Този документ не е достъпен за справка на Вашия език и Ви се предлага на един от горепосочените езици

 Показалец 
 Назад 
 Напред 
 Пълен текст 
Процедура : 2006/2193(INI)
Етапи на разглеждане в заседание
Етапи на разглеждане на документа : A6-0252/2006

Внесени текстове :

A6-0252/2006

Разисквания :

PV 07/09/2006 - 4
CRE 07/09/2006 - 4

Гласувания :

PV 07/09/2006 - 7.10
Обяснение на вота

Приети текстове :

P6_TA(2006)0354

Texts adopted
PDF 153kWORD 77k
Thursday, 7 September 2006 - Strasbourg
Agreement with the USA on the use of Passenger Name Record data
P6_TA(2006)0354A6-0252/2006

European Parliament recommendation to the Council on the negotiations for an agreement with the United States of America on the use of passenger name records (PNR) data to prevent and combat terrorism and transnational crime, including organised crime (2006/2193(INI))

The European Parliament,

–   having regard to the proposal for a recommendation to the Council by Sophia in 't Veld on behalf of the ALDE Group on the content of the Agreement with the United States of Amercia on the use of Passenger Name Records (PNR) data to prevent and combat terrorism and transnational crime, including organised crime (B6-0382/2006),

–   having regard to Rule 114(3) and Rule 94 of its Rules of Procedure,

–   having regard to the report of the Committee on Civil Liberties, Justice and Home Affairs (A6-0252/2006),

A.   recalling its previous resolutions on the PNR issue(1), in which Parliament expressed from the outset:

   - its readiness to authorise access by public authorities to passengers" personal data for security purposes when necessary for the purposes of identifying them and cross-checking them against a "watch list" of dangerous persons or known criminals and terrorists (as is done in the EU in connection with Schengen Implementing Convention or under Directive 2004/82/EC(2), which give access to identification data managed by airlines through the Advanced Passenger Information System (APIS), and
   - its deep concerns about the systematic access by the public authorities to data, such as the credit card number, the e-mail address, any affiliation to a particular group, frequent-flyer information, linked to the behaviour of ordinary passengers (i.e. people not recorded in the receiving country as dangerous or criminal) in order to check only against a theoretical pattern whether such a passenger might constitute a potential threat to the flight, his or her country of destination or a country through which he or she will transit;

B.   being aware that systematic access to "behaviour" data, even if not acceptable in the EU, is currently required by countries including the USA, Canada and Australia for the protection of their internal security, but pointing out that:

   - in the case of Canada and Australia, domestic legislation provides for access to data which is limited in scope and time and as regards the amount of data covered and is under the control of a judicial authority, on account of which those systems have been considered adequate by Parliament and by the national data protection authorities in the EU,
   - in the case of the US, even after long negotiations with the Commission and some goodwill stated in the "undertakings", there is still no legal US data protection in the field of air transport; therefore, all PNR data can be accessed, with the sole exception of "sensitive" data, and the data can be retained for years after the security check has been carried out; furthermore, there is no judicial protection for non-US citizens,

C.   considering that since the atrocities of 11 September 2001, a host of single security measures has been introduced worldwide, which often involve the systematic collection and monitoring of personal data of all citizens, notably data on money transfers and telecommunications and passenger data; considering that, in the absence of a coherent EU security policy, the position of the individual citizen vis à vis the state risks being undermined;

D.   recalling that Parliament brought proceedings before the Court of Justice of the European Communities seeking the annulment of Council Decision 2004/496/EC(3) on the conclusion of an agreement with the USA, negotiated on the basis of Commission Decision 2004/535/EC(4), on the grounds that the decision lacked both a legal basis and legal clarity and because the collection of personal data authorised under the agreement was excessive when weighed against the need to combat organised crime and terrorism,

E.   welcoming the annulment by the Court of Justice of Council Decision 2004/496/EC and Commission Decision 2004/535/EC(5),

F.   regretting that the Court of Justice did not respond to Parliament's concerns about the legal structure of the agreement and the congruency of its content with the data protection principles laid down in Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR);

G.   taking into account the fact that the Court of Justice held that Council Decision 2004/496/EC could not be adopted validly on the basis of Article 95 of the EC Treaty in conjunction with Directive 95/46/EC(6), because the transfer to and the use of PNR data by the US Bureau of Customs and Border Protection (CBP) relates to data processing operations concerning public security and state activities in areas of criminal law, which fall outside the scope of Directive 95/46/EC and the first pillar;

