 10

Penalties against air carriers

Penalties against air carriers and non-carrier economic operators

Member States shall ensure, in conformity with their national law, that dissuasive, effective and proportionate penalties, including financial penalties, are provided for against air carriers which, do not transmit the data required under this Directive, to the extent that they are already collected by the them, or do not do so in the required format or otherwise infringe the national provisions adopted pursuant to this Directive.

1. Member States shall ensure, in conformity with their national law, that dissuasive, effective and proportionate penalties, including financial penalties, are provided for against air carriers and non-carrier economic operators which do not transmit the data required under this Directive, to the extent that they are already collected by them, do not do so in the required format, do not process the data in accordance with the data protection rules laid down in this Directive, or otherwise infringe the national provisions adopted pursuant to this Directive.

 

1a. All data held by air carriers and non-carrier economic operators shall be held in a secure database on a security accredited computer system, that either meets or exceeds international industrial standards.

Amendment    44

Proposal for a directive

Article 11

Text proposed by the Commission

Amendment

Article 11

Article 11

Protection of personal data

Protection of personal data

1. Each Member State shall provide that, in respect of all processing of personal data pursuant to this Directive, every passenger shall have the same right to access, the right to rectification, erasure and blocking, the right to compensation and the right to judicial redress as those adopted under national law in implementation of Articles 17, 18, 19 and 20 of the Council Framework Decision 2008/977/JHA. The provisions of Articles 17, 18, 19 and 20 of the Council Framework Decision 2008/977/JHA shall therefore be applicable.

1. Each Member State shall provide that, in respect of all processing of personal data pursuant to this Directive, every passenger shall have the same right to protection of their personal data, right to access, the right to rectification, erasure and blocking, the right to compensation and the right to judicial redress as laid out in national and Union law, and in the implementation of Articles 17, 18, 19 and 20 of the Framework Decision 2008/977/JHA. Those Articles shall therefore be applicable.

2. Each Member State shall provide that the provisions adopted under national law in implementation of Articles 21 and 22 of the Council Framework Decision 2008/977/JHA regarding confidentiality of processing and data security shall also apply to all processing of personal data pursuant to this Directive

2. Each Member State shall provide that the provisions adopted under national law in implementation of Articles 21 and 22 of the Framework Decision 2008/977/JHA regarding confidentiality of processing and data security shall also apply to all processing of personal data pursuant to this Directive.

 

2a. Where provisions adopted under national law in implementation of Directive 95/46/EC provide the passenger with greater rights related to the processing of their data than with this Directive, those provisions shall apply.

3. Any processing of PNR data revealing a person’s race or ethnic origin, religious or philosophical belief, political opinion, trade union membership, health or sexual life shall be prohibited. In the event that PNR data revealing such information are received by the Passenger Information Unit they shall be deleted immediately.

3. Member States shall prohibit the processing of PNR data from revealing a person’s race or ethnic origin, political opinions, religion or philosophical beliefs, sexual orientation or gender identity, trade-union membership or activities, and the processing of data concerning health or sexual life. In the event that PNR data revealing such information are received by the Passenger Information Unit they shall be deleted immediately.

 

3a. Member States shall ensure that the Passenger Information Unit maintains documentation of all processing systems and procedures under their responsibility. That documentation shall contain at least:

 

(a) the name and contact details of the organisation and personnel in the Passenger Information Unit entrusted with the processing of the PNR data, the different levels of access authorisation and the personnel concerned;

 

(b) the requests by competent authorities and Passenger Information Units of other Member States and the recipients of the processed PNR data;

 

(c) all requests and transfers of data to a third country, the identification of that third country and the legal grounds on which the data are transferred;

 

(d) the time limits for retention and erasure of different categories of data.

 

The Passenger Information Unit shall make all documentation available, on request, to the national supervisory authority.

 

3b. Member States shall ensure that the Passenger Information Unit keeps records of at least the following processing operations: collection, alteration, consultation, disclosure, combination or erasure. The records of consultation and disclosure shall show, in particular, the purpose, date and time of such operations and, as far as possible, the identification of the person who consulted or disclosed the PNR data, and the identity and recipients of that data. The records shall be used solely for the purposes of verification, self-monitoring and for ensuring data integrity and data security or for purposes of auditing. The Passenger Information Unit shall make the records available, on request, to the national supervisory authority.

 

The persons who operate security controls, access and analyse the PNR data, and operate the data logs, shall be security cleared and security trained. They shall have a profile which establishes and limits the records which they are authorised to access in accordance with the nature of their work, role, and legal entitlement.

 

The records shall be kept for a period of four years. However, where in accordance with Article 9(3), the underlying data have not been deleted at the end of that four-year period, the records shall be kept until the underlying data are deleted.

 

3c. Member States shall ensure that their Passenger Information Unit implements appropriate technical and organisational measures and procedures to ensure a high level of security appropriate to the risks represented by the processing and the nature of the PNR data to be protected.

 

3d. Member States shall ensure that where a personal data breach is likely to affect the protection of the personal data or the privacy of the data subject adversely, the Passenger Information Unit shall communicate that breach to the data subject and to the national data protection supervisor without undue delay.

4. All processing of PNR data by air carriers, all transfers of PNR data by Passenger Information Units and all requests by competent authorities or Passenger Information Units of other Member States and third countries, even if refused, shall be logged or documented by the Passenger Information Unit and the competent authorities for the purposes of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of data processing, in particular by the national data protection supervisory authorities. These logs shall be kept for a period of five years unless the underlying data have not yet been deleted in accordance with Article 9(3) at the expiry of those five years, in which case the logs shall be kept until the underlying data are deleted.

 

5. Member States shall ensure that air carriers, their agents or other ticket sellers for the carriage of passengers on air service inform passengers of international flights at the time of booking a flight and at the time of purchase of a ticket in a clear and precise manner about the provision of PNR data to the Passenger Information Unit, the purposes of their processing, the period of data retention, their possible use to prevent, detect, investigate or prosecute terrorist offences and serious crime, the possibility of exchanging and sharing such data and their data protection rights, in particular the right to complain to a national data protection supervisory authority of their choice. The same information shall be made available by the Member States to the public.

5. Member States shall ensure that air carriers and non-carrier economic operators inform passengers of international flights at the time of booking a flight and at the time of purchase of a ticket in a clear and precise manner about the provision of PNR data to the Passenger Information Unit, the purposes of their processing, the period of data retention, their possible use to prevent, detect, investigate or prosecute terrorist offences and serious transnational crime, the possibility of exchanging and sharing such data and their data protection rights, such as the right to access, correction, erasure and blocking of data, and in particular the right to lodge a complaint to a national supervisory authority of their choice.

 

5a. Member States shall also ensure that their Passenger Information Unit provides the data subject with the information with regard to the rights referred to in paragraph 5 and how to exercise those rights.

6. Any transfer of PNR data by Passenger Information Units and competent authorities to private parties in Member States or in third countries shall be prohibited

 

7. Without prejudice to Article 10, Member States shall adopt suitable measures to ensure the full implementation of the provisions of this Directive and shall in particular lay down effective, proportionate and dissuasive penalties to be imposed in case of infringements of the provisions adopted pursuant to this Directive.

7. Without prejudice to Article 10, Member States shall adopt suitable measures to ensure the full implementation of all the provisions of this Directive and shall in particular lay down effective, proportionate and dissuasive penalties to be imposed in case of infringements of the provisions adopted pursuant to this Directive. National supervisory authorities shall take disciplinary action against persons responsible for any intentional breach of privacy, as appropriate, to include denial of system access, formal reprimands, suspension, demotion, or removal from duty.

 

7a. Any transfer of PNR data by competent authorities or Passenger Information Units to private parties in Member States or in third countries shall be prohibited. Any wrongful conduct shall be penalised.

Amendment    45

Proposal for a directive

Article 12

Text proposed by the Commission

Amendment

Article 12

Article 12

National supervisory authority

National supervisory authority

Each Member State shall provide that the national supervisory authority established in implementation of Article 25 of Framework Decision 2008/977/JHA shall also be responsible for advising on and monitoring the application within its territory of the provisions adopted by the Member States pursuant to the present Directive. The further provisions of Article 25 Framework Decision 2008/977/JHA shall be applicable

Each Member State shall provide that the national supervisory authority established in implementation of Article 25 of Framework Decision 2008/977/JHA is responsible for advising on and monitoring the application within its territory of the provisions adopted by the Member States pursuant to this Directive. The further provisions of Article 25 Framework Decision 2008/977/JHA shall be applicable.

Amendment    46

Proposal for a directive

Article 12 a (new)

Text proposed by the Commission

Amendment

 

Article 12a

 

Duties and powers of the national supervisory authority

 

1. The national supervisory authority of each Member State shall be responsible for monitoring the application of the provisions adopted pursuant to this Directive and for contributing to its consistent application throughout the Union, in order to protect fundamental rights in relation to the processing of personal data. Each national supervisory authority shall:

 

(a) hear complaints lodged by any data subject, investigate the matter and inform the data subjects of the progress and the outcome of their complaints within a reasonable time period, in particular where further investigation or coordination with another national supervisory authority is necessary, such complaints having been brought by any individual, regardless of nationality, country of origin, or place of residence;

 

(b) exercise effective powers of oversight, investigation, intervention and review, and have the power to refer infringements of law related to this Directive for prosecution or disciplinary action, where appropriate;

 

(c) check the lawfulness of the data processing, conduct investigations, inspection and audits in accordance with national law, either on its own initiative or on the basis of a complaint, and inform the data subject concerned, if the data subject has addressed a complaint, of the outcome of the investigations within a reasonable time period;

 

(d) monitor relevant developments, insofar as they have an impact on the protection of person data, in particular the development of information and communication technologies.

 

Member States shall provide a redress process for individuals who believe they have been delayed or prohibited from boarding a commercial aircraft because they were wrongly identified as a threat.

 

2. Each national supervisory authority shall, upon request, advise any data subject in exercising the rights laid down in provisions adopted pursuant to this Directive and, where appropriate, cooperate with national supervisory authorities of other Member States to that end.

 

3. For complaints referred to in point (a) of paragraph 1 the national supervisory authority shall provide a complaint submission form, which can be completed electronically, without excluding other means of communication.

 

4. Member States shall ensure that the performance of the duties of their national supervisory authority is free of charge for the data subject. However, where requests are manifestly excessive, in particular due to their repetitive character, the national supervisory authority may charge a reasonable fee.

 

5. Each Member State shall ensure that their national supervisory authority is provided with the adequate human, technical and financial resources, premises and infrastructure necessary for the effective performance of its duties and powers.

 

6. Each Member States shall ensure that their national supervisory authority has its own staff which are appointed by, and subject to, the direction of the Head of the national supervisory authority.

 

7. In the performance of their duties, members of the national supervisory authority shall neither seek nor take instruction from anybody, and shall maintain complete independence and impartiality.

Amendment    47

Proposal for a directive

Article 13

Text proposed by the Commission

Amendment

Article 13

Article 13

Common protocols and supported data formats

Common protocols and supported data formats

1. All transfers of PNR data by air carriers to the Passenger Information Units for the purposes of this Directive shall be made by electronic means or, in the event of technical failure, by any other appropriate means, for a period of one year following the adoption of the common protocols and supported data formats in accordance with Article 14.

1. All transfers of PNR data, by air carriers and by non-carrier economic operators, to the Passenger Information Units for the purposes of this Directive shall be made by electronic means which provides sufficient guarantees in respect of the technical security measures and organisational measures governing the processing to be carried out. In the event of technical failure, the PNR data shall be transferred by any other appropriate means whilst maintaining the same level of security and in full compliance with Union data protection law.

2. Once the period of one year from the date of adoption of the common protocols and supported data formats has elapsed, all transfers of PNR data by air carriers to the Passenger Information Units for the purposes of this Directive shall be made electronically using secure methods in the form of accepted common protocols which shall be common to all transfers to ensure the security of the data during transfer, and in a supported data format to ensure their readability by all parties involved. All air carriers shall be required to select and identify to the Passenger Information Unit the common protocol and data format that they intend to use for their transfers.

2. Once the period of one year from the date of adoption of the common protocols and supported data formats has elapsed, all transfers of PNR data by air carriers and by non-carrier economic operators to the Passenger Information Units for the purposes of this Directive shall be made electronically using secure methods in the form of accepted common protocols which shall be common to all transfers to ensure the security of the data during transfer, and in a supported data format to ensure their readability by all parties involved. All air carriers shall be required to select and identify to the Passenger Information Unit the common protocol and data format that they intend to use for their transfers.

3. The list of accepted common protocols and supported data formats shall be drawn up and, if need be, adjusted, by the Commission in accordance with the procedure referred to in Article 14(2).

3. The Commission shall be empowered to adopt delegated acts in accordance with Article 14 concerning the adoption and, if necessary, adjustment of a list of accepted common protocols and supported data formats.

4. As long as the accepted common protocols and supported data formats referred to in paragraphs 2 and 3 are not available, paragraph 1 shall remain applicable.

4. As long as the accepted common protocols and supported data formats referred to in paragraphs 2 and 3 are not available, paragraph 1 shall remain applicable.

5. Each Member State shall ensure that the necessary technical measures are adopted to be able to use the common protocols and data formats within one year from the date the common protocols and supported data formats are adopted.

5. Each Member State shall ensure that the necessary technical measures are adopted to be able to use the common protocols and data formats within one year from the date the common protocols and supported data formats are adopted.

Amendment    48

Proposal for a directive

Article 14

Text proposed by the Commission

Amendment

Article 14

Article 14

Committee procedure

Delegated Acts

1. The Commission shall be assisted by a committee (‘the Committee’). That Committee shall be a committee within the meaning of Regulation […/2011/EU] of 16 February 2011.

1. The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.

2. Where reference is made to this paragraph, Article 4 of Regulation […/2011/EU] of 16 February 2011 shall apply.

2. The power to adopt delegated acts referred to in Article 13(3) shall be conferred on the Commission for a period of [X] years from …* [the date of entry into force of this Directive]. The Commission shall draw up a report in respect of the delegation of power not later than nine months before the end of the [X] year period. The delegation of power shall be tacitly extended for periods of an identical duration, unless the European Parliament or the Council opposes such extension not later than three months before the end of each period.

 

2a. The delegation of power referred to in Article 13(3) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

 

2b. As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.

 

2c. A delegated act adopted pursuant to Article 13(3) shall enter into force only if no objection has been expressed either by the European Parliament or by the Council within a period of two months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by two months at the initiative of the European Parliament or of the Council.

Amendment    49

Proposal for a directive

Article 16

Text proposed by the Commission

Amendment

Article 16

deleted

Transitional provisions

 

Upon the date referred to in Article 15(1), i.e. two years after the entry into force of this Directive, Member States shall ensure that the PNR data of at least 30% of all flights referred to in Article 6(1) are collected. Until two years after the date referred to in Article 15, Member States shall ensure that the PNR data from at least 60 % of all flights referred to in Article 6(1) are collected. Member States shall ensure that from four years after the date referred to in Article 15, the PNR data from all flights referred to in Article 6(1) are collected.

 

Amendment    50

Proposal for a directive

Article 17

Text proposed by the Commission

Amendment

Article 17

Article 17

Review

Review

On the basis of information provided by the Member States, the Commission shall:

On the basis of information provided by the Member States, the Commission shall, by …*[four years after the date of transposition referred to in Article 15(1)], conduct a review of the operation of this Directive and submit a report to the European Parliament and to the Council. That review shall cover all the elements of this Directive.

(a) review the feasibility and necessity of including internal flights in the scope of this Directive, in the light of the experience gained by those Member States that collect PNR data with regard to internal flights. The Commission shall submit a report to the European Parliament and the Council within two years after the date mentioned in Article 15(1);

 

(b) undertake a review of the operation of this Directive and submit a report to the European Parliament and the Council within four years after the date mentioned in Article 15(1). Such review shall cover all the elements of this Directive, with special attention to the compliance with standard of protection of personal data, the length of the data retention period and the quality of the assessments. It shall also contain the statistical information gathered pursuant to Article 18.

In conducting its review, the Commission shall pay special attention to compliance with the standards of protection of personal data, the necessity and proportionality of the collection and processing of PNR data for each of the stated purposes, the length of the data retention period and the quality of the assessments and the effectiveness of the sharing of data between the Member States, and the quality of the assessment including with regard to the statistical information gathered pursuant to Article 18. It shall also contain the statistical information gathered pursuant to Article 18;

 

After consulting the relevant Union agencies, the Commission shall, by …* [two years after the date of transposition of this Directive referred to in Article 15(1)], submit an initial evaluation report to the European Parliament and to the Council.

Amendment    51

Proposal for a directive

Article 18

Text proposed by the Commission

Amendment

Article 18

Article 18

Statistical data

Statistical data

1. Member States shall prepare a set of statistical information on PNR data provided to the Passenger Information Units. Such statistics shall as a minimum cover the number of identifications of any persons who may be involved in a terrorist offence or serious crime according to Article 4(2) and the number of subsequent law enforcement actions that were taken involving the use of PNR data per air carrier and destination.

1. Member States shall prepare a set of statistical information on PNR data provided to the Passenger Information Units. Such statistics shall as a minimum cover the number of identifications of any persons who may be involved in a terrorist offence or transnational serious crime according to Article 4(2) and the number of subsequent law enforcement actions that were taken involving the use of PNR data per air carrier and destination, including the number of investigation and convictions that have resulted from the collection of PNR data in each Member State.

2. These statistics shall not contain any personal data. They shall be transmitted to the Commission on a yearly basis

2. These statistics shall not contain any personal data. They shall be transmitted to the European Parliament, the Council and the Commission every two years

Amendment    52

Proposal for a directive

Article 19

Text proposed by the Commission

Amendment

Article 19

Article 19

Relationship to other instruments

Relationship to other instruments

1. Member States may continue to apply bilateral or multilateral agreements or arrangements between themselves on exchange of information between competent authorities, in force when this Directive is adopted, in so far as such agreements or arrangements are compatible with this Directive.

1. Member States may continue to apply bilateral or multilateral agreements or arrangements between themselves on exchange of information between competent authorities, in force when this Directive is adopted, in so far as such agreements or arrangements are compatible with this Directive.

 

1a. This Directive applies without prejudice to the Framework Decision 2008/977/JHA.

2. This Directive is without prejudice to any obligations and commitments of the Union by virtue of bilateral and/or multilateral agreements with third countries.

2. This Directive is without prejudice to any obligations and commitments of the Union by virtue of bilateral and/or multilateral agreements with third countries.

(1)

  OJ C 218, 23.7.2011, p. 107.

(2)

  OJ C 181, 22.6.2011, p. 24.

(3)

  Judgment of the Court of Justice of 8 April 2014, Digital Rights Ireland and Seitlinger and others, Joined Cases C-293/12 and C-594/12, ECLI:EU:C:2014:238.

