Full text 
Verbatim report of proceedings
Monday, 9 July 2007 - Strasbourg OJ edition

18. PNR Agreement with the United States (debate)

  President. The next item is the Commission statement on the PNR Agreement with the United States.


  Franco Frattini, Vice-President of the Commission. Mr President, as you already know, the United States and the European Union concluded talks on a long-term PNR agreement. I want to use this occasion to thank the German Presidency and in particular Minister Schäuble for his personal involvement in making this happen. The unanimous mandate given by the Council of Ministers has been fulfilled. The new agreement provides for a high level of data protection and important commitments on the handling of future European PNR data.

Several important interests had to be addressed. Firstly, the fight against terrorism and serious international crime, and in parallel the right to privacy and protection of fundamental civil rights, the need for air carriers to be able to comply with diverse legal requirements at an acceptable economic cost, the wider transatlantic relationship and the true international scope of these issues. The United States has agreed on a binding international agreement and by doing so they have understood the need for legal certainty.

The agreement is divided into three parts. First, an agreement signed by both parties. Second, a letter which the United States sent to the EU in which it set out assurances on the way in which it will handle European PNR data in the future. And third, a letter from the EU to the United States acknowledging the receipt of assurances and confirming that on that basis it considers the level of protection afforded by the US Department of Homeland Security to be adequate for European PNR data.

In the past, the exchange of undertakings was not binding in character. It was in my personal view, but also in the view of the Council, a major achievement of the new agreement. This agreement will be valid for 7 years, thus providing for a considerable period of legal certainty. There is not an extension of the time during which passenger data are kept from 3.5 to 15 years. There is an increase from 3.5 to 7 years of the time during which data are kept in an active file. The further period of 8 years that was already provided for in the previous agreements and that undertaking is not newly introduced in this new agreement.

The purpose for which data will be used remains the same. The number of PNR data has been reduced from 34 to 19 as a result of rationalisation and merging. Sensitive data will be filtered and made accessible only in exceptional circumstances which have been justified and will be deleted after 30 days. Those air carriers not already pushing the data will go from a ‘pull’ to a ‘push’ system as soon it becomes technically feasible. It is now up to air carriers to introduce new technologies as soon as possible, but both the United States and the EU agree that this system should be a ‘push’ system and no longer a ‘pull’ system.

The Commissioner for Justice, Freedom and Security and the United States Secretary of Homeland Security will be responsible for the review system. Finally, the United States has accepted a review system which was likely to be agreed at the beginning of our negotiations.

Protection given under the United States Privacy Act will be extended through administrative procedures to non-US citizens, in particular with regard to redress and correction, and, therefore, EU citizens will be entitled to protection under that Act. That was not the case under the previous agreement.

Common efforts are needed in order to protect our societies, including our human rights, from attempts by terrorists to undermine them. The recent events in London and Glasgow have shown that terrorism will stay with us for some time. That is why, as I have already announced, I will present a package in the autumn, which will include new measures – both legislative and operational – aimed at improving and increasing our capacity to cooperate at an international level against terrorism. I shall also propose that the EU Member States establish a European PNR system at national level in as many Member States as possible.


  Carlos Coelho, on behalf of the PPE-DE Group. – (PT) Mr Frattini, ladies and gentlemen, I should like to begin by congratulating Mr Frattini and the German Presidency on the effort they have put into concluding this PNR Agreement. It was essential to avoid a legal vacuum that would have left European airlines in a difficult position and jeopardised the protection of our citizens.

We have always supported having an international agreement at EU level instead of 27 bilateral agreements, because the Union can put forward a stronger position not only on preventing and fighting terrorism, but also on protecting fundamental rights. That is why the Group of the European People's Party (Christian Democrats) and European Democrats was in favour of granting the Commission a mandate to reopen negotiations. We are well aware that the negotiations were difficult and also that the European side wanted to find a mutually acceptable solution more strongly than the US side did.

I find it regrettable, however, that this agreement is composed of three parts: an agreement and two letters, the binding nature of which is not all the same. There are several points that have changed for the better, and Mr Frattini has mentioned a number of them, but there are others that have fallen well short of our expectations. The points I would highlight are these: first, I welcome the reduction in the number of PNR data, and I welcome the switch from a pull to a push system, as mentioned just now. We know that 13 airlines have implemented the system already, but many others have not yet done so. I would like to know what kind of initiatives the Commission is preparing to help and encourage airlines to switch over.