H.   taking into account the expressed willingness of the Commission and the Council to cooperate closely with the Parliament in order to ensure full compliance with the Court's judgment; however, regretting that the Council has failed to involve the Parliament in the ongoing negotiations;

I.   sharing the opinion adopted on 14 June 2006 by the Article 29 Working Party on the necessary follow-up to the Court's judgment(7),

J.   considering the importance of the issue to be such that the EU should, in any event, come to an arrangement with the USA on a proper international agreement which, with due respect for fundamental rights, would lay down:

   a) which data are necessary for identification purposes and should be transferred systematically in an automated way (APIS) and which data relating to passenger "behaviour" could be transferred on a case-by-case basis in respect of people recorded on public security "watch lists" as "dangerous" on account of criminal or terrorist activity,
   b) the list of serious crimes in respect of which any additional request could be made,
   c) the list of authorities and agencies that could share the data and the data-protection conditions to be respected,
   d) the data-retention period for the two kinds of data, it being clear that data relating to the prevention of serious crimes must be exchanged in accordance with the EU-US agreement on mutual legal assistance(8) and extradition(9),
   e) the role to be played by airlines, the Computerized Reservation Systems or private organisations (such as the SITA and AMADEUS) in transferring passengers' data and the means envisaged (APIS, PNR, etc.) for public-security purposes,
   f) the guarantees to be afforded to passengers in order to enable them to correct the data relating to them or to provide an explanation in the event of a discrepancy between the data relating to a travel contract and the data shown in identity documents, visas, passports and other official documents,
   g) the airlines' responsibilities as regards passengers and public authorities in the event of transcription or encoding errors and as regards protection of the data processed,
   h) the right to appeal to an independent authority and redress mechanisms in the event of infringements of passengers' rights;
   i) the need to strictly comply with Article 6(d) of Regulation (EEC) No 2299/89 of 24 July 1989 on a code of conduct for computerized reservation systems(10), which requires the previous consent of the passenger for any transfer of personal information;

1.  Addresses the following recommendations to the Council:

   General principles
   a) to avoid a legal lacuna at European level from 1 October 2006 for the transfer of passenger data and to ensure that the rights and freedoms of passengers are protected to an even greater extent than they are at present under the unilateral undertakings submitted by the US administration;
   b) to base any new agreements in this field on the EC principles on data protection as drawn from Article 8 ECHR;
   As regards the negotiation procedure:
  c) to negotiate, subject to calendar constraints,
   a new short-term international agreement to cover the period between 1 October 2006 and November 2007 (the period originally covered by the US/EC agreement that was the subject of the Court's judgment),
   for the medium to long term, a more coherent approach at International Civil Aviation Organisation (ICAO) level towards the exchange of passenger data in order to ensure both air-traffic security and respect of human rights at global level;
   d) to mandate the Presidency, assisted by the Commission, to inform Parliament of the negotiations on the agreement and to involve representatives of the relevant committee as observers in the dialogue with the US administration;
   As regards the content of the short-term agreement
   e) to overcome, in the first instance, the shortcomings outlined in the first joint EU/US review of the agreement(11) and to take into account the recommendations of the European Data Protection Supervisor and the Article 29 Working Party(12);
   f) to include the content of the undertakings in the body of the agreement so that they may become legally binding, thereby making it necessary for the two parties to establish or modify any existing legislation and for the judiciary to protect persons covered by the agreement;
  g) to incorporate immediately, as proof of good faith on the part of the US administration, into the new agreement the commitments, which are still not fully implemented over two years after the entry into force of the agreement, as follows:
   the strict purpose limitation, as formerly provided for in Undertaking 3, so that behaviour data may not be used for checking financial crimes or to prevent avian flu; such a limitation should also be laid down for the onward transfer of such data;
   the shift to a PUSH system (as provided for in Undertaking 13), as in the case of EC agreements with Canada and Australia, since all the technical requirements are in place and this is already done, for instance by SITA;
   provision of information to passengers on the PNR rules, and the introduction of proper judicial complaint procedures, as provided for in Undertakings 36-42 and by the PNR agreements with Canada and Australia;
   the need to ensure adequate instructions and training of the staff who handle the data, and the need to secure the IT systems;
   the annual joint review, as provided for in Undertaking 43, which should indeed take place annually, be conducted in cooperation with the national data protection authorities and be published in full and must assess not only the implementation of the undertakings but also the results of the agreement in terms of eliminating terrorism and crime;
   As regards the content of the medium-term agreement
   h) to provide the EU with a clear legal framework, namely by adopting, as a matter of urgency, the Draft Data Protection Framework Decision;
   i) to avoid an artificial division between the "pillars" by creating a consistent cross-pillar data protection framework in the Union by activating the passarelle clause under Article 42 of the Treaty on European Union in order to ensure that the new agreement is concluded in association with Parliament and is subject to the scrutiny of the Court of Justice;
   j) to limit the amount of data that may be requested and to filter at source sensitive data as required by Article 8 of Directive 95/46/EC; notes that carriers are required to submit only the data available to them, so that, in practice, the CBP rarely receives all 34 categories of data requested; concludes that for the purposes of the agreement, namely to prevent and combat terrorism and transnational crime, including organised crime, even APIS data would be sufficient; calls on the Council Presidency and the Commission to raise this matter in the negotiations;