(4)

  OJ L 281, 23.11.1995, p. 31.


EXPLANATORY STATEMENT

I. Background

The nature of criminal and terrorist activity has been constantly evolving in recent years. It has become more daring, more sophisticated and increasingly trans-national in nature. Given the vast cost of crime, evidence shows that citizens increasingly wish to see stronger action at EU level to tackle organised crime and terrorism.(1)

In response to this, the Stockholm Programme called on the Commission to present a proposal for the use of PNR data to prevent, detect, investigate and prosecute terrorism and serious crime. On 6 November 2007 the Commission adopted a proposal for a Council Framework Decision on the use of Passenger Name Record (PNR) data for law enforcement purposes. The proposal was discussed in Council working groups and consensus was reached on a majority of the provisions in the text. However upon entry into force of the Lisbon Treaty on 1 December 2009, the Commission proposal, not yet adopted by the Council, became obsolete.

PNR data is information provided by air passengers in the course of ticket reservation which is held by air carriers. Its primary use by air carriers is for operational purposes (it contains information in 19 fields such as travel dates, travel itinerary, ticket information, contact details, travel agency details, means of payment used, seat number and baggage information) but it also has commercial and statistical value for the airlines.

PNR data can also be used by law enforcement bodies and the proposed Directive lays down harmonised rules for such measures. PNR data, when analysed carefully, can be an effective tool to identify and track criminal and terrorist activity. Furthermore, it can be used in a reactive, real time or pro-active way to intercept, monitor, investigate and prosecute criminals. Currently, of the 27 Member States of the European Union, only the United Kingdom has a fully fledged PNR system(2), whilst 5 others (France, Denmark, Sweden, Belgium and The Netherlands) use it in limited ways or are testing its use.

PNR should not be confused with Advanced Passenger Information (API) which is biographical information taken from the machine-readable part of a passport. This is more limited in scope and its use is regulated under the API Directive(3).

II. Commission Proposal

The Commission proposal (henceforth "the text") takes into account the recommendations of the European Parliament as stated in its Resolution of November 2008(4) and it reflects the state of discussions in the Council working groups in 2009. It also takes into account the opinions of the European Data Protection Supervisor (EDPS), the Article 29 Working Party on Data Protection and the Fundamental Rights Agency. Both a full impact assessment and a consultation process were carried out.

Principally, the text does two things: i) it harmonises the obligation for air carriers operating flights to and from third country and the territory of at least one Member State in the transmission of PNR data to law enforcement bodies, and ii) sets out the criteria for which law enforcement bodies may use such information, namely for the purpose of preventing, detecting, investigating and prosecuting terrorist offences and serious crime. The text complies with the rules laid down in Framework Decision 2008/977/JHA (or any other future Framework decision in this area) for the protection of personal data. The proposed system is mandatory giving each Member State two years in which to set up an operational system. However, Member States would be allowed to run joint systems for cost-sharing purposes.

Apart from the purpose limitation, which is mentioned above, there are several areas in which parliamentarians have traditionally focussed their interest:

I. Retention of data

The text sets out a two-stage approach to the retention of PNR data by the Member State's competent authority: namely a 30-day period, followed by a 5-year period where the data is masked out.

II. Centralised v. de-centralised system

The text sets out rules for a de-centralised system. The arguments for this are mainly to do with cost, but also the sensitive nature of a single location of a centralised system.

III. Inclusion of intra-EU flights

Intra-EU flights are not included in the scope of the text.

IV. Targeted v. 100% collection

The Commission proposes reaching 100% coverage of international flights in gradual steps.

V. Definition of terrorist offences and serious crimes

Under the text, "terrorist offences" refer to those in Articles 1 to 4 of Council Framework Decision 2002/475/JHA; and "serious crimes" are also defined with reference to "Article 2(2) of Council Framework Decision 2002/584/JHA, but only those punishable by a custodial sentence or a detention order for a maximum period of at least three years under the national law of a Member State", although some flexibility is allowed here.

III. Rapporteur's Position

Your Rapporteur agrees with the vast majority of the Commission's approach to the transmission and use of PNR data. The Commission and various member State law enforcement bodies have presented evidence to Members as to the effectiveness of such a tool and your Rapporteur contends the necessity, proportionality, and added value of such a measure has been shown: the measures do not impede free movement and should not jeopardise right of entry of citizens whilst at the same time helping to protect their safety. Furthermore, given that the Commission proposal has taken account of the recommendations made by the European Parliament in November 2008, and given that it sets minimum standards that have already been approved by the LIBE Committee with respect to other PNR Agreements the text provides a sound platform for discussion in this house.

I. Retention of data

Your Rapporteur does not believe that any changes need to be made to the text but his draft Report adds a definition of "masking out data" which clarifies the precise meaning of this provision. It also introduces two different periods for accessing the data - five years for terrorism and four years for serious transnational crime, taking fully into account the proportionality principle, in view of the ECJ joined cases C-293/12 and C-594/12.

II. Centralised v. de-centralised system

The draft Report sets out rules for a de-centralised system.

III. Inclusion of intra-EU flights

Your Rapporteur is convinced that the inclusion of intra-EU flights would bring clear added value to any EU PNR scheme. Although this would add to initial costs there are clear benefits to their inclusion: uniform set up and strong security advantages. Because of the increased scope of the scheme, your Rapporteur has also extended the lead in time for the proposal from 2 to 3 years.

IV. Targeted v. 100% collection

The Rapporteur supports 100% coverage of flights for the obvious efficiency and security benefits. There is also evidence to suggest that criminals could avoid particular flights under a targeted system.

V. Definition of terrorist offences and serious transnational crimes

The draft Report has not changed the definitions of "terrorist offence" and "serious crime" However, it limits the text to "serious transnational crime" only with a list of specific offences taken from the FD 2002/584/JHA list.

Your Rapporteur has also inserted provisions which will clarify the issue of cost, redress and has strengthened the legal certainty of the text by referring more explicitly to other legislation already in force in this area.

(1)

Standard Eurobarometer 71, p. 149 of the Annex.

(2)

UK e-borders sections 32 to 38 of the Immigration, Asylum and Nationality Act 2006.

(3)

Directive 2004/82/EC of 29 August 2004 on the obligation of carriers to communicate passenger data (OJ L 261, 6.8.2004, p. 24).

(4)

Texts Adopted, P6_TA(2008)0561.


OPINION of the Committee on Foreign Affairs (6.5.2015)

for the Committee on Civil Liberties, Justice and Home Affairs

on the proposal for a directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime

(COM(2011)0032 – C7-0039/2011 – 2011/0023(COD))

Rapporteur: Arnaud Danjean

SHORT JUSTIFICATION

Passenger Name Record (PNR) data is information provided by passenger and collected by air carriers for commercial purposes. It contains different types of information ranging from travel dates and itineraries to information on the means of payment and contact details.

PNR data is of considerable use for law enforcement agencies. It can be used reactively, i.e. in investigations or prosecutions, in real-time (prior to arrival or departure), to prevent crimes or arrest persons before a crime is committed, or proactively, for the creation of assessment criteria to facilitate the pre-arrival and pre-departure assessment of passengers.

While several member states are already developing their own PNR systems, the directive would regulate the use of such PNR data at the EU level and attempts to harmonise member states' policies. Such a harmonisation is vital to avoid each member state imposing different obligations on air carriers and thus considerable increasing the bureaucratic and financial burden of PNR data provision. It would also ensure that the whole of the EU is comprehensively covered by a PNR system.

The introduction of an EU PNR system is vital for allowing the EU to deal with the challenges it is currently facing. Beyond the fight against organised crime and domestic terrorism, the PNR directive is an important contribution to the maintenance of international security. Terrorism has become a global threat and needs to be tackled as such. Air transport plays a vital role in the maintenance of terrorist networks and the departure and return of so-called "foreign fighters". Both for the preservation of domestic security and the achievement of the EU's foreign policy goals, proper access to PNR data for law enforcement agencies needs to be ensured.

It is also necessary to ensure that PNR data collected by non-carrier economic operators such as travel agencies and tour operators making use of charter flights is included in the EU PNR system to avoid any exploitable loopholes. As the operating airlines often do not have access to reservation data for such chartered flights, it is vital to obligate travel agencies and tour operators to provide such information.

This access has to be necessarily balanced with EU citizens' right to privacy and it has to be ensured that the PNR directive is aligned with the European Court of Justice ruling on the data retention directive. In the rapporteur's opinion, if these issues are addressed, the directive will make an important contribution to national and international security.

AMENDMENTS

The Committee on Foreign Affairs calls on the Committee on Civil Liberties, Justice and Home Affairs, as the committee responsible, to take into account the following amendments:

Amendment    1

Proposal for a directive

Recital 3 a (new)

Text proposed by the Commission

Amendment

(3a) In its resolution 2178 (2014), the United Nations Security Council expresses its grave concern over the acute and growing threat posed by foreign terrorist fighters, namely individuals who travel to a State other than their States of residence or nationality for the purpose of the perpetration, planning, or preparation of, or participation in, terrorist acts or the providing or receiving of terrorist training and resolves to address this threat. The United Nations Security Council acknowledges the importance of addressing the threat posed by foreign terrorist fighters and encourages Member States to employ evidence-based traveller risk assessment and screening procedures including collection and analysis of travel data, without resorting to profiling based on stereotypes founded on discriminatory grounds.

Amendment    2

Proposal for a directive

Recital 5

Text proposed by the Commission

Amendment

(5) PNR data are necessary to effectively prevent, detect, investigate and prosecute terrorist offences and serious crime and thus enhance internal security.

(5) PNR data are necessary to effectively prevent, detect, investigate and prosecute terrorist offences and serious crime and thus enhance internal and international security.

Amendment    3

Proposal for a directive

Recital 5

Text proposed by the Commission

Amendment

(5) PNR data are necessary to effectively prevent, detect, investigate and prosecute terrorist offences and serious crime and thus enhance internal security.

(5) PNR data may be a useful tool to effectively prevent, detect, investigate and prosecute terrorist offences and serious crime and thus enhance internal security.

Amendment    4

Proposal for a directive

Recital 6

Text proposed by the Commission

Amendment

(6) PNR data help law enforcement authorities prevent, detect, investigate and prosecute serious crimes, including acts of terrorism, by comparing them with various databases of persons and objects sought, to construct evidence and, where relevant, to find associates of criminals and unravel criminal networks.

(6) PNR data may help law enforcement authorities prevent, detect, investigate and prosecute serious crimes, including acts of terrorism, by comparing them with various databases of persons and objects sought, to construct evidence and, where relevant, to find associates of criminals and unravel criminal networks.

Amendment    5

Proposal for a directive

Recital 7

Text proposed by the Commission

Amendment

(7) PNR data enable law enforcement authorities to identify persons who were previously ‘unknown’, i.e. persons previously unsuspected of involvement in serious crime and terrorism, but whom an analysis of the data suggests may be involved in such crime and who should therefore be subject to further examination by the competent authorities. By using PNR data law enforcement authorities can address the threat of serious crime and terrorism from a different perspective than through the processing of other categories of personal data. However, in order to ensure that the processing of data of innocent and unsuspected persons remains as limited as possible, the aspects of the use of PNR data relating to the creation and application of assessment criteria should be further limited to serious crimes that are also transnational in nature, i.e. are intrinsically linked to travelling and hence the type of the data being processed.

(7) PNR data enable law enforcement authorities to identify persons who were previously ‘unknown’, i.e. persons previously unsuspected of involvement in serious crime and terrorism, but whom an analysis of the data suggests may be involved in such crime and who should therefore be subject to further examination by the competent authorities, including individuals who may be travelling for the purpose of the perpetration, planning, or preparation of, or participation in, terrorist acts, or the providing or receiving of terrorist training. By using PNR data law enforcement authorities can address the threat of serious crime and terrorism from a different perspective than through the processing of other categories of personal data. However, in order to ensure that the processing of data of innocent and unsuspected persons remains as limited as possible, the aspects of the use of PNR data relating to the creation and application of assessment criteria should be further limited to serious crimes that are also transnational in nature, i.e. are intrinsically linked to travelling and hence the type of the data being processed.

Amendment    6

Proposal for a directive

Recital 8

Text proposed by the Commission

Amendment

(8) The processing of personal data must be proportionate to the specific security goal pursued by this Directive.

(8) The processing of personal data must be proportionate to, and necessary in order to attain, the specific security goal pursued by this Directive, in accordance with the principles of necessity and proportionality referred to by the Court of Justice in its judgment of 4 April 2014, and by the European Data Protection Supervisor in his opinion of 25 March 2011.

Amendment    7

Proposal for a directive

Recital 10

Text proposed by the Commission

Amendment

(10) To prevent, detect, investigate and prosecute terrorist offences and serious crime, it is therefore essential that all Member States introduce provisions laying down obligations on air carriers operating international flights to or from the territory of the Member States of the European Union.

(10) To prevent, detect, investigate and prosecute terrorist offences and serious crime, it is therefore essential that all Member States introduce provisions laying down obligations on air carriers operating international flights to or from the territory of the Member States of the European Union. Non-carrier economic operators should also be concerned by those obligations when involved in booking such flights.

Amendment    8

Proposal for a directive

Recital 10

Text proposed by the Commission

Amendment

(10) To prevent, detect, investigate and prosecute terrorist offences and serious crime, it is therefore essential that all Member States introduce provisions laying down obligations on air carriers operating international flights to or from the territory of the Member States of the European Union.

(10) To prevent, detect, investigate and prosecute terrorist offences and serious transnational crime, it is therefore essential that all Member States introduce provisions laying down obligations on air carriers operating international flights to or from the territory of the Member States of the European Union.

 

(Horizontal amendment: "serious crime" shall be replaced by "serious transnational crime" throughout the text)

Amendment    9

Proposal for a directive

Recital 10 a (new)

Text proposed by the Commission

Amendment

 

(10a) The purpose of this Directive is to ensure security and to protect the life and safety of the public, and to create a legal framework for the protection and exchange of PNR data between Member States and law enforcement authorities.

Amendment    10

Proposal for a directive

Recital 10 a (new)

Text proposed by the Commission

Amendment

 

(10a) Recent increase of terrorist acts in the EU, expansion of radicalisation and increasing numbers of foreign fighters returning to EU all confirm that it is high time for this directive to enter into force.

Amendment    11

Proposal for a directive

Recital 11

Text proposed by the Commission

Amendment

(11) Air carriers already collect and process PNR data from their passengers for their own commercial purposes. This Directive should not impose any obligation on air carriers to collect or retain any additional data from passengers or to impose any obligation on passengers to provide any data in addition to that already being provided to air carriers.

(11) Air carriers already collect and process PNR data from their passengers for their own commercial purposes. This Directive should not impose any obligation on air carriers and non-carrier economic operators to collect or retain any additional data from passengers or to impose any obligation on passengers to provide any data in addition to that already being provided to air carriers and non-carrier economic operators.

Amendment    12

Proposal for a directive

Recital 11 a (new)

Text proposed by the Commission

Amendment

(11a) Non-carrier economic operators, such as travel agencies and tour operators, sell package tours making use of charter flights for which they collect and process PNR data from their customers, yet without necessarily transferring the data to the airline operating the passenger flight.

Amendment    13

Proposal for a directive

Recital 12

Text proposed by the Commission

Amendment

(12) The definition of terrorist offences should be taken from Articles 1 to 4 of Council Framework Decision 2002/475/JHA on combating terrorism37. The definition of serious crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA of 13 June 2002 on the European Arrest Warrant and the surrender procedure between Member States38. However, Member States may exclude those minor offences for which, taking into account their respective criminal justice system, the processing of PNR data pursuant to this directive would not be in line with the principle of proportionality. The definition of serious transnational crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA and the United Nations Convention on Transnational Organised Crime.

(12) The definition of terrorist offences should be taken from Article 1 of Council Framework Decision 2002/475/JHA on combating terrorism37. The definition of serious transnational crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA of 13 June 2002 on the European Arrest Warrant and the United Nations Convention against Transnational Organised Crime. However, Member States should exclude those minor offences for which, taking into account their respective criminal justice system, the processing of PNR data pursuant to this directive would not be in line with the principle of proportionality.

__________________

__________________

37 OJ L 164, 22.6.2002, p. 3. Decision as amended by Council Framework Decision 2008/919/JHA of 28 November 2008 (OJ L 330, 9.1.2.2008, p. 21).

37 OJ L 164, 22.6.2002, p. 3. Decision as amended by Council Framework Decision 2008/919/JHA of 28 November 2008 (OJ L 330, 9.1.2.2008, p. 21).

38 OJ L 190, 18.7.2002, p. 1.

 

Amendment    14

Proposal for a directive

Recital 14

Text proposed by the Commission

Amendment

(14) The contents of any lists of required PNR data to be obtained by the Passenger Information Unit should be drawn up with the objective of reflecting the legitimate requirements of public authorities to prevent, detect, investigate and prosecute terrorist offences or serious crime, thereby improving internal security within the Union as well as protecting the fundamental rights of citizens, notably privacy and the protection of personal data. Such lists should not contain any personal data that could reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data concerning health or sexual life of the individual concerned. The PNR data should contain details on the passenger’s reservation and travel itinerary which enable competent authorities to identify air passengers representing a threat to internal security.

(14) The contents of any lists of required PNR data to be obtained by the Passenger Information Unit should be drawn up with the objective of reflecting the legitimate requirements of public authorities to prevent, detect, investigate and prosecute terrorist offences or serious crime, thereby improving internal security within the Union as well as protecting the fundamental rights of citizens, notably privacy and the protection of personal data. Such lists should not contain any personal data that could reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data concerning health or sexual life of the individual concerned. The PNR data should contain details on the passenger’s reservation and travel itinerary which enable competent authorities to identify air passengers representing a threat to internal security and to international security.

Amendment    15

Proposal for a directive

Recital 15

Text proposed by the Commission

Amendment

(15) There are two possible methods of data transfer currently available: the ‘pull’ method, under which the competent authorities of the Member State requiring the data can reach into (access) the air carrier’s reservation system and extract (‘pull’) a copy of the required data, and the ‘push’ method, under which air carriers transfer (‘push’) the required PNR data to the authority requesting them, thus allowing air carriers to retain control of what data is provided. The ‘push’ method is considered to offer a higher degree of data protection and should be mandatory for all air carriers.

(15) There are two possible methods of data transfer currently available: the ‘pull’ method, under which the competent authorities of the Member State requiring the data can reach into (access) the air carrier’s reservation system and extract (‘pull’) a copy of the required data, and the ‘push’ method, under which air carriers and non-carrier economic operators transfer (‘push’) the required PNR data to the authority requesting them, thus allowing air carriers to retain control of what data is provided. The ‘push’ method is considered to offer a higher degree of data protection and should be mandatory for all air carriers and non-carrier economic operators.