I still cannot accept what I consider to be an excessively long data storage period. I am pleased at the inclusion of the requirement to give passengers adequate information and I welcome the appeal procedures for passengers, whereby they can review and correct data held by the US authorities, although there is still no sound legal mechanism allowing European citizens to appeal if their personal data are misused.

I am afraid that the additional measures for protecting sensitive data are inadequate, and I regret that the use of data by other US agencies has not been fully guaranteed.

A lot has been done, Commissioner, but there is still a lot left to do, and I hope that the control mechanism that you have agreed upon will allow some of the negative points that remain to be corrected.


  Stavros Lambrinidis, on behalf of the PSE Group.(EL) Mr Vice-President, I honestly wish I could congratulate you today on achieving an agreement with the USA; my political group knows how hard you have worked, especially in the face of the USA's threat that, in the absence of agreement, they would unilaterally impose even worse terms on the airline companies.

Unfortunately, what we have in our hands, first of all, is not an agreement with the USA. It is in fact an agreement with the USA and with any other countries to which the USA unilaterally decides to transfer personal data on European passengers.

Secondly, it is an agreement that contains commitments only for Europe and not for the USA.

Thirdly, even where the agreement sets certain limits, these limits are so unclear and so full of legal loopholes that in practice it will allow the USA to do pretty much as it likes.

Let me be more specific: firstly, the agreement and the attached letter from the USA state that America will be able to transfer the information we send it to any third country it likes, with hardly any obligation to even notify us. In other words, in practice, Europe is signing the PNR agreement not only with the USA but with any other countries on earth which the USA decides, countries which cannot today receive data on European citizens directly from Europe, because we have not signed an agreement with them. Did your negotiating mandate from the Council really include the authority to allow the uncontrolled transfer of European data by the USA where Europe cannot do so?

Secondly, while Europe has expressly declared that it is bound by the agreement, the USA has expressly declared that they are not bound by the agreement. They are only bound by the unilateral assurances in their letter and by American laws which, if they change, will automatically bring about changes to the agreement.

Thirdly, as far as passenger information on the use of their data is concerned, there is no provision for an obligation by the governments to ensure they are informed; the airline companies are merely urged to do so. But information for citizens is an express dictat of European laws. Why did you not mention this?

Fourthly, if the USA infringes the agreement, the only solution open to the European Union is to abolish it completely. How will this be done, Commissioner, when even if 26 of the 27 Member States consider that it has been infringed and one considers that it has not, the agreement cannot be abolished at European level?

Fifthly, the legal intended uses of the data cited are uncontrolled. While at the beginning of the letter they are limited to combating terrorism and serious crime, immediately afterwards any use is allowed in any criminal proceedings or however otherwise required under US law, that is, for almost anything.

This is not an international agreement; at least not as the citizens understand the term. I do hope it will be changed on these crucial points before it is signed.


  Sophia in ‘t Veld, on behalf of the ALDE Group. – Mr President, first of all I note that the Council Presidency is absent during this important debate, which is remarkable as it was responsible for the negotiations. I am therefore thankful for the presence of Mr Frattini.

However, I would like to start by objecting to the implicit link that Mr Frattini makes with the failed terrorist attacks in the UK last week. I find that distasteful: it has nothing to do with PNR.

That brings me to an important point that this House has emphasised many times and that is the need for an evaluation. We need evidence that the use of PNR data leads to greater security and that they are not used only to catch people who commit document fraud, drug smuggling or whatever. We need evidence and not just anecdotes.

Mr Frattini says that this is a good agreement. Well, it serves two purposes: firstly, to legalise the transfer of data by carriers and, secondly, to provide, as he has said, a high level of data protection. Well, it fails miserably on the second objective; it is not legally binding, it explicitly states that it does not confer any rights on any person or any party. Well, how much clearer can it get? Then, it looks good superficially, but it is full of loopholes, open definitions and exceptions, when it comes to purpose limitation, for example, or the retention periods, which are going up to 15 years and maybe even more, and they will be applied retroactively. I am not a lawyer, but that strikes me as distinctly funny.

The reduction from 34 to 19 data is an insult to our intelligence. If you look at the data, it is not a reduction: the 34 are merged into 19 data fields. I am not stupid. We may not have any powers here but we are not stupid.

Then with pull to push: we got that promise back in 2004. We still do not have it! It is technically feasible, so why do we not have it?

Democratic oversight is completely lacking. This House may not have competences any more, but the national parliaments are completely excluded. Some of the national parliaments will get to approve the agreement, but they can only say ‘yes’ or ‘yes’, because they do not have time, they do not get all the necessary information – only very summary information – and it has just been pointed out that if one national parliament says ‘no’ then there is no agreement and no parliament will want to take that responsibility, so they have their backs against the wall.