2.  Reiterates its previous demand that the new agreement should grant to European passengers the same level of data protection as is enjoyed by US citizens;

3.  Stresses its previous position that the EU should avoid the indirect creation of a European PNR system through the transfer of the relevant data by the CBP to police and judicial authorities in the Member States; considers that the systematic collection of the data of ordinary citizens outside the framework of a judicial procedure or police investigation should remain forbidden in the EU and that data should be exchanged where necessary in accordance with the existing EU/US agreement on mutual legal assistance and extradition;

4.  Proposes that a dialogue in which parliamentary representatives would take part be launched before the end of 2006 between the EU, the US, Canada and Australia with a view to preparing jointly the 2007 review and establishing a global standard for the transmission of PNR, if that is deemed necessary;

5.  Strongly recommends that Parliament organise a joint session in this respect with the US Congress, being the democratically representative institutions of the citizens concerned, so as to start a dialogue on the fight against terrorism and its consequences for civil liberties and human rights;

o
o   o

6.  Instructs its President to forward this resolution to the Council and, for information, to the Commission.

(1) Parliament resolutions of 13 March 2003 on transfer of personal data by airlines in the case of transatlantic flights (OJ C 61 E, 10.3.2004, p. 381), of 9 October 2003 on transfer of personal data by airlines in the case of transatlantic flights: state of negotiations with the USA (OJ C 81 E, 31.3.2004, p. 105) and of 31 March 2004 on the draft Commission decision noting the adequate level of protection provided for personal data contained in the Passenger Name Records (PNRs) transferred to the US Bureau of Customs and Border Protection (OJ C 103 E, 29.4.2004, p. 665).
(2) Council Directive 2004/82/EC of 29 April 2004 on the obligation of carriers to communicate passenger data (OJ L 261, 6.8.2004, p. 24).
(3) Council Decision 2004/496/ECof 17 May 2004 on the conclusion of an Agreement between the European Community and the United States of America on the processing and transfer of PNR data by Air Carriers to the United States Department of Homeland Security, Bureau of Customs and Border Protection (OJ L 183, 20.5.2004, p. 83).
(4) Commission Decision 2004/535/EC of 14 May 2004 on the adequate protection of personal data contained in the Passenger Name Record of air passengers transferred to the United States" Bureau of Customs and Border Protection (OJ L 235, 6.7.2004, p. 11).
(5) Judgment of 30 May 2006 in Joined Cases C-317/04 and C-318/04.
(6) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ L 281, 23.11.1995, p. 31).
(7) Opinion 5/2006 on the ruling by the European Court of Justice of 30 May 2006 in Joined Cases C-317/04 and C-318/04 on the transmission of Passenger Name Records to the United States (see: http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/wpdocs/2006_en.htm)
(8) OJ L 181, 19.7.2003, p. 34.
(9) OJ L 181, 19.7.2003, p. 27.
(10) OJ L 220, 29.7.1989, p. 1.
(11) Joint Review of the implementation by the US Bureau of Customs and Border Protection of the Undertakings set out in Commission Decision 2004/535/EC of 14 May 2004 (Redacted version of 12.12.2005).
(12) (see: http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/wpdocs/2006_en.htm)

Правна информация - Политика за поверителност