Amendment    16

Proposal for a directive

Recital 17

Text proposed by the Commission

Amendment

(17) The Member States should take all necessary measures to enable air carriers to fulfil their obligations under this Directive. Dissuasive, effective and proportionate penalties, including financial ones, should be provided for by Member States against those air carriers failing to meet their obligations regarding the transfer of PNR data. Where there are repeated serious infringements which might undermine the basic objectives of this Directive, these penalties may include, in exceptional cases, measures such as the immobilisation, seizure and confiscation of the means of transport, or the temporary suspension or withdrawal of the operating licence.

(17) The Member States should take all necessary measures to enable air carriers and non-carrier economic operators to fulfil their obligations under this Directive. Dissuasive, effective and proportionate penalties, including financial ones, should be provided for by Member States against those air carriers and non-carrier economic operators failing to meet their obligations regarding the transfer of PNR data. Where there are repeated serious infringements which might undermine the basic objectives of this Directive, these penalties may include, in exceptional cases, measures such as the immobilisation, seizure and confiscation of the means of transport, or the temporary suspension or withdrawal of the operating licence.

Amendment    17

Proposal for a directive

Recital 18

Text proposed by the Commission

Amendment

(18) Each Member State should be responsible for assessing the potential threats related to terrorist offences and serious crime.

(18) Each Member State should be responsible for assessing the potential threats related to terrorist offences and serious transnational crime.

Amendment    18

Proposal for a directive

Recital 19

Text proposed by the Commission

Amendment

(19) Taking fully into consideration the right to the protection of personal data and the right to non-discrimination, no decision that produces an adverse legal effect on a person or seriously affects him/her should be taken only by reason of the automated processing of PNR data. Moreover, no such decision should be taken by reason of a person’s race or ethnic origin, religious or philosophical belief, political opinion, trade union membership, health or sexual life.

(19) Taking fully into consideration the right to the protection of personal data and the right to non-discrimination, no decision that produces an adverse legal effect on a person or seriously affects him/her should be taken only by reason of the automated processing of PNR data. Moreover, no such decision should be taken on grounds of a person's gender, colour, ethnic or social origin, genetic features, language, religious or philosophical belief, political opinion, trade union membership, membership of a national minority, property, birth, disability, age, health or sexual orientation.

Amendment    19

Proposal for a directive

Recital 20

Text proposed by the Commission

Amendment

(20) Member States should share with other Member States the PNR data that they receive where such transfer is necessary for the prevention, detection, investigation or prosecution of terrorist offences or serious crime. The provisions of this Directive should be without prejudice to other Union instruments on the exchange of information between police and judicial authorities, including Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police Office (Europol)39 and Council Framework Decision 2006/960/JHA of 18 September 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union40. Such exchange of PNR data between law enforcement and judicial authorities should be governed by the rules on police and judicial cooperation.

(20) Member States should share with other Member States the PNR data that they receive where such transfer is necessary for the prevention, detection, investigation or prosecution of terrorist offences or serious transnational crime. The provisions of this Directive should be without prejudice to other Union instruments on the exchange of information between police and judicial authorities, including Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police Office (Europol)39 and Council Framework Decision 2006/960/JHA of 18 September 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union40. Such exchange of PNR data between law enforcement and judicial authorities should be governed by the rules on police and judicial cooperation.

__________________

__________________

39 OJ L 121, 15.5.2009, p. 37.

39 OJ L 121, 15.5.2009, p. 37.

40 OJ L 386, 29.12.2006, p. 89.

40 OJ L 386, 29.12.2006, p. 89.

Amendment    20

Proposal for a directive

Recital 26

Text proposed by the Commission

Amendment

(26) Transfers of PNR data by Member States to third countries should be permitted only on a case-by-case basis and in compliance with Framework Decision 2008/977/JHA. To ensure the protection of personal data, such transfers should be subject to additional requirements relating to the purpose of the transfer, the quality of the receiving authority and the safeguards applicable to the personal data transferred to the third country.

(26) Transfers of PNR data by Member States to third countries should be permitted only on a case-by-case basis, and in compliance with the revised Framework Decision 2008/977/JHA. To ensure the protection of personal data, such data should only be transferred with precise knowledge of the intended processing of the PNR data in the third country, of the limits of access to the PNR-data of the competent authorities in the third country and their subsequent use and of other safeguards applicable to the personal data transferred to the third country.

Justification

Framework Decision 2008/977/JHA is currently being revised after the Commission proposed to change the Framework Decision with a new Directive (COM(2012) 10 final).

Amendment    21

Proposal for a directive

Recital 26

Text proposed by the Commission

Amendment

(26) Transfers of PNR data by Member States to third countries should be permitted only on a case-by-case basis and in compliance with Framework Decision 2008/977/JHA. To ensure the protection of personal data, such transfers should be subject to additional requirements relating to the purpose of the transfer, the quality of the receiving authority and the safeguards applicable to the personal data transferred to the third country.

(26) Transfers of PNR data by Member States to third countries should be permitted only on a case-by-case basis and in compliance with Framework Decision 2008/977/JHA. To ensure the protection of personal data, such transfers should be subject to additional requirements relating to the purpose of the transfer, the quality of the receiving authority and the safeguards applicable to the personal data transferred to the third country. The transfer of those data to any other country should only be allowed when authorised by the original Member State and on a case-by-case basis.

Amendment    22

Proposal for a directive

Recital 29

Text proposed by the Commission

Amendment

(29) As a result of the legal and technical differences between national provisions concerning the processing of personal data, including PNR, air carriers are and will be faced with different requirements regarding the types of information to be transmitted, as well as the conditions under which this information needs to be provided to competent national authorities. These differences may be prejudicial to effective cooperation between the competent national authorities for the purposes of preventing, detecting, investigating and prosecuting terrorist offences or serious crime.

(29) As a result of the legal and technical differences between national provisions concerning the processing of personal data, including PNR, air carriers and non-carrier economic operators are and will be faced with different requirements regarding the types of information to be transmitted, as well as the conditions under which this information needs to be provided to competent national authorities. These differences may be prejudicial to effective cooperation between the competent national authorities for the purposes of preventing, detecting, investigating and prosecuting terrorist offences or serious crime.

Amendment    23

Proposal for a directive

Recital 29

Text proposed by the Commission

Amendment

(29) As a result of the legal and technical differences between national provisions concerning the processing of personal data, including PNR, air carriers are and will be faced with different requirements regarding the types of information to be transmitted, as well as the conditions under which this information needs to be provided to competent national authorities. These differences may be prejudicial to effective cooperation between the competent national authorities for the purposes of preventing, detecting, investigating and prosecuting terrorist offences or serious crime.

(29) As a result of the legal and technical differences between national provisions concerning the processing of personal data, including PNR, air carriers are and will be faced with different requirements regarding the types of information to be transmitted, as well as the conditions under which this information needs to be provided to competent national authorities. These differences may be prejudicial to effective cooperation between the competent national authorities for the purposes of preventing, detecting, investigating and prosecuting terrorist offences or serious transnational crime.

Amendment    24

Proposal for a directive

Recital 32

Text proposed by the Commission

Amendment

(32) In particular, the scope of the Directive is as limited as possible, it allows retention of PNR data for period of time not exceeding 5 years, after which the data must be deleted, the data must be anonymised after a very short period, the collection and use of sensitive data is prohibited. In order to ensure efficiency and a high level of data protection, Member States are required to ensure that an independent national supervisory authority is responsible for advising and monitoring how PNR data are processed. All processing of PNR data must be logged or documented for the purpose of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of the data processing. Member States must also ensure that passengers are clearly and precisely informed about the collection of PNR data and their rights.

(32) In particular, the scope of the Directive is as limited as possible, it allows retention of PNR data for period of time not exceeding 5 years, after which the data must be deleted, the data must be masked out after a very short period, the collection and use of sensitive data is prohibited. In order to ensure efficiency and a high level of data protection, Member States are required to ensure that an independent national supervisory authority is responsible for advising and monitoring how PNR data are processed. All processing of PNR data must be logged or documented for the purpose of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of the data processing. Member States must also ensure that passengers are clearly and precisely informed about the collection of PNR data and their rights.

Amendment    25

Proposal for a directive

Article 1 – paragraph 1 a (new)

Text proposed by the Commission

Amendment

1a. This Directive shall also apply to non-carrier economic operators that gather or store PNR data on passenger flights to or from third countries, the point of departure or destination of which is located within the Union.

Amendment    26

Proposal for a directive

Article 1 – paragraph 2 – introductory part

Text proposed by the Commission

Amendment

2. The PNR data collected in accordance with this Directive may be processed only for the following purposes:

2. The PNR data collected in accordance with this Directive may be processed only by the Member State's competent authority, and only for the following purposes:

Amendment    27

Proposal for a directive

Article 1 – paragraph 2 a (new)

Text proposed by the Commission

Amendment

 

2a. This Directive shall apply to carriers and non-carrier economic operators operating passenger flights between the Union and third countries, and passenger flights within the territory of the Union.

Justification

The inclusion of intra-EU flights is important as criminals within the EU use flights within the EU territories and not just external flights. Criminals also use complex routes to and from a number of EU countries in order to avoid detection and prosecution.

Amendment    28

Proposal for a directive

Article 1 – paragraph 2 b (new)

Text proposed by the Commission

Amendment

 

2b. This Directive shall also apply to carriers and non-carrier economic operators incorporated or storing data in the Union and operating passenger flights to or from third countries, which are the point of departure or destination of which is located within the Union.

Amendment    29

Proposal for a directive

Article 2 – paragraph 1 – point a

Text proposed by the Commission

Amendment

(a) ‘air carrier’ means an air transport undertaking with a valid operating licence or equivalent permitting it to carry out carriage by air of passengers;

(a) ‘air carrier’ means an air transport undertaking with a valid operating licence or equivalent;

Justification

The definition of an air carrier should be in line with the same definition in Regulation 1008/2008 on common rules for the operations of air services in the Community

Amendment    30

Proposal for a directive

Article 2 – paragraph 1 – point a a (new)

Text proposed by the Commission

Amendment

(aa) ‘non-carrier economic operator’ means an authorised economic operator, such as travel agencies and tour operators, that provides travel-related services, including the booking of flights for which they collect and process PNR data of passengers;

Amendment    31

Proposal for a directive

Article 2 – paragraph 1 – point b

Text proposed by the Commission

Amendment

(b) ’international flight’ means any scheduled or non-scheduled flight by an air carrier planned to land on the territory of a Member State originating in a third country or to depart from the territory of a Member State with a final destination in a third country, including in both cases any transfer or transit flights;

(b) ‘international flight’ means any scheduled or non-scheduled flight by an air carrier planned to land on the territory of a Member State originating in a third country or to depart from the territory of a Member State with a final destination in a third country, including chartered flights, private planes, privately freighted flights, as well as any transit flights where passengers disembark;

Amendment    32

Proposal for a directive

Article 2 – paragraph 1 – point c

Text proposed by the Commission

Amendment

(c) ‘Passenger Name Record’ or 'PNR data' means a record of each passenger’s travel requirements which contains information necessary to enable reservations to be processed and controlled by the booking and participating air carriers for each journey booked by or on behalf of any person, whether it is contained in reservation systems, Departure Control Systems (DCS) or equivalent systems providing the same functionalities;

(c) ‘Passenger Name Record’ or 'PNR data' means a record of each passenger’s travel requirements which contains information necessary to enable reservations to be processed and controlled by the booking and participating air carriers, as well as non-carrier economic operators when the air carriers have not done the booking themselves, for each journey booked by or on behalf of any person, whether it is contained in reservation systems, Departure Control Systems (DCS) or equivalent systems providing the same functionalities;

Amendment    33

Proposal for a directive

Article 2 – paragraph 1 – point e

Text proposed by the Commission

Amendment

(e) ‘reservation systems’ means the air carrier’s internal inventory system, in which PNR data are collected for the handling of reservations;

(e) ‘Reservation systems’ means the air carrier’s or the non-carrier economic operator’s internal inventory system, in which PNR data are collected for the handling of reservations;

Amendment    34

Proposal for a directive

Article 2 – paragraph 1 – point f

Text proposed by the Commission

Amendment

(f) ’push method’ means the method whereby air carriers transfer the required PNR data into the database of the authority requesting them;

(f) ‘push method’ means the method whereby air carriers transfer the PNR data into the database of the authority requesting them;

Justification

Air carriers transmit the PNR data that they collect for the purposes of reservations, not “required” PNR data. It is for the authorities to filter the data and select what they require.

Amendment    35

Proposal for a directive

Article 2 – paragraph 1 – point g

Text proposed by the Commission

Amendment

(g) ‘terrorist offences’ means the offences under national law referred to in Articles 1 to 4 of Council Framework Decision 2002/475/JHA;

(g) ‘terrorist offences’ means the offences under national law referred to in Articles 1 to 4 of Council Framework Decision 2002/475/JHA, including individuals who may be travelling for the purpose of the perpetration, planning, or preparation of, or participation in, terrorist acts, or the providing or receiving of terrorist training;

Amendment    36

Proposal for a directive

Article 2 – paragraph 1 – point h

Text proposed by the Commission

Amendment

(h) ’serious crime’ means the offences under national law referred to in Article 2(2) of Council Framework Decision 2002/584/JHA if they are punishable by a custodial sentence or a detention order for a maximum period of at least three years under the national law of a Member State, however, Member States may exclude those minor offences for which, taking into account their respective criminal justice system, the processing of PNR data pursuant to this directive would not be in line with the principle of proportionality;

deleted

Amendment    37

Proposal for a directive

Article 3 – paragraph 1

Text proposed by the Commission

Amendment

1. Each Member State shall set up or designate an authority competent for the prevention, detection, investigation or prosecution of terrorist offences and serious crime or a branch of such an authority to act as its ‘Passenger Information Unit’ responsible for collecting PNR data from the air carriers, storing them, analysing them and transmitting the result of the analysis to the competent authorities referred to in Article 5. Its staff members may be seconded from competent public authorities.

1. Each Member State shall set up or designate an authority competent for the prevention, detection, investigation or prosecution of terrorist offences and serious crime or a branch of such an authority to act as its ‘Passenger Information Unit’ responsible for collecting PNR data from the air carriers, storing them, analysing them and transmitting the result of the analysis to the competent authorities referred to in Article 5. Its staff members shall be individuals of proven integrity and competence and may be seconded from competent public authorities.

Amendment    38

Proposal for a directive

Article 4 – paragraph 1

Text proposed by the Commission

Amendment

1. The PNR data transferred by the air carriers, pursuant to Article 6, in relation to international flights which land on or depart from the territory of each Member State shall be collected by the Passenger Information Unit of the relevant Member State. Should the PNR data transferred by air carriers include data beyond those listed in the Annex, the Passenger Information Unit shall delete such data immediately upon receipt.

1. The PNR data transferred by the air carriers and non-carrier economic operators, pursuant to Article 6, in relation to international flights which land on or depart from the territory of each Member State shall be collected by the Passenger Information Unit of the relevant Member State. Should the PNR data transferred by air carriers and non-carrier economic operators include data beyond those listed in the Annex, the Passenger Information Unit shall delete such data immediately upon receipt.

Amendment    39

Proposal for a directive

Article 4 – paragraph 1

Text proposed by the Commission

Amendment

1. The PNR data transferred by the air carriers, pursuant to Article 6, in relation to international flights which land on or depart from the territory of each Member State shall be collected by the Passenger Information Unit of the relevant Member State. Should the PNR data transferred by air carriers include data beyond those listed in the Annex, the Passenger Information Unit shall delete such data immediately upon receipt.

1. The PNR data transferred by the air carriers, pursuant to Article 6, in relation to international flights which land on or depart from the territory of each Member State shall be collected by the Passenger Information Unit of the relevant Member State. Air carriers and non-carrier economic operators shall not transfer to the Passenger Information Unit sensitive data such as the gender, colour, ethnic or social origin, genetic features, language, religious or philosophical belief, political opinion, trade union membership, membership of a national minority, property, birth, disability, age, state of health or sexual orientation of the individual in question. Should these or other data beyond those listed exhaustively in the Annex be included in the PNR data transferred, the Passenger Information Unit shall delete such data immediately upon receipt.

Amendment    40

Proposal for a directive

Article 4 – paragraph 1

Text proposed by the Commission

Amendment

1. The PNR data transferred by the air carriers, pursuant to Article 6, in relation to international flights which land on or depart from the territory of each Member State shall be collected by the Passenger Information Unit of the relevant Member State. Should the PNR data transferred by air carriers include data beyond those listed in the Annex, the Passenger Information Unit shall delete such data immediately upon receipt.

1. The PNR data transferred by the air carriers, pursuant to Article 6, in relation to international flights which land on or depart from the territory of each Member State shall be collected only by the Passenger Information Unit of the relevant Member State. Should the PNR data transferred by air carriers include data beyond those listed in the Annex, the Passenger Information Unit shall delete such data immediately upon receipt.

Justification

The word “only” should be added to make sure that not all competent authorities entitled to request PNR data (as per article 5) get them from the carriers.

Amendment    41

Proposal for a directive

Article 4 – paragraph 2 – point a

Text proposed by the Commission

Amendment

(a) carrying out an assessment of the passengers prior to their scheduled arrival or departure from the Member State in order to identify any persons who may be involved in a terrorist offence or serious transnational crime and who require further examination by the competent authorities referred to in Article 5. In carrying out such an assessment, the Passenger Information Unit may process PNR data against pre-determined criteria. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated means in order to verify whether the competent authority referred to in Article 5 needs to take action;

(a) carrying out an assessment of the passengers prior to their scheduled arrival or departure from the Member State in order to identify any persons who may be involved in a terrorist offence or serious transnational crime, including individuals who may be travelling for the purpose of the perpetration, planning, or preparation of, or participation in, terrorist acts, or the providing or receiving of terrorist training, and who require further examination by the competent authorities referred to in Article 5. In carrying out such an assessment, the Passenger Information Unit may process PNR data against pre-determined criteria. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated means in order to verify whether the competent authority referred to in Article 5 needs to take action;

Amendment    42

Proposal for a directive

Article 4 – paragraph 2 – point b

Text proposed by the Commission

Amendment

(b) carrying out an assessment of the passengers prior to their scheduled arrival or departure from the Member State in order to identify any persons who may be involved in a terrorist offence or serious crime and who require further examination by the competent authorities referred to in Article 5. In carrying out such an assessment the Passenger Information Unit may compare PNR data against relevant databases, including international or national databases or national mirrors of Union databases, where they are established on the basis of Union law, on persons or objects sought or under alert, in accordance with Union, international and national rules applicable to such files. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated means in order to verify whether the competent authority referred to in Article 5 needs to take action;

(b) carrying out an assessment of the passengers prior to their scheduled arrival or departure from the Member State in order to identify any persons who may be involved in a terrorist offence or serious crime, including individuals who may be travelling for the purpose of the perpetration, planning, or preparation of, or participation in, terrorist acts, or the providing or receiving of terrorist training, and who require further examination by the competent authorities referred to in Article 5. In carrying out such an assessment the Passenger Information Unit may compare PNR data against relevant databases, including international or national databases or national mirrors of Union databases, where they are established on the basis of Union law, on persons or objects sought or under alert, in accordance with Union, international and national rules applicable to such files. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated means in order to verify whether the competent authority referred to in Article 5 needs to take action;

Amendment    43

Proposal for a directive

Article 4 – paragraph 3

Text proposed by the Commission

Amendment

3. The assessment of the passengers prior to their scheduled arrival or departure from the Member State referred to in point (a) of paragraph 2 shall be carried out in a non-discriminatory manner on the basis of assessment criteria established by its Passenger Information Unit. Member States shall ensure that the assessment criteria are set by the Passenger Information Units, in cooperation with the competent authorities referred to in Article 5. The assessment criteria shall in no circumstances be based on a person’s race or ethnic origin, religious or philosophical belief, political opinion, trade union membership, health or sexual life.