With regard to the Privacy Act, it is good that it now covers European citizens. We asked for that many times. However, we all know that the Bush Administration uses all sorts of exceptions and exemptions to the Privacy Act, which, incidentally, affects American citizens as it does European citizens.

To conclude, concerning Mr Frattini’s proposal on a European PNR scheme – which is not a real proposal because he floated it at a press conference rather than putting a real proposal before this House, I think the timing – last week – was wrong and I would like to know what the justification is for such a scheme. We do not even know what purpose the PNR agreement with the United States serves. We do not know how many terrorists were caught, how many attacks were prevented and how many false positives there have been. We have insisted on an evaluation before signing a new agreement.

Finally, I would like to recommend that the PPE-DE Group support the joint motion for a resolution that we will negotiate tomorrow, read the agreement very carefully and read between the lines, because it is not as good as it looks.


  Kathalijne Maria Buitenweg, on behalf of the Verts/ALE Group. (NL) Mr President, this is the third agreement we are discussing in this Parliament on the transfer of passenger data to the United States, and things are not getting any better. Commissioner Frattini, you claim that the data is only used for the fight against terrorism or against serious international crime. As you know the agreement well, you will also be aware that Annex II stipulates, as Mr Lambrinidis said, or otherwise required by law, by US-law that is, which opens up its scope considerably, of course.

In general, I think that this is not the place either where you should make things out to be better than they really are. This also applies to the data, as Mrs in 't Veld said a moment ago. I have the two annexes here in front of me: an old annex to the old agreement and a new annex to the new agreement, one of which contains 19 data fields while the other contains 34. I would very much like to hear from you presently what data, according to you, will no longer be transferred to the United States. I want to know this very specifically because, as I see it, there is not one data field that will no longer be transferred to the United States, let alone 15.

Turning to the other item of push and pull, here too, I am tired of people acting as if major progress is being made. On two occasions, the Americans have moved this proposal, and you have had to negotiate once again with a view to them simply delivering on their own promises. Surely this is unacceptable in transatlantic relations.

Finally, I checked the DHS [Department of Homeland Security] website today for redress inquiries. It states that if you think you are under suspicion and that you are on a watch list of people who are denied airline boarding, they cannot let you know what the data is that they have on you, but you will have to inform them of the reason why you think you are under suspicion. Surely this is not the way to let people seek travel redress! So I would have to say to you, yes, I might be a vegetarian, but this will really not tell you anything. It is too absurd for words that people do not have access to the data on which they appear to be judged.


  Jeanine Hennis-Plasschaert (ALDE). – (NL) Mr President, following endless debates, pulling and pushing, I had hoped for an adequate explanation where effectiveness is concerned, or the supposed effectiveness of an agreement such as this one. However, this hope soon evaporated when I read the agreement, one that was announced with so much pomp and circumstance by Mr Schäuble and others, including yourself.

Not a word was breathed about this supposed effectiveness. How many terrorists have been stopped in their tracks on the basis of the existing interim agreement? Of course, like the Commission, I too understand the importance of having an agreement, not least on account of the position of the European aviation industry. Legal certainty is important to everyone, but rules and regulations should not be there for rules and regulations’ sake.

What struck me, above all, having read this agreement, is that a great deal is coming out of our own pocket. It remains completely beyond me why we as a Union allow ourselves to be pushed into such an underdog position. Both the Council and Commission could learn from the perseverance displayed by our champion Mrs in 't Veld. All credit therefore to her and her unstinting efforts.

Finally, whilst the fight against terrorism is, of course, an important one, I cannot shake off the impression that we are at risk of losing sight of reality in this matter. This agreement is not enough, not by a long shot.


  Sarah Ludford (ALDE). – Mr President, I am afraid that I am going to continue in a slightly sceptical line, but first of all a question to the Commissioner. Could he please tell us what is the legal basis of this agreement from the EU side? The only reference I can find to any legal instruments in it are to US Statutes. I do not find any reference to legal bases from the Treaties. I remember talk of Articles 24 and 38 earlier on. If Article 38 is one of them, then why is the European Parliament not formally consulted?

Secondly, we hear a lot about needing this to fight terrorism. If terrorism is such an important priority of the EU, why have we gone four months without a counter-terrorism coordinator?