3. The assessment of the passengers prior to their scheduled arrival or departure from the Member State referred to in point (a) of paragraph 2 shall be carried out in a non-discriminatory manner on the basis of assessment criteria established by its Passenger Information Unit. Member States shall ensure that the assessment criteria are set by the Passenger Information Units, in cooperation with the competent authorities referred to in Article 5. The assessment criteria shall in no circumstances be based on a person’s gender, colour, ethnic or social origin, genetic features, language, religious or philosophical belief, political opinion, trade union membership, membership of a national minority, property, birth, disability, age, health or sexual orientation.

Amendment    44

Proposal for a directive

Article 5 – paragraph 6

Text proposed by the Commission

Amendment

6. The competent authorities shall not take any decision that produces an adverse legal effect on a person or significantly affects a person only by reason of the automated processing of PNR data. Such decisions shall not be taken on the basis of a person’s race or ethnic origin, political opinion, religious or philosophical belief, trade union membership, health or sexual life.

6. The competent authorities shall not take any decision that produces an adverse legal effect on a person or affects a person only by reason of the automated processing of PNR data. Such decisions shall not be taken on the basis of a person’s gender, colour, ethnic or social origin, genetic features, language, religious or philosophical belief, political opinion, trade union membership, membership of a national minority, property, birth, disability, age, health or sexual orientation.

Amendment    45

Proposal for a directive

Article 6 – title

Text proposed by the Commission

Amendment

Obligations on air carriers

Obligations on air carriers and non-carrier economic operators

Amendment    46

Proposal for a directive

Article 6 – paragraph 1

Text proposed by the Commission

Amendment

1. Member States shall adopt the necessary measures to ensure that air carriers transfer ('push') the PNR data as defined in Article 2(c) and specified in the Annex, to the extent that such data are already collected by them, to the database of the national Passenger Information Unit of the Member State on the territory of which the international flight will land or from the territory of which the flight will depart. Where the flight is code-shared between one or more air carriers, the obligation to transfer the PNR data of all passengers on the flight shall be on the air carrier that operates the flight. Where the flight has one or more stop-overs at the airports of the Member States, air carriers shall transfer the PNR data to the Passenger Information Units of all the Member States concerned.

1. Member States shall adopt the necessary measures to ensure that air carriers and non-carrier economic operators transfer ('push') the PNR data as defined in Article 2(c) and specified in the Annex, to the extent that such data are already collected by them, to the database of the national Passenger Information Unit of the Member State on the territory of which the international flight will land or from the territory of which the flight will depart. Where the flight is code-shared between one or more air carriers, the obligation to transfer the PNR data of all passengers on the flight shall be on the air carrier that operates the flight. Where the flight has one or more stop-overs at the airports of the Member States, air carriers shall transfer the PNR data to the Passenger Information Units of all the Member States concerned.

Amendment    47

Proposal for a directive

Article 6 – paragraph 1

Text proposed by the Commission

Amendment

1. Member States shall adopt the necessary measures to ensure that air carriers transfer ('push') the PNR data as defined in Article 2(c) and specified in the Annex, to the extent that such data are already collected by them, to the database of the national Passenger Information Unit of the Member State on the territory of which the international flight will land or from the territory of which the flight will depart. Where the flight is code-shared between one or more air carriers, the obligation to transfer the PNR data of all passengers on the flight shall be on the air carrier that operates the flight. Where the flight has one or more stop-overs at the airports of the Member States, air carriers shall transfer the PNR data to the Passenger Information Units of all the Member States concerned.

1. Member States shall adopt the necessary measures to ensure that air carriers transfer ('push') the PNR data as defined in Article 2(c) and specified in the Annex, to the extent that such data are being collected in the normal course of their business, to the database of the national Passenger Information Unit of the Member State on the territory of which the international flight will land or from the territory of which the flight will depart. Where the flight is code-shared between one or more air carriers, the obligation to transfer the PNR data of all passengers on the flight shall be on the air carrier that operates the flight. Where the flight has one or more stop-overs at the airports of the Member States, air carriers shall transfer the PNR data to the Passenger Information Units of all the Member States concerned.

Amendment    48

Proposal for a directive

Article 6 – paragraph 1 a (new)

Text proposed by the Commission

Amendment

1a. In cases where the air carriers and non-carrier economic operators have collected any advance passenger information (API) data listed under item (18) of Annex 1 to this Directive but do not retain those data as part of the PNR data, Member States shall adopt the necessary measures to ensure that air carriers and non-carrier economic operators also transfer ('push') those data to the Passenger Information Unit of the Member State referred to in paragraph 1. In the event of such a transfer, all the provisions of this Directive shall apply in relation to those API data as if they were part of the PNR data.

Amendment    49

Proposal for a directive

Article 6 – paragraph 2 – introductory part

Text proposed by the Commission

Amendment

2. Air carriers shall transfer PNR data by electronic means using the common protocols and supported data formats to be adopted in accordance with the procedure of Articles 13 and 14 or, in the event of technical failure, by any other appropriate means ensuring an appropriate level of data security:

2. Air carriers and non-carrier economic operators shall transfer PNR data by electronic means using the common protocols and supported data formats to be adopted in accordance with the procedure of Articles 13 and 14 or, in the event of technical failure, by any other appropriate means ensuring an appropriate level of data security:

Amendment    50

Proposal for a directive

Article 6 – paragraph 2 – point a – introductory part

Text proposed by the Commission

Amendment

(a) 24 to 48 hours before the scheduled time for flight departure;

(a) once 24 to 48 hours before the scheduled time for flight departure;

Amendment    51

Proposal for a directive

Article 6 – paragraph 2 – point b

Text proposed by the Commission

Amendment

(b) immediately after flight closure, that is once the passengers have boarded the aircraft in preparation for departure and it is no longer possible for further passengers to board.

(b) once immediately after flight closure, that is once the passengers have boarded the aircraft in preparation for departure and it is no longer possible for further passengers to board.

Amendment    52

Proposal for a directive

Article 6 – paragraph 3

Text proposed by the Commission

Amendment

3. Member States may permit air carriers to limit the transfer referred to in point (b) of paragraph 2 to updates of the transfer referred to in point (a) of paragraph 2.

3. Member States may permit air carriers and non-carrier economic operators to limit the transfer referred to in point (b) of paragraph 2 to updates of the transfer referred to in point (a) of paragraph 2.

Amendment    53

Proposal for a directive

Article 6 – paragraph 4

Text proposed by the Commission

Amendment

4. On a case-by-case basis, upon request from a Passenger Information Unit in accordance with national law, air carriers shall transfer PNR data where access earlier than that mentioned in point (a) of paragraph 2 is necessary to assist in responding to a specific and actual threat related to terrorist offences or serious crime.

4. On a case-by-case basis, upon request from a Passenger Information Unit in accordance with national law, air carriers and non-carrier economic operators shall transfer PNR data where access earlier than that mentioned in point (a) of paragraph 2 is necessary to assist in responding to a specific and actual threat related to terrorist offences or serious crime.

Amendment    54

Proposal for a directive

Article 6 – paragraph 4

Text proposed by the Commission

Amendment

4. On a case-by-case basis, upon request from a Passenger Information Unit in accordance with national law, air carriers shall transfer PNR data where access earlier than that mentioned in point (a) of paragraph 2 is necessary to assist in responding to a specific and actual threat related to terrorist offences or serious crime.

4. On a case-by-case basis, upon request from a Passenger Information Unit in accordance with national law, air carriers shall transfer PNR data where access earlier than that mentioned in point (a) of paragraph 2 is necessary to assist in responding to a specific and actual threat related to terrorist offences or serious transnational crime.

Amendment    55

Proposal for a directive

Article 6 – paragraph 4

Text proposed by the Commission

Amendment

4. On a case-by-case basis, upon request from a Passenger Information Unit in accordance with national law, air carriers shall transfer PNR data where access earlier than that mentioned in point (a) of paragraph 2 is necessary to assist in responding to a specific and actual threat related to terrorist offences or serious crime.

4. On a case-by-case basis, upon request from a Passenger Information Unit in accordance with national law, air carriers shall provide PNR data where access earlier than that mentioned in point (a) of paragraph 2 is necessary to assist in responding to a specific and actual threat related to terrorist offences or serious crime.

Amendment    56

Proposal for a directive

Article 7 – paragraph 4

Text proposed by the Commission

Amendment

4. Only in those cases where it is necessary for the prevention of an immediate and serious threat to public security may the competent authorities of a Member State request directly the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’s database in accordance with Article 9(1) and (2). Such requests shall relate to a specific investigation or prosecution of terrorist offences or serious crime and shall be reasoned. Passenger Information Units shall respond to such requests as a matter of priority. In all other cases the competent authorities shall channel their requests through the Passenger Information Unit of their own Member State.

4. Only in those cases where it is necessary for the prevention of an immediate and serious threat to public security may the competent authorities of a Member State request directly the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’s database in accordance with Article 9(1) and (2). Such requests shall relate to a specific investigation or prosecution of terrorist offences or serious transnational crime and shall be reasoned. Passenger Information Units shall respond to such requests as a matter of priority. In all other cases the competent authorities shall channel their requests through the Passenger Information Unit of their own Member State.

Amendment    57

Proposal for a directive

Article 8 – introductory part

Text proposed by the Commission

Amendment

A Member State may transfer PNR data and the results of the processing of PNR data to a third country, only on a case-by-case basis and if:

In view of the importance of coherence between the internal and the external aspects of security, and in order to improve international cooperation, a Member State may transfer PNR data and the results of the processing of PNR data to a third country, only on a case-by-case basis and if:

Amendment    58

Proposal for a directive

Article 8 – paragraph 1 – point a

Text proposed by the Commission

Amendment

(a) the conditions laid down in Article 13 of Council Framework Decision 2008/977/JHA are fulfilled,

deleted

Amendment    59

Proposal for a directive

Article 8 – paragraph 1 – point b

Text proposed by the Commission

Amendment

(b) the transfer is necessary for the purposes of this Directive specified in Article 1(2), and

(b) the transfer is necessary for the purposes of this Directive specified in Article 1(2),

Amendment    60

Proposal for a directive

Article 8 – paragraph 1 – point b

Text proposed by the Commission

Amendment

b) the transfer is necessary for the purposes of this Directive specified in Article 1(2), and

b) the transfer is necessary for and proportionate to the purposes of this Directive specified in Article 1(2), and

Amendment    61

Proposal for a directive

Article 8 – paragraph 1 – point b a (new)

 

Text proposed by the Commission

Amendment

(ba) the receiving authority in the third country or receiving international body is responsible for the prevention, investigation, detection or prosecution of international terrorist acts or serious transnational crimes,

Amendment    62

Proposal for a directive

Article 8 – paragraph 1 – point b b (new)

Text proposed by the Commission

Amendment

(bb) the request of the receiving authority in the third country or receiving international body has been dependent on a court or an independent administrative body whose decision seeks to limit access to the data in the third country and their use to what is strictly necessary for the purpose of attaining the objective pursued and which intervenes following a reasoned request of those authorities submitted within the framework of preventing, investigating, detecting or prosecuting international terrorist acts or serious transnational crimes,

Amendment    63

Proposal for a directive

Article 8 – paragraph 1 – point b c (new)

Text proposed by the Commission

Amendment

(bc) the Member State from which the data were obtained has given its consent to transfer in compliance with its national law,

Amendment    64

Proposal for a directive

Article 8 – paragraph 1 – point b d (new)

Text proposed by the Commission

Amendment

(bd) the period of retention in the third country or international body is based on objective criteria in order to ensure that it is limited to what is strictly necessary,

Amendment    65

Proposal for a directive

Article 8 – paragraph 1 – point c

Text proposed by the Commission

Amendment

(c) the third country agrees to transfer the data to another third country only where it is necessary for the purposes of this Directive specified in Article 1(2) and only with the express authorisation of the Member State.

(c) the third country receiving the data agrees to transfer the data to another third country only where it is necessary for the purposes of this Directive specified in Article 1(2) and if the conditions of Article 8(a) are met.

Amendment    66

Proposal for a directive

Article 9 – paragraph 1

Text proposed by the Commission

Amendment

1. Member States shall ensure that the PNR data provided by the air carriers to the Passenger Information Unit are retained in a database at the Passenger Information Unit for a period of 30 days after their transfer to the Passenger Information Unit of the first Member State on whose territory the international flight is landing or departing.

1. Member States shall ensure that the PNR data provided by the air carriers and non-carrier economic operators to the Passenger Information Unit are retained in a database at the Passenger Information Unit for a period of 30 days after their transfer to the Passenger Information Unit of the first Member State on whose territory the international flight is landing or departing.

Amendment    67

Proposal for a directive

Article 9 – paragraph 1

Text proposed by the Commission

Amendment

1. Member States shall ensure that the PNR data provided by the air carriers to the Passenger Information Unit are retained in a database at the Passenger Information Unit for a period of 30 days after their transfer to the Passenger Information Unit of the first Member State on whose territory the international flight is landing or departing.

1. Member States shall ensure that the PNR data provided by the air carriers to the Passenger Information Unit are retained in a database at the Passenger Information Unit for a period of 60 days after their transfer to the Passenger Information Unit of the first Member State on whose territory the international flight is landing or departing.

Amendment    68

Proposal for a directive

Article 9 – paragraph 2 – subparagraph 1

Text proposed by the Commission

Amendment

Upon expiry of the period of 30 days after the transfer of the PNR data to the Passenger Information Unit referred to in paragraph 1, the data shall be retained at the Passenger Information Unit for a further period of five years. During this period, all data elements which could serve to identify the passenger to whom PNR data relate shall be masked out. Such anonymised PNR data shall be accessible only to a limited number of personnel of the Passenger Information Unit specifically authorised to carry out analysis of PNR data and develop assessment criteria according to Article 4(2)(d). Access to the full PNR data shall be permitted only by the Head of the Passenger Information Unit for the purposes of Article 4(2)(c) and where it could be reasonably believed that it is necessary to carry out an investigation and in response to a specific and actual threat or risk or a specific investigation or prosecution.

Upon expiry of the period of 60 days after the transfer of the PNR data to the Passenger Information Unit referred to in paragraph 1, the data shall be retained at the Passenger Information Unit for a further period of five years. During this period, all data elements which could serve to identify the passenger to whom PNR data relate shall be masked out. Such anonymised PNR data shall be accessible only to a limited number of personnel of the Passenger Information Unit specifically authorised to carry out analysis of PNR data and develop assessment criteria according to Article 4(2)(d). Access to the full PNR data shall be permitted only by the Head of the Passenger Information Unit for the purposes of Article 4(2)(c) and where it could be reasonably believed that it is necessary to carry out an investigation and in response to a specific and actual threat or risk or a specific investigation or prosecution.

Amendment    69

Proposal for a directive

Article 9 – paragraph 2 – subparagraph 1

Text proposed by the Commission

Amendment

Upon expiry of the period of 30 days after the transfer of the PNR data to the Passenger Information Unit referred to in paragraph 1, the data shall be retained at the Passenger Information Unit for a further period of five years. During this period, all data elements which could serve to identify the passenger to whom PNR data relate shall be masked out. Such anonymised PNR data shall be accessible only to a limited number of personnel of the Passenger Information Unit specifically authorised to carry out analysis of PNR data and develop assessment criteria according to Article 4(2)(d). Access to the full PNR data shall be permitted only by the Head of the Passenger Information Unit for the purposes of Article 4(2)(c) and where it could be reasonably believed that it is necessary to carry out an investigation and in response to a specific and actual threat or risk or a specific investigation or prosecution.

Upon expiry of the period of 30 days after the transfer of the PNR data to the Passenger Information Unit referred to in paragraph 1, the data shall be retained at the Passenger Information Unit for a further period of five years. During this period, all data elements which could serve to identify the passenger to whom PNR data relate shall be masked out. Such masked out PNR data shall be accessible only to a limited number of personnel of the Passenger Information Unit specifically authorised to carry out analysis of PNR data and develop assessment criteria according to Article 4(2)(d). Access to the full PNR data shall be permitted only by the Head of the Passenger Information Unit for the purposes of Article 4(2)(c) and where it could be reasonably believed that it is necessary to carry out an investigation and in response to a specific and actual threat or risk or a specific investigation or prosecution.

Amendment    70

Proposal for a directive

Article 9 – paragraph 2 – subparagraph 2 – indent 1

Text proposed by the Commission

Amendment

– Name (s), including the names of other passengers on PNR and number of travellers on PNR travelling together;

Name (s), including the names of other passengers on PNR, emergency contact names and number of travellers on PNR travelling together;

Amendment    71

Proposal for a directive

Article 9 – paragraph 2 – subparagraph 2 – indent 2 a (new)

Text proposed by the Commission

Amendment

 

- telephone numbers and email addresses, including those of any emergency contacts;

Amendment    72

Proposal for a directive

Article 9 – paragraph 2 – subparagraph 2 – indent 2 b (new)

Text proposed by the Commission

Amendment

 

- the ‘frequent flyer’ programme to which the passenger belongs, together with the relevant code number;

Amendment    73

Proposal for a directive

Article 9 – paragraph 2 – subparagraph 2 – indent 2 c (new)

Text proposed by the Commission

Amendment

 

- the IP address from which the reservation was made;

Amendment    74

Proposal for a directive

Article 9 – paragraph 3

Text proposed by the Commission

Amendment

3. Member States shall ensure that the PNR data are deleted upon expiry of the period specified in paragraph 2. This obligation shall be without prejudice to cases where specific PNR data have been transferred to a competent authority and are used in the context of specific criminal investigations or prosecutions, in which case the retention of such data by the competent authority shall be regulated by the national law of the Member State.

3. Member States shall ensure that the PNR data are permanently deleted upon expiry of the period specified in paragraph 2. This obligation shall be without prejudice to cases where specific PNR data have been transferred to a competent authority and are used in the context of specific criminal investigations or prosecutions, in which case the retention of such data by the competent authority shall be regulated by the national law of the Member State.

Amendment    75

Proposal for a directive

Article 10 – title

Text proposed by the Commission

Amendment

Penalties against air carriers

Penalties against air carriers and non-carrier economic operators

Amendment    76

Proposal for a directive

Article 10 – paragraph 1

Text proposed by the Commission

Amendment

Member States shall ensure, in conformity with their national law, that dissuasive, effective and proportionate penalties, including financial penalties, are provided for against air carriers which, do not transmit the data required under this Directive, to the extent that they are already collected by the them, or do not do so in the required format or otherwise infringe the national provisions adopted pursuant to this Directive.

Member States shall ensure, in conformity with their national law, that dissuasive, effective and proportionate penalties, including financial penalties, are provided for against air carriers and non-carrier economic operators which, do not transmit the data required under this Directive, to the extent that they are already collected by the them, or do not do so in the required format or otherwise infringe the national provisions adopted pursuant to this Directive.

Amendment    77

Proposal for a directive

Article 11 – paragraph 3

Text proposed by the Commission

Amendment

3. Any processing of PNR data revealing a person’s race or ethnic origin, religious or philosophical belief, political opinion, trade union membership, health or sexual life shall be prohibited. In the event that PNR data revealing such information are received by the Passenger Information Unit they shall be deleted immediately.

3. Any processing of PNR data revealing a person's gender, colour, ethnic or social origin, genetic features, language, religion or philosophical belief, political opinion, trade union membership, membership of a national minority, property, birth, disability, age health or sexual orientation shall be prohibited. It is prohibited for airlines to transfer such data, but, in the event that PNR data revealing such information are received by the Passenger Information Unit they shall be deleted immediately.

Amendment    78

Proposal for a directive

Article 11 – paragraph 4

Text proposed by the Commission

Amendment

4. All processing of PNR data by air carriers, all transfers of PNR data by Passenger Information Units and all requests by competent authorities or Passenger Information Units of other Member States and third countries, even if refused, shall be logged or documented by the Passenger Information Unit and the competent authorities for the purposes of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of data processing, in particular by the national data protection supervisory authorities. These logs shall be kept for a period of five years unless the underlying data have not yet been deleted in accordance with Article 9(3) at the expiry of those five years, in which case the logs shall be kept until the underlying data are deleted.

4. All processing of PNR data by air carriers and non-carrier economic operators, all transfers of PNR data by Passenger Information Units and all requests by competent authorities or Passenger Information Units of other Member States and third countries, even if refused, shall be logged or documented by the Passenger Information Unit and the competent authorities for the purposes of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of data processing, in particular by the national data protection supervisory authorities. These logs shall be kept for a period of five years unless the underlying data have not yet been deleted in accordance with Article 9(3) at the expiry of those five years, in which case the logs shall be kept until the underlying data are deleted.

Amendment    79

Proposal for a directive

Article 11 – paragraph 4

Text proposed by the Commission

Amendment

4. All processing of PNR data by air carriers, all transfers of PNR data by Passenger Information Units and all requests by competent authorities or Passenger Information Units of other Member States and third countries, even if refused, shall be logged or documented by the Passenger Information Unit and the competent authorities for the purposes of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of data processing, in particular by the national data protection supervisory authorities. These logs shall be kept for a period of five years unless the underlying data have not yet been deleted in accordance with Article 9(3) at the expiry of those five years, in which case the logs shall be kept until the underlying data are deleted.

4. All processing of PNR data, all transfers of PNR data by Passenger Information Units and all requests by competent authorities or Passenger Information Units of other Member States and third countries, even if refused, shall be logged or documented by the Passenger Information Unit and the competent authorities for the purposes of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of data processing, in particular by the national data protection supervisory authorities. These logs shall be kept for a period of five years unless the underlying data have not yet been deleted in accordance with Article 9(3) at the expiry of those five years, in which case the logs shall be kept until the underlying data are deleted.

Amendment    80

Proposal for a directive

Article 11 – paragraph 4 a (new)

Text proposed by the Commission

Amendment

 

4a. A particularly high security standard shall be used for the protection of all data, geared to the latest developments in expert discussions on data protection, and constantly updated to include new knowledge and insights. Economic aspects shall be taken into account as a secondary concern at most when the relevant decisions on the security standards to be applied are taken.

 

In particular, a state of the art encryption process shall be used which:

 

- ensures that data-processing systems cannot be used by unauthorised persons;

 

- ensures that authorised users of a data-processing system can access no data other than those to which their access right refers, and that personal data cannot be read, copied, changed or removed without authorisation when being processed or used and after retention;

 

- ensures that personal data cannot be read, copied, changed or removed without authorisation when being electronically transmitted or during transport or saving to a storage medium, and ensures that it is possible to check and establish to which locations personal data are to be transferred by data transmission facilities.

 

The possibility of retrospectively checking and establishing whether and by whom personal data have been entered in data-processing systems, changed or removed shall be guaranteed.

 

It shall be guaranteed that personal data processed under contract may be processed only in accordance with the contracting entity's instructions.

 

The protection of personal data against accidental destruction or loss shall be guaranteed.

 

The possibility of processing data collected for different purposes separately shall be guaranteed.

Amendment    81

Proposal for a directive

Article 12 a (new)

Text proposed by the Commission

Amendment

 

Article 12a

 

Sunset Clause

 

1. This directive shall cease to apply ...*.

 

2. In addition, the application, impact and effectiveness of this Directive shall be subject to independent review, evaluation and oversight by one or more of the following entities:

 

(a) the European Parliament;

 

(b) the Commission;

 

(c) the Committee referred to in Article 14 of this Directive.

 

This process shall be concluded by ...**.

 

______________

 

* OJ: please insert a date: 4 years after entry into force of this Directive.

 

** OJ: please enter a date: 3 years after entry into force of this Directive.

Justification

The termination or renewal of this Directive should only occur after the impact and effectiveness of the Directive has been reviewed and evaluated.

Amendment    82

Proposal for a directive

Article 13 – paragraph 1

Text proposed by the Commission

Amendment

1. All transfers of PNR data by air carriers to the Passenger Information Units for the purposes of this Directive shall be made by electronic means or, in the event of technical failure, by any other appropriate means, for a period of one year following the adoption of the common protocols and supported data formats in accordance with Article 14.

1. All transfers of PNR data by air carriers and non-carrier economic operators to the Passenger Information Units for the purposes of this Directive shall be made by electronic means or, in the event of technical failure, by any other appropriate means, for a period of one year following the adoption of the common protocols and supported data formats in accordance with Article 14.

Amendment    83

Proposal for a directive

Article 13 – paragraph 2

Text proposed by the Commission

Amendment

2. Once the period of one year from the date of adoption of the common protocols and supported data formats has elapsed, all transfers of PNR data by air carriers to the Passenger Information Units for the purposes of this Directive shall be made electronically using secure methods in the form of accepted common protocols which shall be common to all transfers to ensure the security of the data during transfer, and in a supported data format to ensure their readability by all parties involved. All air carriers shall be required to select and identify to the Passenger Information Unit the common protocol and data format that they intend to use for their transfers.

2. Once the period of one year from the date of adoption of the common protocols and supported data formats has elapsed, all transfers of PNR data by air carriers and non-carrier economic operators to the Passenger Information Units for the purposes of this Directive shall be made electronically using secure methods in the form of accepted common protocols which shall be common to all transfers to ensure the security of the data during transfer, and in a supported data format to ensure their readability by all parties involved. All air carriers and non-carrier economic operators shall be required to select and identify to the Passenger Information Unit the common protocol and data format that they intend to use for their transfers.

Amendment    84

Proposal for a directive

Article 16 – paragraph 1

Text proposed by the Commission

Amendment

Upon the date referred to in Article 15(1), i.e. two years after the entry into force of this Directive, Member States shall ensure that the PNR data of at least 30% of all flights referred to in Article 6(1) are collected. Until two years after the date referred to in Article 15, Member States shall ensure that the PNR data from at least 60 % of all flights referred to in Article 6(1) are collected. Member States shall ensure that from four years after the date referred to in Article 15, the PNR data from all flights referred to in Article 6(1) are collected.

deleted

Justification

Given the importance of the purpose for which the PNR data is collected and processed, as well as the varied, sophisticated and international nature of the threat posed, it is necessary to have a system which operates on a 100 % collection basis both within the EU, and with third countries in order for the system to be fully effective. The collection of 100 % data also reduces the risk of profiling.

Amendment    85

Proposal for a directive

Article 17 – paragraph 1 – point a

Text proposed by the Commission

Amendment

a) review the feasibility and necessity of including internal flights in the scope of this Directive, in the light of the experience gained by those Member States that collect PNR data with regard to internal flights. The Commission shall submit a report to the European Parliament and the Council within two years after the date mentioned in Article 15(1);

deleted

Amendment    86

Proposal for a directive

Article 17 – paragraph 1 – point b

 

Text proposed by the Commission

Amendment

(b) undertake a review of the operation of this Directive and submit a report to the European Parliament and the Council within four years after the date mentioned in Article 15(1). Such review shall cover all the elements of this Directive, with special attention to the compliance with standard of protection of personal data, the length of the data retention period and the quality of the assessments. It shall also contain the statistical information gathered pursuant to Article 18.

(b) undertake a review of the operation of this Directive and submit a report to the European Parliament and the Council within four years after the date mentioned in Article 15(1). Such review shall cover all the elements of this Directive, with special attention to the compliance with standard of protection of personal data, including in cases of transfers of data to third countries, the length of the data retention period and the quality of the assessments. It shall also contain the statistical information gathered pursuant to Article 18.

Amendment    87

Proposal for a directive

Article 17 – paragraph 1 – point b

Text proposed by the Commission

Amendment

(b) undertake a review of the operation of this Directive and submit a report to the European Parliament and the Council within four years after the date mentioned in Article 15(1). Such review shall cover all the elements of this Directive, with special attention to the compliance with standard of protection of personal data, the length of the data retention period and the quality of the assessments. It shall also contain the statistical information gathered pursuant to Article 18.

(b) undertake a review of this Directive and submit a report to the European Parliament and the Council within four years after the date mentioned in Article 15(1). Such review shall firstly determine whether the PNR scheme is really a necessary measure and secondly, cover all the elements of this Directive, with special attention to the compliance with standard of protection of personal data, the length of the data retention period and the quality of the assessments. It shall also contain the statistical information gathered pursuant to Article 18.

Justification

The review should concern not only the application of the Directive but should also establish whether the PNR data are being used for the stated aims or whether the Directive really needs to exist.

Amendment    88

Proposal for a directive

Article 18 – paragraph 1

Text proposed by the Commission

Amendment

1. Member States shall prepare a set of statistical information on PNR data provided to the Passenger Information Units. Such statistics shall as a minimum cover the number of identifications of any persons who may be involved in a terrorist offence or serious crime according to Article 4(2) and the number of subsequent law enforcement actions that were taken involving the use of PNR data per air carrier and destination.

1. Member States shall prepare a set of statistical information on PNR data provided to the Passenger Information Units. Such statistics shall as a minimum cover the number of identifications of any persons who may be involved in a terrorist offence or serious transnational crime according to Article 4(2) and the number of subsequent law enforcement actions that were taken involving the use of PNR data per air carrier and destination.

Amendment    89

Proposal for a directive

Article 19 – paragraph 2

Text proposed by the Commission

Amendment

2. This Directive is without prejudice to any obligations and commitments of the Union by virtue of bilateral and/or multilateral agreements with third countries.

2. This Directive is without prejudice to any obligations and commitments of the Union by virtue of bilateral and/or multilateral agreements with third countries, but any new agreements with third countries shall not include provisions which lower the level of data protection below that which is provided for in this Directive.

Justification

Any PNR agreements with third countries must ensure at least the same level as protection as that afforded by this directive.

Amendment    90

Proposal for a directive

Annex – title

Text proposed by the Commission

Amendment

Passenger Name Record data as far as collected by air carriers

Passenger Name Record data as far as collected by air carriers and non-carrier economic operators

PROCEDURE

Title

Use of Passenger Name Record data (EU PNR)

References

COM(2011)0032 – C7-0039/2011 – 2011/0023(COD)

Committee responsible

       Date announced in plenary

LIBE

14.2.2011

 

 

 

Opinion by

       Date announced in plenary

AFET

14.2.2011

Rapporteur

       Date appointed

Arnaud Danjean

13.1.2015

Discussed in committee

30.3.2015

 

 

 

Date adopted

4.5.2015

 

 

 

Result of final vote

+:

–:

0:

41

5

10

Members present for the final vote

Lars Adaktusson, Michèle Alliot-Marie, Francisco Assis, Petras Auštrevičius, Bas Belder, Goffredo Maria Bettini, Mario Borghezio, Klaus Buchner, Fabio Massimo Castaldo, Lorenzo Cesa, Aymeric Chauprade, Arnaud Danjean, Mark Demesmaeker, Georgios Epitideios, Anna Elżbieta Fotyga, Eugen Freund, Michael Gahler, Sandra Kalniete, Eduard Kukan, Barbara Lochbihler, Sabine Lösing, Andrejs Mamikins, Ramona Nicole Mănescu, David McAllister, Francisco José Millán Mon, Javier Nart, Ioan Mircea Pașcu, Tonino Picula, Kati Piri, Cristian Dan Preda, Jozo Radoš, Sofia Sakorafa, Jaromír Štětina, Charles Tannock, Johannes Cornelis van Baalen, Geoffrey Van Orden

Substitutes present for the final vote

Reinhard Bütikofer, Neena Gill, Ana Gomes, Andrzej Grzyb, Liisa Jaakonsaari, Anneli Jäätteenmäki, Marek Jurek, Antonio López-Istúriz White, Norbert Neuser, Urmas Paet, Gilles Pargneaux, Soraya Post, Marietje Schaake, Renate Sommer, István Ujhelyi, Traian Ungureanu, Paavo Väyrynen, Janusz Zemke

Substitutes under Rule 200(2) present for the final vote

Victor Boștinaru, Jonás Fernández


OPINION of the Committee on Transport and Tourism (29.4.2015)

for the Committee on Civil Liberties, Justice and Home Affairs

on the proposal for a directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime

(COM(2011)0032 – C7-0039/2011 – 2011/0023(COD))

Rapporteur: Michael Cramer

PA_Legam

SHORT JUSTIFICATION

This Commission proposal for a directive on the analysis of passenger data arises from the legislative procedure for a framework decision on the subject becoming null and void as a result of the Lisbon Treaty coming into force.

Some of the criticisms made of the proposal in 2008 have been taken into account. Yet considerable concern remains regarding the need for these measures and their proportionality; such concern has been voiced by the European Data Protection Supervisor(1), the EU Agency for Fundamental Rights(2) and the Council’s Legal Service(3). The proposal must be amended in such a way that necessity and proportionality are included. As the example of the judgment of the Romanian Constitutional Court on data retention(4) showed, it is not certain that EU laws containing such disputed curtailment of fundamental rights can in fact be transposed in the Member States. In its judgment on data retention(5), the German Constitutional Court gave a clear warning that further retention measures – including at EU level – might easily result in overstepping the absolute cumulative limit beyond which even people who are completely above suspicion are subject to surveillance, in contravention of their fundamental rights.

The financial cost of data retention is considerable. In 2007 the Commission estimated that the one-off set-up cost (without follow-on costs) for all Member States was EUR 614 833 187. The set-up cost for EU airlines (not counting airlines from third countries) would be EUR 11 647 116, with annual operating costs of EUR 2 250 080 with PUSH twice per passenger.

The rapporteur proposes calling on the Commission to undertake a study into the costs and proposing action where necessary.

In order to guarantee the proportionality of the Directive, the rapporteur proposes reducing its scope:

•  The analysis of PNR data must be undertaken solely for the prevention, detection, investigation and prosecution of terrorist offences. These terrorist offences must be more rigidly defined and limited to the situations set out in Article 1 of Framework Decision 2002/475/JI. There is no need to include the offences set out in Articles 2 to 4 of the Framework Decision, as the term ‘prevention’ of a terrorist offence covers the preparations for and organisation, etc., of such an act.

•  Passenger data should not be analysed in connection with ‘serious crime’ as referred to in the draft, since the definition given of ‘serious crime’ is far too broad. It includes ‘everyday’ offences such as fraud and also ‘minor offences’, which the Commission is also of the view that it would be disproportionate to include (see Article 2(h)).

•  In addition, the methods used for data processing should be more precisely defined (Article 4).

•  The transfer of data (Articles 7 and 8) should be limited to cases in which this is necessary for the prevention, detection, investigation and prosecution of a specific terrorist offence and should, where third countries are involved, be conditional on the provision of appropriate data protection guarantees.

•  The retention period should be considerably reduced. The proposed retention period of 30 days takes the above concerns regarding fundamental rights into consideration and should be sufficient for cases of serious suspicion or urgent suspicion. Older data can be accessed at any time by national authorities from the information retained for several months by airlines or reservation systems, as long as there is reasonable suspicion and the procedures comply with the principles of the rule of law. This requires no new legal basis.

•  The rights of passengers concerning the security and confidentiality of data and to access, rectification, erasure and blocking, and the right to compensation and judicial redress need to be reinforced. In particular the right of access, severely limited in the Framework Directive, must be improved. The rapporteur proposes applying the internal rules based on Directive 95/46/EC to PNR data processing, even if the Directive in question does not in principle apply to police and judicial cooperation between Member States (see Article 3 of the Directive). Ultimately a solution to the question of data protection is necessary for the areas of justice and home affairs as a result of the Lisbon Treaty coming into force.

•  Only data required for the purposes of the Directive should be provided.

AMENDMENTS

The Committee on Transport and Tourism calls on the Committee on Civil Liberties, Justice and Home Affairs, as the committee responsible, to incorporate the following amendments in its report:

Amendment    1

Proposal for a directive

Recital 4

Text proposed by the Commission

Amendment

(4) Council Directive 2004/82/EC of 29 April 2004 on the obligation of air carriers to communicate passenger data regulates the transfer of advance passenger information by air carriers to the competent national authorities for the purpose of improving border controls and combating irregular immigration.

(4) Council Directive 2004/82/EC of 29 April 2004 on the obligation of air carriers to communicate passenger data regulates the transfer of advance passenger information by air carriers to the competent national authorities for the purpose of improving border controls and combating illegal immigration.

Amendment    2

Proposal for a directive

Recital 5

Text proposed by the Commission

Amendment

(5) PNR data are necessary to effectively prevent, detect, investigate and prosecute terrorist offences and serious crime and thus enhance internal security.

(5) PNR data may be a useful means to effectively prevent, detect, investigate and prosecute terrorist offences and certain types of serious crime of a transnational nature and thus enhance internal security.

Justification

"Serious transnational crime", especially trafficking in human beings, illicit drugs trafficking and illicit arms trafficking, are also relevant and serious crime types, the prevention of which may be helped by the use of PNR data. By narrowing the scope of the Directive by deleting "serious crime", the use of PNR data is focused on the cross-border offences where this data is most relevant and effective.

Amendment    3

Proposal for a directive

Recital 6

Text proposed by the Commission

Amendment

(6) PNR data help law enforcement authorities prevent, detect, investigate and prosecute serious crimes, including acts of terrorism, by comparing them with various databases of persons and objects sought, to construct evidence and, where relevant, to find associates of criminals and unravel criminal networks.

(6) PNR data can help law enforcement authorities prevent, detect, investigate and prosecute serious transnational crimes, including acts of terrorism, by comparing them with various databases of persons and objects sought, to find the necessary evidence and, where relevant, to find associates of criminals and unravel criminal networks.

Amendment    4

Proposal for a directive

Recital 7

Text proposed by the Commission

Amendment

(7) PNR data enable law enforcement authorities to identify persons who were previously "unknown", i.e. persons previously unsuspected of involvement in serious crime and terrorism, but whom an analysis of the data suggests may be involved in such crime and who should therefore be subject to further examination by the competent authorities. By using PNR data law enforcement authorities can address the threat of serious crime and terrorism from a different perspective than through the processing of other categories of personal data. However, in order to ensure that the processing of data of innocent and unsuspected persons remains as limited as possible, the aspects of the use of PNR data relating to the creation and application of assessment criteria should be further limited to serious crimes that are also transnational in nature, i.e. are intrinsically linked to travelling and hence the type of the data being processed.

deleted

Justification

The Rapporteur proposes to limit the use of PNR data of all passengers to the objective of prevention, detection, investigation and prosecution of terrorist offences by comparing with databases in particular on persons sought (Article 4 point b) or at the request of competent authorities in specific cases (Article 4 point c).

Amendment    5

Proposal for a directive

Recital 11

Text proposed by the Commission

Amendment

(11) Air carriers already collect and process PNR data from their passengers for their own commercial purposes. This Directive should not impose any obligation on air carriers to collect or retain any additional data from passengers or to impose any obligation on passengers to provide any data in addition to that already being provided to air carriers.

(11) Air carriers already collect and process PNR data from their passengers for their own commercial purposes. This Directive should not impose any obligation on air carriers to collect or retain any additional data from passengers or to impose any obligation on passengers to provide any data in addition to that already being provided to air carriers. Where air carriers do not routinely capture data in the normal course of business for commercial purposes, they should not be required to develop processes to capture such data.

Amendment    6

Proposal for a directive

Recital 12

Text proposed by the Commission

Amendment

(12) The definition of terrorist offences should be taken from Articles 1 to 4 of Council Framework Decision 2002/475/JHA on combating terrorism . The definition of serious crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA of 13 June 2002 on the European Arrest Warrant and the surrender procedure between Member States. However, Member States may exclude those minor offences for which, taking into account their respective criminal justice system, the processing of PNR data pursuant to this directive would not be in line with the principle of proportionality. The definition of serious transnational crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA and the United Nations Convention on Transnational Organised Crime.

(12) The definition of terrorist offences should be taken from Articles 1 to 4 of Council Framework Decision 2002/475/JHA on combating terrorism . The definition of serious transnational crime should be taken from Article 2 of Council Framework Decision 2002/584/JHA and the United Nations Convention against Transnational Organized Crime. Member States must exclude those offences for which, taking into account their respective criminal justice system, the processing of PNR data pursuant to this directive would not be in line with the principle of proportionality.

Amendment    7

Proposal for a directive

Recital 14

Text proposed by the Commission

Amendment

(14) The contents of any lists of required PNR data to be obtained by the Passenger Information Unit should be drawn up with the objective of reflecting the legitimate requirements of public authorities to prevent, detect, investigate and prosecute terrorist offences or serious crime, thereby improving internal security within the Union as well as protecting the fundamental rights of citizens, notably privacy and the protection of personal data. Such lists should not contain any personal data that could reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data concerning health or sexual life of the individual concerned. The PNR data should contain details on the passenger's reservation and travel itinerary which enable competent authorities to identify air passengers representing a threat to internal security.

(14) The contents of PNR data to be obtained by the Passenger Information Unit listed in the Annex to this Directive should be drawn up with the objective of reflecting the legitimate requirements of public authorities to prevent, detect, investigate and prosecute terrorist offences or serious crime, thereby improving internal security within the Union as well as protecting the fundamental rights of persons, notably privacy and the protection of personal data. Such data should not contain any personal data that could reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data concerning health or sexual life of the individual concerned. The PNR data should contain details on the passenger's reservation and travel itinerary which enable competent authorities to identify air passengers representing a threat to internal security.

Justification

The word ‘required’ in the English version could be confusing, since air carriers collect PNR data from among the data collected in the normal course of their business. They should not be forced to obtain or retain any additional passenger data, nor should any obligation be placed on passengers to provide any more data than air carriers would normally request in the normal course of their business.

Amendment    8

Proposal for a directive

Recital 15

Text proposed by the Commission

Amendment

(15) There are two possible methods of data transfer currently available: the ‘pull’ method, under which the competent authorities of the Member State requiring the data can reach into (access) the air carrier’s reservation system and extract (‘pull’) a copy of the required data, and the ‘push’ method, under which air carriers transfer (‘push’) the required PNR data to the authority requesting them, thus allowing air carriers to retain control of what data is provided. The ‘push’ method is considered to offer a higher degree of data protection and should be mandatory for all air carriers.

(15) There are two possible methods of data transfer currently available: the ‘pull’ method, under which the competent authorities of the Member State requiring the data can reach into (access) the air carrier’s reservation system and extract (‘pull’) a copy of the required data, and the ‘push’ method, under which air carriers transfer (‘push’) the PNR data to the authority requesting them, thus allowing air carriers to retain control of what data is provided. The ‘push’ method offers a higher degree of data protection and should become mandatory, two years after the entry into force of this Directive, for all air carriers which already collect and process PNR data for commercial purposes and operate international flights to or from the territory of the Member States. Should PNR data be handled by Computerised Reservation Service (CRS) operators, the Code of Conduct for CRS (Regulation (EC) No. 80/2009 of the European Parliament and of the Council) applies.

Amendment    9

Proposal for a directive

Recital 17

Text proposed by the Commission

Amendment

(17) The Member States should take all necessary measures to enable air carriers to fulfil their obligations under this Directive. Dissuasive, effective and proportionate penalties, including financial ones, should be provided for by Member States against those air carriers failing to meet their obligations regarding the transfer of PNR data. Where there are repeated serious infringements which might undermine the basic objectives of this Directive, these penalties may include, in exceptional cases, measures such as the immobilisation, seizure and confiscation of the means of transport, or the temporary suspension or withdrawal of the operating licence.

(17) The Member States should take all necessary measures to enable air carriers to fulfil their obligations under this Directive. Dissuasive, effective and proportionate penalties, including financial ones, should be provided for by Member States against those air carriers failing to meet their obligations regarding the transfer of PNR data.

Justification

It may sometimes be the case that the responsibility does not lie with the air carriers, but with the third countries that do not provide the PNR data that they have. Penalties ought to be dissuasive, effective and proportionate, as the first part of the recital stipulates. The second part of the recital might be deemed to be disproportionate or to contradict the first part, which covers all types of penalties.

Amendment    10

Proposal for a directive

Recital 20

Text proposed by the Commission

Amendment

(20) Member States should share with other Member States the PNR data that they receive where such transfer is necessary for the prevention, detection, investigation or prosecution of terrorist offences or serious crime. The provisions of this Directive should be without prejudice to other Union instruments on the exchange of information between police and judicial authorities, including Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police Office (Europol) and Council Framework Decision 2006/960/JHA of 18 September 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union. Such exchange of PNR data between law enforcement and judicial authorities should be governed by the rules on police and judicial cooperation.

(20) Member States should share with other Member States the PNR data that they receive where such transfer is necessary for the prevention, detection, investigation or prosecution of terrorist offences or serious transnational crime as defined in this Directive. The provisions of this Directive should be without prejudice to other Union instruments on the exchange of information between police and judicial authorities, including Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police Office (Europol) and Council Framework Decision 2006/960/JHA of 18 September 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union. Such exchange of PNR data between law enforcement and judicial authorities should be governed by the rules on police and judicial cooperation.

Amendment    11

Proposal for a directive

Recital 21

Text proposed by the Commission

Amendment

(21) The period during which PNR data are to be retained should be proportionate to the purposes of the prevention, detection, investigation and prosecution of terrorist offences and serious crime. Because of the nature of the data and their uses, it is necessary that the PNR data are retained for a sufficiently long period for carrying out analysis and for use in investigations. In order to avoid disproportionate use, it is necessary that, after an initial period, the data are anonymised and only accessible under very strict and limited conditions.

(21) The period during which PNR data are to be retained should be proportionate to the purposes of the prevention, detection, investigation and prosecution of terrorist offences and serious crime. Because of the nature of the data and their uses, it is necessary that the PNR data are retained for a sufficiently long period for carrying out analysis and for use in investigations. In order to avoid disproportionate use, it is necessary that, after an initial period, the data are depersonalised and only accessible under very strict and limited conditions.

Amendment    12

Proposal for a directive

Recital 23

Text proposed by the Commission

Amendment

(23) The processing of PNR data domestically in each Member State by the Passenger Information Unit and by competent authorities should be subject to a standard of protection of personal data under their national law which is in line with Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (‘Framework Decision 2008/977/JHA’).

(23) The processing of PNR data domestically in each Member State by the Passenger Information Unit and by competent authorities should be subject to a standard of protection of personal data under their national law which is in line with Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (‘Framework Decision 2008/977/JHA’) and Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data1.

 

____________

 

1OJ L 281, 23.11.95, p.31.

Justification

Given that data of all air passengers are collected, the highest level of data protection standards should apply.

Amendment    13

Proposal for a directive

Recital 24

Text proposed by the Commission

Amendment

(24) Taking into consideration the right to the protection of personal data, the rights of the data subjects to processing of their PNR data, such as the right of access, the right of rectification, erasure and blocking, as well as the rights to compensation and judicial remedies, should be in line with Framework Decision 2008/977/JHA.

(24) Taking into consideration the right to the protection of personal data, the rights of the data subjects to processing of their PNR data, such as the right of access, the right of rectification, erasure and blocking, as well as the rights to compensation and judicial remedies, should be in line with Framework Decision 2008/977/JHA and Directive 95/46/EC.

Justification

Given that data of all air passengers are collected, the highest level of data protection standards should apply.

Amendment    14

Proposal for a directive

Recital 25 a (new)

Text proposed by the Commission

Amendment

 

(25a) Member States should ensure that the costs arising from measures taken to use PNR data are not passed on to passengers.

Amendment    15

Proposal for a directive

Recital 28

Text proposed by the Commission

Amendment

(28) This Directive does not affect the possibility for Member States to provide, under their domestic law, for a system of collection and handling of PNR data for purposes other than those specified in this Directive, or from transportation providers other than those specified in the Directive, regarding internal flights subject to compliance with relevant data protection provisions, provided that such domestic law respects the Union acquis. The issue of the collection of PNR data on internal flights should be the subject of specific reflection at a future date.

deleted

Justification

In order to provide legal certainty both for passenger's data protection and operators' economic interests, Member States should not collect other PNR data than those defined in this Regulation.

Amendment    16

Proposal for a directive

Recital 28 b (new)

Text proposed by the Commission

Amendment

 

(28 b) The transmission of PNR data should be limited to cases where it is indispensable for the prevention and detection of specific terrorist offences, the conduct of investigations and the resultant legal proceedings and, where third countries are involved, only if equivalent data protection safeguards are in place;

Amendment    17

Proposal for a directive

Recital 32

Text proposed by the Commission

Amendment

(32) In particular, the scope of the Directive is as limited as possible, it allows retention of PNR data for period of time not exceeding 5 years, after which the data must be deleted, the data must be anonymised after a very short period, the collection and use of sensitive data is prohibited. In order to ensure efficiency and a high level of data protection, Member States are required to ensure that an independent national supervisory authority is responsible for advising and monitoring how PNR data are processed. All processing of PNR data must be logged or documented for the purpose of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of the data processing. Member States must also ensure that passengers are clearly and precisely informed about the collection of PNR data and their rights.

(32) In particular, the scope of the Directive is as limited as possible: it allows retention of PNR data for period of time not exceeding three months after which the data must be deleted; the data must after a very short period be masked out and made inaccessible except for a very limited and restricted number of authorised personnel, and the collection and use of sensitive data is prohibited. In order to ensure efficiency and a high level of data protection, Member States are required to ensure that an independent national supervisory authority is responsible for advising and monitoring how PNR data are processed. All processing of PNR data must be logged or documented for the purpose of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of the data processing. Member States must also ensure that passengers are clearly and precisely informed about the collection of PNR data and their rights.

Amendment    18

Proposal for a directive

Article 1 – paragraph 2 – point a

Text proposed by the Commission

Amendment

(a) The prevention, detection, investigation and prosecution of terrorist offences and serious crime according to Article 4(2)(b) and (c); and

(a) The prevention, detection, investigation and prosecution of terrorist offences and certain types of serious transnational crime as defined in point (i) of Article 2 and according to Article 4(2);

Amendment    19

Proposal for a directive

Article 1 – paragraph 2 – point b

Text proposed by the Commission

Amendment

(b) The prevention, detection, investigation and prosecution of terrorist offences and serious transnational crime according to Article 4(2)(a) and (d).

deleted

Justification

Covered under amended Article 1.2(a)

Amendment    20

Proposal for a directive

Article 1 – paragraph 2 a (new)

Text proposed by the Commission

Amendment

 

2a. PNR data collected in accordance with this Directive may not be processed for minor offences which are punishable by a custodial sentence or a detention order for a maximum period of less than three years under the national law of a Member State.

Amendment    21

Proposal for a directive

Article 1 – paragraph 2 a (new)

Text proposed by the Commission

Amendment

 

2a. This Directive shall not apply to flights within the Union or to means of transport other than airplanes.

Amendment    22

Proposal for a directive

Article 2 – paragraph 1 – point b

Text proposed by the Commission

Amendment

(b) ‘international flight’ means any scheduled or non-scheduled flight by an air carrier planned to land on the territory of a Member State originating in a third country or to depart from the territory of a Member State with a final destination in a third country, including in both cases any transfer or transit flights;

(b) ‘international flight’ means any scheduled or non-scheduled flight by an air carrier planned to land on the territory of a Member State originating in a third country or to depart from the territory of a Member State with a final destination in a third country;

Justification

Including transit and transfer flights means adding EU internal flights under the scope of the Directive.

1) S'agissant des vols de transfert: étant donné que les transmissions PNR concernent la totalité des vols et non les passagers, les demandes visant à inclure les vols de transfer équivalent à demander des transmissions PNR pour pratiquement tous les vols intra communautaires.2)S'agissant des vols de transit: les données PNR sont envoyées aux autorités des aéroports d'où les passagers débarquent de vols, (et non les autorités des aéroports de transit, où par définition, les passagers "n'attérissent" pas dans les contrôles de l'immigration). L'itinéraire d'un passager ne correspondra pas toujours au point de transit, ainsi cette clause ne permet pas de satisfaire le système des conditions de demande.

Amendment    23

Proposal for a directive

Article 2 – paragraph 1 – point c

Text proposed by the Commission

Amendment

(c) ‘Passenger Name Record’ or PNR data means a record of each passenger's travel requirements which contains information necessary to enable reservations to be processed and controlled by the booking and participating air carriers for each journey booked by or on behalf of any person, whether it is contained in reservation systems, Departure Control Systems (DCS) or equivalent systems providing the same functionalities;

(c) ‘Passenger Name Record’ or 'PNR data' means a record of each passengers travel requirements, captured and electronically retained by the air carriers in their normal course of business, which contains information necessary to enable reservations to be processed and controlled by the booking and participating air carriers for each journey booked by or on behalf of any person, whether it is contained in reservation systems, Departure Control Systems (DCS) or equivalent systems providing the same functionalities;

Justification

To avoid adding costly burdens on air carriers, which in turn would translate into costs for passengers/consumers.

Amendment    24

Proposal for a directive

Article 2 – paragraph 1 – point f

Text proposed by the Commission

Amendment

(f) ‘push method’ means the method whereby air carriers transfer the required PNR data into the database of the authority requesting them;

(f) ‘push method’ means the method whereby air carriers transfer their collected PNR data listed in the Annex to this Directive into the database of the authority requesting them;

Amendment    25

Proposal for a directive

Article 2 – paragraph 1 – point f a (new)

Text proposed by the Commission

Amendment

 

(f a) ‘pull method’ means the method whereby the requesting authority accesses the database of the airline’s reservation system directly and extracts passengers’ data from it;

Justification

The ‘pull’ system should be defined, since the Commission proposal refers to it more than once.

Amendment    26

Proposal for a directive

Article 2 – paragraph 1 – point h

Text proposed by the Commission

Amendment

(h) ‘serious crime’ means the offences under national law referred to in Article 2(2) of Council Framework Decision 2002/584/JHA if they are punishable by a custodial sentence or a detention order for a maximum period of at least three years under the national law of a Member State, however, Member States may exclude those minor offences for which, taking into account their respective criminal justice system, the processing of PNR data pursuant to this directive would not be in line with the principle of proportionality;

deleted

Amendment    27

Proposal for a directive

Article 2 – paragraph 1 – point i – introductory part

Text proposed by the Commission

Amendment

(i) ‘serious transnational crime’ means the offences under national law referred to in Article 2(2) of Council Framework Decision 2002/584/JHA if they are punishable by a custodial sentence or a detention order for a maximum period of at least three years under the national law of a Member State, and if:

(i) ‘serious transnational crime’ means the following offences under national law referred to in Article 2(2) of Council Framework Decision 2002/584/JHA: trafficking in human beings, illicit trafficking in narcotic drugs and illicit trafficking in weapons, munition and explosives, if they are punishable by a custodial sentence or a detention order for a maximum period of at least three years under the national law of a Member State, and if:

Amendment    28

Proposal for a directive

Article 3 – paragraph 1

Text proposed by the Commission

Amendment

1. Each Member State shall set up or designate an authority competent for the prevention, detection, investigation or prosecution of terrorist offences and serious crime or a branch of such an authority to act as its ‘Passenger Information Unit’ responsible for collecting PNR data from the air carriers, storing them, analysing them and transmitting the result of the analysis to the competent authorities referred to in Article 5. Its staff members may be seconded from competent public authorities.

1. Each Member State shall set up or designate an authority competent for the prevention, detection, investigation or prosecution of terrorist offences and serious transnational crime or a branch of such an authority to act as its ‘Passenger Information Unit’ responsible for collecting PNR data from the air carriers, storing them, analysing them and transmitting the result of the analysis to the competent authorities referred to in Article 5. Its staff members may be seconded from competent public authorities.

Amendment    29

Proposal for a directive

Article 3 – paragraph 3 a (new)

Text proposed by the Commission

Amendment

 

3 a. The storage, processing and analysis of PNR data relating to passengers on international flights shall be carried out exclusively within the territory of the Union. The law applicable to these procedures shall therefore be Union law on personal data protection;

Amendment    30

Proposal for a directive

Article 4 – paragraph 1 a (new)

Text proposed by the Commission

Amendment

 

1a. The Member States shall bear the costs of collecting, processing and forwarding PNR data.

Amendment    31

Proposal for a directive

Article 4 – paragraph 2 – point a

Text proposed by the Commission

Amendment

(a) carrying out an assessment of the passengers prior to their scheduled arrival or departure from the Member State in order to identify any persons who may be involved in a terrorist offence or serious transnational crime and who require further examination by the competent authorities referred to in Article 5. In carrying out such an assessment, the Passenger Information Unit may process PNR data against pre-determined criteria. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated means in order to verify whether the competent authority referred to in Article 5 needs to take action;

deleted

Amendment    32

Proposal for a directive

Article 4 – paragraph 2 – point b

Text proposed by the Commission

Amendment

(b) carrying out an assessment of the passengers prior to their scheduled arrival or departure from the Member State in order to identify any persons who may be involved in a terrorist offence or serious crime and who require further examination by the competent authorities referred to in Article 5. In carrying out such an assessment the Passenger Information Unit may compare PNR data against relevant databases, including international or national databases or national mirrors of Union databases, where they are established on the basis of Union law, on persons or objects sought or under alert, in accordance with Union, international and national rules applicable to such files. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated means in order to verify whether the competent authority referred to in Article 5 needs to take action;

(b) further assessment – which may be carried out prior to their scheduled arrival or departure from the Member State by the competent authorities referred to in Article 5 – of passengers in respect of whom there are factual grounds for suspicion of involvement in a terrorist offence or serious transnational crime. In carrying out such an assessment the Passenger Information Unit may compare PNR data against relevant databases, including international or national databases or national mirrors of Union databases, where they are established on the basis of Union law, on persons or objects sought or under alert, in accordance with Union, international and national rules applicable to such files. Member States shall ensure that any positive match resulting from such automated processing is individually reviewed by non-automated means in order to verify whether the competent authority referred to in Article 5 needs to take action;

Amendment    33

Proposal for a directive

Article 4 – paragraph 2 – point c

Text proposed by the Commission

Amendment

(c) responding, on a case-by-case basis, to duly reasoned requests from competent authorities to provide PNR data and process PNR data in specific cases for the purpose of prevention, detection, investigation and prosecution of a terrorist offence or serious crime, and to provide the competent authorities with the results of such processing; and

(c) responding, on a case-by-case basis, to duly reasoned requests from competent authorities to provide PNR data and process PNR data in specific cases for the purpose of prevention, detection, investigation and prosecution of a terrorist offence or serious transnational crime, and to provide the competent authorities with the results of such processing; and

Amendment    34

Proposal for a directive

Article 4 – paragraph 2 – point d

Text proposed by the Commission

Amendment

(d) analysing PNR data for the purpose of updating or creating new criteria for carrying out assessments in order to identify any persons who may be involved in a terrorist offence or serious transnational crime pursuant to point (a).

deleted

Amendment    35

Proposal for a directive

Article 4 – paragraph 3 a (new)

Text proposed by the Commission

Amendment

 

3a. The processing of PNR data may be authorised only by order of a competent court body of a Member State following application by the Passenger Information Unit. Only where the Passenger Information Unit identifies danger in delay (‘periculum in mora’) may it authorise such processing itself.

Amendment    36

Proposal for a directive

Article 4 – paragraph 4

Text proposed by the Commission

Amendment

4. The Passenger Information Unit of a Member State shall transfer the PNR data or the results of the processing of PNR data of the persons identified in accordance with points (a) and (b) of paragraph 2 for further examination to the relevant competent authorities of the same Member State. Such transfers shall only be made on a case-by-case basis.

4. The Passenger Information Unit of a Member State shall transfer the PNR data or the results of the processing of PNR data of the persons identified in accordance with point (b) of paragraph 2 for further examination to the relevant competent authorities of the same Member State. Such transfers shall only be made on a case-by-case basis.

Amendment    37

Proposal for a directive

Article 5 – paragraph 1

Text proposed by the Commission

Amendment

1. Each Member State shall adopt a list of the competent authorities entitled to request or receive PNR data or the result of the processing of PNR data from the Passenger Information Units in order to examine that information further or take appropriate action for the purpose of preventing, detecting, investigating and prosecuting terrorist offences and serious crime.

1. Each Member State shall adopt a list of the competent authorities entitled to request or receive PNR data or the result of the processing of PNR data from the Passenger Information Units in order to examine that information further or take appropriate action for the purpose of preventing, detecting, investigating and prosecuting terrorist offences and serious transnational crime.

Amendment    38

Proposal for a directive

Article 5 – paragraph 2

Text proposed by the Commission

Amendment

2. Competent authorities shall consist of authorities competent for the prevention, detection, investigation or prosecution of terrorist offences and serious crime.

2. Competent authorities shall consist of authorities competent for the prevention, detection, investigation or prosecution of terrorist offences and serious transnational crime.

Amendment    39

Proposal for a directive

Article 5 – paragraph 4

Text proposed by the Commission

Amendment

4. The PNR data of passengers and the result of the processing of PNR data received by the Passenger Information Unit may be further processed by the competent authorities of the Member States only for the purpose of preventing, detecting, investigating or prosecuting terrorist offences or serious crime.

4. The PNR data of passengers and the result of the processing of PNR data received by the Passenger Information Unit may be further processed by the competent authorities of the Member States only for the purpose of preventing, detecting, investigating or prosecuting terrorist offences or serious transnational crime.

Amendment    40

Proposal for a directive

Article 6 – paragraph 1

Text proposed by the Commission

Amendment

1. Member States shall adopt the necessary measures to ensure that air carriers transfer ('push') the PNR data as defined in Article 2(c) and specified in the Annex, to the extent that such data are already collected by them, to the database of the national Passenger Information Unit of the Member State on the territory of which the international flight will land or from the territory of which the flight will depart. Where the flight is code-shared between one or more air carriers, the obligation to transfer the PNR data of all passengers on the flight shall be on the air carrier that operates the flight. Where the flight has one or more stop-overs at the airports of the Member States, air carriers shall transfer the PNR data to the Passenger Information Units of all the Member States concerned.

1. Member States shall adopt the necessary measures to ensure that air carriers which already collect PNR data from their passengers transfer (i.e. 'push') the PNR data as defined in Article 2(c) and specified in the Annex, to the extent that such data are collected by them in their normal course of business, to the database of the national Passenger Information Unit of the Member State on the territory of which the international flight will land or from the territory of which the flight will depart. Where the flight is code-shared between one or more air carriers, the obligation to transfer the PNR data of all passengers on the flight shall be on the air carrier that operates the flight. Where the flight has one or more stop-overs at the airports of the Member States, air carriers shall transfer the PNR data exclusively to the Passenger Information Unit of the Member State of final arrival. .

 

1a. Member States shall not require air carriers to collect any PNR data that the air carriers do not already collect. Air carriers shall not transfer any PNR data other than those defined in Article 2(c) and specified in the Annex. Air carriers shall not be liable for the accuracy and completeness of data provided by passengers, except when they did not take reasonable care to ensure that the data collected from passengers were accurate and correct.

2. Air carriers shall transfer PNR data by electronic means using the common protocols and supported data formats to be adopted in accordance with the procedure of Articles 13 and 14 or, in the event of technical failure, by any other appropriate means ensuring an appropriate level of data security:

2. Air carriers shall transfer PNR data by electronic means using the common protocols and supported data formats to be adopted in accordance with the procedure of Articles 13 and 14 or, in the event of technical failure of the air carriers, by any other appropriate means ensuring an appropriate level of data security:

a) 24 to 48 hours before the scheduled time for flight departure;

a) once 24 to 48 hours before the scheduled time for flight departure;

and

and

(b) immediately after flight closure, that is once the passengers have boarded the aircraft in preparation for departure and it is no longer possible for further passengers to board.

(b) once immediately after flight closure, that is once the passengers have boarded the aircraft in preparation for departure and it is no longer possible for further passengers to board.

3. Member States may permit air carriers to limit the transfer referred to in point (b) of paragraph 2 to updates of the transfer referred to in point (a) of paragraph 2

3. Member States shall permit air carriers to limit the transfer referred to in point (b) of paragraph 2 to updates of the transfer referred to in point (a) of paragraph 2.

4. On a case-by-case basis, upon request from a Passenger Information Unit in accordance with national law, air carriers shall transfer PNR data where access earlier than that mentioned in point (a) of paragraph 2 is necessary to assist in responding to a specific and actual threat related to terrorist offences or serious crime.

4. On a case-by-case basis, upon request from a Passenger Information Unit in accordance with national law, air carriers shall transfer PNR data where access earlier than that mentioned in point (a) of paragraph 2 is necessary to assist in responding to a specific and actual threat related to terrorist offences or serious transnational crime.

Amendment    41

Proposal for a directive

Article 7

Text proposed by the Commission

Amendment

1. Member States shall ensure that, with regard to persons identified by a Passenger Information Unit in accordance with Article 4(2)(a) and (b), the result of the processing of PNR data is transmitted by that Passenger Information Unit to the Passenger Information Units of other Member States where the former Passenger Information Unit considers such transfer to be necessary for the prevention, detection, investigation or prosecution of terrorist offences or serious crime. The Passenger Information Units of the receiving Member States shall transmit such PNR data or the result of the processing of PNR data to their relevant competent authorities.

1. Member States shall ensure that, with regard to persons identified by a Passenger Information Unit in accordance with Article 4(2)(b), the result of the processing of PNR data is transmitted by that Passenger Information Unit to the Passenger Information Units of other Member States where the former Passenger Information Unit considers such transfer to be necessary for the prevention, detection, investigation or prosecution of terrorist offences or serious transnational crime. Such transfers shall be strictly limited to the data necessary in a specific case for the prevention, detection, investigation or prosecution of a terrorist offence or serious transnational crime and shall be justified in writing. The Passenger Information Units of the receiving Member States shall transmit such PNR data or the result of the processing of PNR data to their relevant competent authorities.

2. The Passenger Information Unit of a Member State shall have the right to request, if necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’s database in accordance with Article 9(1), and, if necessary, also the result of the processing of PNR data. The request for such data may be based on any one or a combination of data elements, as deemed necessary by the requesting Passenger Information Unit for a specific case of prevention, detection, investigation or prosecution of terrorist offences or serious crime. Passenger Information Units shall provide the requested data as soon as practicable and shall provide also the result of the processing of PNR data, if it has already been prepared pursuant to Article 4(2)(a) and (b).

2. The Passenger Information Unit of a Member State shall have the right to request, if necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’s database in accordance with Article 9(1), and, if necessary, also the result of the processing of PNR data. The request for such data shall be strictly limited to the data necessary in the specific case. It may be based on any one or a combination of data elements, as deemed necessary by the requesting Passenger Information Unit for a specific case of prevention, detection, investigation or prosecution of terrorist offences or serious transnational crime and shall be justified in writing. Passenger Information Units shall provide the requested data as soon as practicable and shall provide also the result of the processing of PNR data, if it has already been prepared pursuant to Article 4(2)(b).

3. The Passenger Information Unit of a Member State shall have the right to request, if necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’s database in accordance with Article 9(2), and, if necessary, also the result of the processing of PNR data. The Passenger Information Unit may request access to specific PNR data kept by the Passenger Information Unit of another Member State in their full form without the masking out only in exceptional circumstances in response to a specific threat or a specific investigation or prosecution related to terrorist offences or serious crime.

3. The Passenger Information Unit of a Member State shall have the right to request, if necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’s database in accordance with Article 9(2), and, if necessary, also the result of the processing of PNR data. The Passenger Information Unit may request access to specific PNR data kept by the Passenger Information Unit of another Member State in their full form without the masking out only in exceptional circumstances in response to a specific threat or a specific investigation or prosecution related to terrorist offences or serious transnational crime. Such a request shall be justified in writing.

4. Only in those cases where it is necessary for the prevention of an immediate and serious threat to public security may the competent authorities of a Member State request directly the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’s database in accordance with Article 9(1) and (2). Such requests shall relate to a specific investigation or prosecution of terrorist offences or serious crime and shall be reasoned. Passenger Information Units shall respond to such requests as a matter of priority. In all other cases the competent authorities shall channel their requests through the Passenger Information Unit of their own Member State.

4. Only in those cases where it is necessary for the prevention of an immediate and serious threat to public security may the competent authorities of a Member State request directly the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’s database in accordance with Article 9(1) and (2). Such requests shall relate to a specific investigation or prosecution of terrorist offences or serious transnational crime and shall be reasoned. Passenger Information Units shall respond to such requests as a matter of priority. In all other cases the competent authorities shall channel their requests through the Passenger Information Unit of their own Member State.

5. Exceptionally, where early access is necessary to respond to a specific and actual threat related to terrorist offences or serious crime, the Passenger Information Unit of a Member State shall have the right to request the Passenger Information Unit of another Member State to provide it with PNR data of flights landing in or departing from the latter’s territory at any time.

5. Exceptionally, where early access is necessary to respond to a specific and actual threat related to terrorist offences or serious transnational crime, the Passenger Information Unit of a Member State shall have the right to request the Passenger Information Unit of another Member State to provide it with PNR data of flights landing in or departing from the latter’s territory at any time. Such requests shall be strictly limited to the data necessary in the specific case for the prevention, detection, investigation or prosecution of a terrorist offence or serious transnational crime and shall be justified in writing.

6. Exchange of information under this Article may take place using any existing channels for international law enforcement cooperation. The language used for the request and the exchange of information shall be the one applicable to the channel used. Member States shall, when making their notifications in accordance with Article 3(3), also inform the Commission with details of the contacts to which requests may be sent in cases of urgency. The Commission shall communicate to the Member States the notifications received.

6. Exchange of information under this Article may take place using any existing channels for European and international law enforcement cooperation, in particular Europol and national units under Article 8 of Council Decision 2009/371/JHA of 6 April 2009. The language used for the request and the exchange of information shall be the one applicable to the channel used. Member States shall, when making their notifications in accordance with Article 3(3), also inform the Commission with details of the contacts to which requests may be sent in cases of urgency. The Commission shall communicate to the Member States the notifications received.

Justification

The personal data of all air passengers should not be exchanged routinely. Data exchange should be strictly limited, related to a specific case of prevention, detection, investigation or prosecution of terrorist offences and requests should be justified in writing to allow for verification.

Existing channels should be used for exchanging information. Europol should therefore be explicitly mentioned.

Amendment    42

Proposal for a directive

Article 8

Text proposed by the Commission

Amendment

A Member State may transfer PNR data and the results of the processing of PNR data to a third country, only on a case-by-case basis and if:

A Member State may transfer PNR data and the results of the processing of PNR data to a third country only on the basis of an international agreement between the Union and that third country, only on a case-by-case basis and if:

 

(-a) all the conditions set out in Article 7 are met, mutatis mutandis,

(a) the conditions laid down in Article 13 of Council Framework Decision 2008/977/JHA are fulfilled,

(a) the conditions laid down in Article 13 of Council Framework Decision 2008/977/JHA are fulfilled,

(b) the transfer is necessary for the purposes of this Directive specified in Article 1(2), and

(b) the transfer is necessary for the purposes of this Directive specified in Article 1(2), and

(c) the third country agrees to transfer the data to another third country only where it is necessary for the purposes of this Directive specified in Article 1(2) and only with the express authorisation of the Member State.

c) the third country guarantees that it will use the data only where it is necessary for the purposes of this Directive specified in Article 1(2). Transfer by that third country to another third country shall be prohibited.

 

(d) the third country allows Union citizens, without excessive delay or expense, the same rights of access, rectification, erasure and compensation with regard to the PNR data as apply in the Union,

 

(e) the third country ensures an adequate and comparable level of protection for PNR data.

Justification

PNR data should be transmitted to third countries only if sufficient data protection is guaranteed.

Amendment    43

Proposal for a directive

Article 9 – paragraph 2

Text proposed by the Commission

Amendment

2. Upon expiry of the period of 30 days after the transfer of the PNR data to the Passenger Information Unit referred to in paragraph 1, the data shall be retained at the Passenger Information Unit for a further period of five years. During this period, all data elements which could serve to identify the passenger to whom PNR data relate shall be masked out. Such anonymised PNR data shall be accessible only to a limited number of personnel of the Passenger Information Unit specifically authorised to carry out analysis of PNR data and develop assessment criteria according to Article 4(2)(d). Access to the full PNR data shall be permitted only by the Head of the Passenger Information Unit for the purposes of Article 4(2)(c) and where it could be reasonably believed that it is necessary to carry out an investigation and in response to a specific and actual threat or risk or a specific investigation or prosecution.

deleted

Justification

Storing all PNR data for longer periods of time even without any initial suspicion is disproportionate. National constitutional courts in several rulings on telecommunications data retention as based on directive 2006/24/EC as well as the ECHR in its ruling on retention of DNA samples (S. and Marper vs UK) have made this clear and have also warned that the cumulative effects of retention of several types data may be close to the absolute constitutional threshold. Neither the Legal Service of the Council nor the EU Fundamental Rights Agency have been convinced by the necessity and proportionality of the retention of data about all passengers.

Amendment    44

Proposal for a directive

Article 9 – paragraph 3

Text proposed by the Commission

Amendment

3. Member States shall ensure that the PNR data are deleted upon expiry of the period specified in paragraph 2. This obligation shall be without prejudice to cases where specific PNR data have been transferred to a competent authority and are used in the context of specific criminal investigations or prosecutions, in which case the retention of such data by the competent authority shall be regulated by the national law of the Member State.

3. Member States shall ensure that the PNR data are deleted upon expiry of the period specified in paragraph 1. This obligation shall be without prejudice to cases where specific PNR data have been transferred to a competent authority and are used in the context of specific criminal investigations or prosecution actions targeted at a particular person or a particular group of persons, in which case the retention of such data by the competent authority shall be regulated by the national law of the Member State.

Justification

The obligation to delete data after five years should be final. The exception provided here makes sense, but it should be made clear that retaining the data after the five years have elapsed may be permitted only in the case of criminal investigations into a particular person or a particular group of people. 'Specific criminal investigations or prosecutions', which is the wording used in the Commission proposal, could affect any number of people.

Amendment    45

Proposal for a directive

Article 9 – paragraph 4

Text proposed by the Commission

Amendment

The result of matching referred to in Article 4(2)(a) and (b) shall be kept by the Passenger Information Unit only as long as necessary to inform the competent authorities of a positive match. Where the result of an automated matching operation has, further to individual review by non-automated means, proven to be negative, it shall, however, be stored so as to avoid future ‘false’ positive matches for a maximum period of three years unless the underlying data have not yet been deleted in accordance with paragraph 3 at the expiry of the five years, in which case the log shall be kept until the underlying data are deleted.

The result of matching referred to in Article 4(2)(b) shall be kept by the Passenger Information Unit only as long as necessary to inform the competent authorities of a positive match. Where the result of an automated matching operation has, further to individual review by non-automated means, proven to be negative, the underlying data shall be corrected or deleted in the relevant database.

Amendment    46

Proposal for a directive

Article 10 – paragraph 1

Text proposed by the Commission

Amendment

Member States shall ensure, in conformity with their national law, that dissuasive, effective and proportionate penalties, including financial penalties, are provided for against air carriers which, do not transmit the data required under this Directive, to the extent that they are already collected by the them, or do not do so in the required format or otherwise infringe the national provisions adopted pursuant to this Directive.

Member States shall ensure, in conformity with their national law, that dissuasive, effective and proportionate penalties, including financial penalties, are provided for against air carriers which do not transmit the data required under this Directive, to the extent that they are already collected by the them, or do not do so in the required format prescribed by the ICAO guidelines on PNR or otherwise infringe the national provisions adopted pursuant to this Directive. No penalties shall be imposed on air carriers when the authorities of a third country do not allow them to transfer PNR data.

Justification

The required format must be the format agreed world-wide and recognised by the ICAO (Doc 9944) and the World Customs Organisation.

This clarification is necessary because legislation on data transfer differs in third countries.

Amendment    47

Proposal for a directive

Article 11 – paragraph 2

Text proposed by the Commission

Amendment

2. Each Member State shall provide that the provisions adopted under national law in implementation of Articles 21 and 22 of the Council Framework Decision 2008/977/JHA regarding confidentiality of processing and data security shall also apply to all processing of personal data pursuant to this Directive

2. Each Member State shall provide that the provisions adopted under national law in implementation of Articles 21 and 22 of the Council Framework Decision 2008/977/JHA regarding confidentiality of processing and data security shall also apply to all processing of personal data pursuant to this Directive. Air carriers that obtain passenger contact details from travel agencies shall not be permitted to use them for commercial purposes.

Amendment    48

Proposal for a directive

Article 11 – paragraph 2 a (new)

Text proposed by the Commission

Amendment

 

2a. Where provisions adopted under national law in implementation of Directive 95/46/EC provide the passenger with greater rights of access, rectification, erasure and blocking of the data, of compensation, of judicial redress, of confidentiality of processing and of data security than the provisions referred to in paragraphs 1 and 2, those provisions shall apply.

Justification

Certain data subjects' rights are more appropriately addressed in Directive 95/46/EC, in particular, requirements for information to the data subject.

Amendment    49

Proposal for a directive

Article 11 – paragraph 3

Text proposed by the Commission

Amendment

3. Any processing of PNR data revealing a person’s race or ethnic origin, religious or philosophical belief, political opinion, trade union membership, health or sexual life shall be prohibited. In the event that PNR data revealing such information are received by the Passenger Information Unit they shall be deleted immediately.

3. Any processing by Passenger Information Units of PNR data revealing a person’s race or ethnic origin, religious or philosophical belief, political opinion, trade union membership, health or sexual life shall be prohibited. In the event that PNR data revealing such information are received by the Passenger Information Unit they shall be deleted immediately.

Justification

Screening or processing PNR in connection with the prevention, detection and investigation of terrorist offences and of other serious criminal offences is the responsibility of the Passenger Information Units, not the airlines.

Air carriers have this information as it is provided to them by the passengers.

Amendment    50

Proposal for a directive

Article 11 – paragraph 4

Text proposed by the Commission

Amendment

4. All processing of PNR data by air carriers, all transfers of PNR data by Passenger Information Units and all requests by competent authorities or Passenger Information Units of other Member States and third countries, even if refused, shall be logged or documented by the Passenger Information Unit and the competent authorities for the purposes of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of data processing, in particular by the national data protection supervisory authorities. These logs shall be kept for a period of five years unless the underlying data have not yet been deleted in accordance with Article 9(3) at the expiry of those five years, in which case the logs shall be kept until the underlying data are deleted.

4. All processing of PNR data, all transfers of PNR data by Passenger Information Units and all requests by competent authorities or Passenger Information Units of other Member States and third countries, even if refused, shall be logged or documented by the Passenger Information Unit and the competent authorities for the purposes of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of data processing, in particular by the national data protection supervisory authorities. These logs shall be kept for a period of five years unless the underlying data have not yet been deleted in accordance with Article 9(3) at the expiry of those five years, in which case the logs shall be kept until the underlying data are deleted.

Justification

This paragraph refers to PNR data that have been transferred to Passenger Information Units, not to PNR data held by air carriers.

Amendment    51

Proposal for a directive

Article 11 – paragraph 4 a (new)

Text proposed by the Commission

Amendment

 

4a. A particularly high security standard shall be used for the protection of all data, geared to the latest developments in expert discussions on data protection, and constantly updated to include new knowledge and insights. Economic aspects shall be taken into account as a secondary concern at most when the relevant decisions on the security standards to be applied are taken.

 

In particular, a state of the art encryption process shall be used which:

 

- ensures that data-processing systems cannot be used by unauthorised persons;

 

- ensures that authorised users of a data-processing system can access no data other than those to which their access right refers, and that personal data cannot be read, copied, changed or removed without authorisation when being processed or used and after retention;

 

- ensures that personal data cannot be read, copied, changed or removed without authorisation when being electronically transmitted or during transport or saving to a storage medium, and ensures that it is possible to check and establish to which locations personal data are to be transferred by data transmission facilities.

 

The possibility of retrospectively checking and establishing whether and by whom personal data have been entered in data-processing systems, changed or removed shall be guaranteed.

 

It shall be guaranteed that personal data processed under contract may be processed only in accordance with the contracting entity's instructions.

 

The protection of personal data against accidental destruction or loss shall be guaranteed.

 

The possibility of processing data collected for different purposes separately shall be guaranteed.

Amendment    52

Proposal for a directive

Article 11 – paragraph 5

Text proposed by the Commission

Amendment

5. Member States shall ensure that air carriers, their agents or other ticket sellers for the carriage of passengers on air service inform passengers of international flights at the time of booking a flight and at the time of purchase of a ticket in a clear and precise manner about the provision of PNR data to the Passenger Information Unit, the purposes of their processing, the period of data retention, their possible use to prevent, detect, investigate or prosecute terrorist offences and serious crime, the possibility of exchanging and sharing such data and their data protection rights, in particular the right to complain to a national data protection supervisory authority of their choice. The same information shall be made available by the Member States to the public.

5. Member States shall ensure that that air carriers, their agents or other ticket sellers for the carriage of passengers on air service inform passengers of international flights at the time of booking a flight and at the time of purchase of a ticket in a clear and precise manner about the provision of PNR data to Passenger Information Units, the purposes of their processing, the period of data retention, their possible use to prevent, detect, investigate or prosecute terrorist offences and serious transnational crime, the possibility of exchanging and sharing such data and their data protection rights, such as the right to access, correct, erase and block data, and the right to complain to a national data protection supervisory authority of their choice. The same information shall be made available by the Member States to the public.

Justification

The aim is to clarify personal data protection measures.

Amendment    53

Proposal for a directive

Article 12 a (new)

Text proposed by the Commission

Amendment

 

Article 12a

 

Costs

 

By...* the Commission shall submit a report on the financial impact of this Directive to the European Parliament and the Council. The report shall focus in particular on the costs incurred by passengers, air carriers and ticket sellers. If appropriate, the report shall be accompanied by a legislative proposal aimed at harmonising the division of the financial burden between public authorities and air carriers across the Union.

 

_____________

 

* OJ : please insert date: 2 years after the date of entry into force of this Directive.

Justification

The issue of costs should be addressed in the Regulation.

Amendment    54

Proposal for a directive

Article 15

Text proposed by the Commission

Amendment

1. Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive at the latest two years after the entry into force of this Directive. They shall forthwith communicate to the Commission the text of those provisions and a correlation table between those provisions and this Directive.

1. Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive at the latest two years after the entry into force of this Directive. When Member States adopt those provisions they shall do so in line with the general principles of Union law and the requirements of necessity and proportionality. They shall forthwith communicate to the Commission the text of those provisions and a correlation table between those provisions and this Directive.

Amendment    55

Proposal for a directive

Article 16 – paragraph 1

Text proposed by the Commission

Amendment

Upon the date referred to in Article 15(1), i.e. two years after the entry into force of this Directive, Member States shall ensure that the PNR data of at least 30% of all flights referred to in Article 6(1) are collected. Until two years after the date referred to in Article 15, Member States shall ensure that the PNR data from at least 60 % of all flights referred to in Article 6(1) are collected. Member States shall ensure that from four years after the date referred to in Article 15, the PNR data from all flights referred to in Article 6(1) are collected.

deleted

Amendment    56

Proposal for a directive

Article 17 – paragraph 1 – point a

Text proposed by the Commission

Amendment

a) review the feasibility and necessity of including internal flights in the scope of this Directive, in the light of the experience gained by those Member States that collect PNR data with regard to internal flights. The Commission shall submit a report to the European Parliament and the Council within two years after the date mentioned in Article 15(1);

deleted

Amendment    57

Proposal for a directive

Article 18 – paragraph 1

Text proposed by the Commission

Amendment

1. Member States shall prepare a set of statistical information on PNR data provided to the Passenger Information Units. Such statistics shall as a minimum cover the number of identifications of any persons who may be involved in a terrorist offence or serious crime according to Article 4(2) and the number of subsequent law enforcement actions that were taken involving the use of PNR data per air carrier and destination.

1. Member States shall prepare a set of statistical information on PNR data provided to the Passenger Information Units. Such statistics shall as a minimum cover the number of identifications of any persons who may be involved in a terrorist offence or serious transnational crime according to Article 4(2) and the number of subsequent law enforcement actions that were taken involving the use of PNR data per air carrier and destination.

Amendment    58

Proposal for a directive

Annex 1 – point 12

Text proposed by the Commission

Amendment

(12) General remarks (including all available information on unaccompanied minors under 18 years, such as name and gender of the minor, age, language(s) spoken, name and contact details of guardian on departure and relationship to the minor, name and contact details of guardian on arrival and relationship to the minor, departure and arrival agent)

(12) available information on unaccompanied minors under 18 years

PROCEDURE

Title

Use of Passenger Name Record data (EU PNR)

References

COM(2011)0032 – C7-0039/2011 – 2011/0023(COD)

Committee responsible

       Date announced in plenary

LIBE

14.2.2011

 

 

 

Committee(s) asked for opinion(s)

       Date announced in plenary

TRAN

14.2.2011

 

 

 

Rapporteur(s)

       Date appointed

Eva Lichtenberger

21.3.2011

 

 

 

Discussed in committee

11.7.2011

10.10.2011

21.11.2011

 

Date adopted

22.11.2011

 

 

 

Result of final vote

+:

–:

0:

25

15

1

Members present for the final vote

Inés Ayala Sender, Georges Bach, Izaskun Bilbao Barandica, Antonio Cancian, Michael Cramer, Philippe De Backer, Saïd El Khadraoui, Ismail Ertug, Carlo Fidanza, Knut Fleckenstein, Jacqueline Foster, Mathieu Grosch, Jim Higgins, Dieter-Lebrecht Koch, Jaromír Kohlíček, Georgios Koumoutsakos, Werner Kuhn, Jörg Leichtfried, Bogusław Liberadzki, Eva Lichtenberger, Marian-Jean Marinescu, Gesine Meissner, Hubert Pirker, David-Maria Sassoli, Vilja Savisaar-Toomast, Olga Sehnalová, Debora Serracchiani, Brian Simpson, Keith Taylor, Silvia-Adriana Ţicău, Thomas Ulmer, Peter van Dalen, Dominique Vlasto, Artur Zasada, Roberts Zīle

Substitute(s) present for the final vote

Philip Bradbourn, Michel Dantin, Dominique Riquet, Laurence J.A.J. Stassen, Sabine Wils

Substitute(s) under Rule 187(2) present for the final vote

Pablo Zalba Bidegain

PROCEDURE

Title

Use of Passenger Name Record data (EU PNR)

References

COM(2011)0032 – C7-0039/2011 – 2011/0023(COD)

Committee responsible

       Date announced in plenary

LIBE

14.2.2011

 

 

 

Opinion by

       Date announced in plenary

TRAN

14.2.2011

Rapporteur

       Date appointed

Michael Cramer

17.3.2015

Date adopted

17.3.2015

 

 

 

Result

Approved in the minutes

 

Members present

Marie-Christine Arnautu, Inés Ayala Sender, Georges Bach, Izaskun Bilbao Barandica, Deirdre Clune, Michael Cramer, Andor Deli, Karima Delli, Ismail Ertug, Jacqueline Foster, Bruno Gollnisch, Dieter-Lebrecht Koch, Merja Kyllönen, Peter Lundgren, Marian-Jean Marinescu, Georg Mayer, Gesine Meissner, Cláudia Monteiro de Aguiar, Jens Nilsson, Markus Pieper, Salvatore Domenico Pogliese, Tomasz Piotr Poręba, Gabriele Preuß, Christine Revault D’Allonnes Bonnefoy, Dominique Riquet, Massimiliano Salini, David-Maria Sassoli, Claudia Schmidt, Claudia Tapardel, István Ujhelyi, Peter van Dalen, Wim van de Camp, Janusz Zemke

Substitutes present

Ivo Belet, Rosa D’Amato, Daniel Dalton, Bas Eickhout, Kateřina Konečná, Werner Kuhn, Massimo Paolucci, Olga Sehnalová, Davor Škrlec, Patricija Šulin, Henna Virkkunen

(1)

See http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2011/11-03-25_PNR_EN.pdf

(2)

See http://fra.europa.eu/fraWebsite/attachments/FRA-PNR-Opinion-June2011.pdf

(3)

The report has not been published but is available here: http://gruen-digital.de/wp-content/uploads/2011/05/Gutachten-JD-Rat-PNR.pdf

(4)

Decision No 1258 of 8 October 2009, http://www.ccr.ro/decisions/pdf/ro/2009/D1258_09.pdf

(5)

Decision of 2 March 2010, 1 BvR 256/08, 1 BvR 263/08, 1 BvR 586/08, http://www.bundesverfassungsgericht.de/entscheidungen/rs20100302_1bvr025608.html.


PROCEDURE

Title

Use of Passenger Name Record data (EU PNR)

References

COM(2011)0032 – C7-0039/2011 – 2011/0023(COD)

Date submitted to Parliament

2.2.2011

 

 

 

Committee responsible

       Date announced in plenary

LIBE

14.2.2011

 

 

 

Committees asked for opinions

       Date announced in plenary

AFET

14.2.2011

TRAN

14.2.2011

 

 

Rapporteurs

       Date appointed

Timothy Kirkhope

15.7.2014

 

 

 

Date adopted

15.7.2015

 

 

 

Result of final vote

+:

–:

0:

33

26

0

Members present for the final vote

Jan Philipp Albrecht, Gerard Batten, Heinz K. Becker, Malin Björk, Michał Boni, Caterina Chinnici, Ignazio Corrao, Rachida Dati, Frank Engel, Cornelia Ernst, Tanja Fajon, Laura Ferrara, Monika Flašíková Beňová, Lorenzo Fontana, Mariya Gabriel, Kinga Gál, Ana Gomes, Nathalie Griesbeck, Sylvie Guillaume, Jussi Halla-aho, Monika Hohlmeier, Filiz Hyusmenova, Sophia in ‘t Veld, Iliana Iotova, Eva Joly, Sylvia-Yvonne Kaufmann, Timothy Kirkhope, Barbara Kudrycka, Kashetu Kyenge, Marju Lauristin, Juan Fernando López Aguilar, Monica Macovei, Vicky Maeijer, Roberta Metsola, Louis Michel, Claude Moraes, Péter Niedermüller, Soraya Post, Judith Sargentini, Birgit Sippel, Branislav Škripek, Csaba Sógor, Helga Stevens, Traian Ungureanu, Bodil Valero, Marie-Christine Vergiat, Udo Voigt, Cecilia Wikström, Kristina Winberg, Tomáš Zdechovský

Substitutes present for the final vote

Anna Maria Corazza Bildt, Daniel Dalton, Jeroen Lenaers, Artis Pabriks, Barbara Spinelli, Kazimierz Michał Ujazdowski, Axel Voss

Substitutes under Rule 200(2) present for the final vote

Esteban González Pons, Norbert Neuser

Date tabled

7.9.2015


REFERRAL BACK TO COMMITTEE

Date referred back to committee under Rule 60(3)

6.6.2014

Deadline for reporting back

0.0.0000

Rapporteur(s)

  Date confirmed/appointed

Timothy Kirkhope

15.7.2014

Discussed in committee

11.11.2014

26.2.2015

26.5.2015

4.6.2015

 

Date adopted

15.7.2015

Result of final vote

+:

–:

0:

33

26

0

Members present for the final vote

Jan Philipp Albrecht, Gerard Batten, Heinz K. Becker, Malin Björk, Michał Boni, Caterina Chinnici, Ignazio Corrao, Rachida Dati, Frank Engel, Cornelia Ernst, Tanja Fajon, Laura Ferrara, Monika Flašíková Beňová, Lorenzo Fontana, Mariya Gabriel, Kinga Gál, Ana Gomes, Nathalie Griesbeck, Sylvie Guillaume, Jussi Halla-aho, Monika Hohlmeier, Filiz Hyusmenova, Sophia in ‘t Veld, Iliana Iotova, Eva Joly, Sylvia-Yvonne Kaufmann, Timothy Kirkhope, Barbara Kudrycka, Kashetu Kyenge, Marju Lauristin, Juan Fernando López Aguilar, Monica Macovei, Vicky Maeijer, Roberta Metsola, Louis Michel, Claude Moraes, Péter Niedermüller, Soraya Post, Judith Sargentini, Birgit Sippel, Branislav Škripek, Csaba Sógor, Helga Stevens, Traian Ungureanu, Bodil Valero, Marie-Christine Vergiat, Udo Voigt, Cecilia Wikström, Kristina Winberg, Tomáš Zdechovský

Substitutes present for the final vote

Anna Maria Corazza Bildt, Daniel Dalton, Jeroen Lenaers, Artis Pabriks, Barbara Spinelli, Kazimierz Michał Ujazdowski, Axel Voss

Substitutes under Rule 200(2) present for the final vote

Esteban González Pons, Norbert Neuser

Date tabled

7.9.2015

Last updated: 11 April 2016Legal notice