Thirdly, this agreement is about collecting a huge amount of data on everyone, as a basis for profiling, data mining etc., but we have very poor implementation of targeted measures against terrorism.

The Director of Interpol has just launched what has been called in the press an ‘unprecedented attack on the UK’ for failing to check visitors against the Interpol database of stolen passports. When the Commission produced a report last year on the common position of January 2005, it was distinctly unimpressed by Member States’ achievements. Only a small number of Member States had established infrastructures for authorities to search the Interpol databases – 8 of the 25 Member States did not respond to the Commission’s inquiries – and very few Member States had made sure that their law enforcement authorities searched the database. Member States are completely ignoring their obligations.

Finally, we have the EU APIS Directive of 2004, which should have been implemented last year. Could the Commissioner tell us whether the Member States have implemented this Directive, why it is concerned only with illegal immigration and why it does not provide for visitors to be checked against terrorist watch lists? There are plenty of measures out there which are being completely unimplemented by Member States. Let us do that first before we have mass surveillance of the whole population.


  Franco Frattini, Vice-President of the Commission. – (IT) Mr President, ladies and gentlemen, I should like to thank all those who have spoken, even though I do not agree with most of their speeches, but you know that I always speak my mind with absolute frankness.

Ladies and gentlemen, agreements are made between two parties. The United States has the power to accept or reject an agreement. We had a duty, first of all, to ask the Council of Ministers for a mandate, which we were given and within which we have operated. The agreement has been approved by the Member States – after all, they granted us the power to negotiate – so they clearly thought that having this agreement was immensely better than the possibility of not having any agreement at all after 31 July this year, which is actually in a few days’ time.

Quite frankly, I should like to have heard those who criticised this agreement so harshly make at least one comment on the consequences of not having any agreement at all. Can any of you imagine that the airlines would have negotiated bilaterally with the United States and achieved a better level of personal data protection? I do not think anyone can even imagine that that might have happened. The protection of European citizens’ personal data would have been in serious jeopardy without the certainty of legally binding rules.

As you know, for the first time we have a binding agreement, unlike the previous one, which involved no binding commitments but just unilateral ones. In this agreement, we have recognised the ‘push’ principle as a fundamental criterion, as this Parliament has demanded on several occasions. The fact that some airlines have said that they are not yet in a position to switch over from pull to push does not depend on either the United States or Europe, but rather on the fact that some of them have so far been unable to change system on technical grounds. Since others have been able to do so, it must depend on their technical ability and willingness, and we shall help them to make the move.

We have set the ‘push’ system as a criterion; if, however, an airline says it is technically unable to implement it, other proposals need to be examined. Can we deny that airline landing rights? I am ready to examine any proposals, but we have also set a deadline, which is the end of this year. That seems technically feasible, since IATA (the International Air Transport Association) has told us that it is reasonable to expect all airlines to be technically capable of introducing the new system within six months. It is purely down to technical reasons.

We have established that sensitive data will be destroyed within 30 days, a measure that had not been agreed previously, and we have established that the US Privacy Act will apply to European citizens, something that had been mentioned in many debates here in Parliament as an essential condition: European citizens will be able to complain under the same law as US citizens if the US Department of Homeland Security misuses their data. That is something that did not exist before, and I am giving you actual facts.

Mr Lambrinidis has rightly mentioned third countries. It is true that the data in question can be passed on to third countries but, as you know, it is laid down that there will be the same power of control over the correct use of such data. The fact that they are passed on to a third country does not affect the power of control: the third country will use the data in accordance with the very same rules laid down in this agreement and we shall retain the same power to check whether the data have been used properly or not.

Someone asked about the possibility of terminating the agreement. The possibility does of course exist, in the event of a substantial breach, and you are perfectly well aware of the legal basis adopted. Article 24 of the Treaty is an intergovernmental basis and not, unfortunately, a Community basis, because the European Union Court of Justice has so ruled. An agreement had previously been negotiated on a basis that allowed for your full participation as the European Parliament. Unfortunately, the Court of Justice ruling established that the legal basis was incorrect and, as you know, everything stems from that ruling.

It is a fact, Mr Lambsdorff, that many Member States are not complying with European measures, which instead ought to be fully implemented. You know perfectly well not only that I published the state of the art country by country just a few days ago, but also that I have initiated infringement procedures, and I do not think I need to wait for the outcome of those to adopt useful proposals to combat terrorism.

I do not share the opinion of those who say, ‘We should do other things first and then worry about terrorism.’ Terrorism is a serious and present threat. I think this agreement could have been better if we had been negotiating it alone but, since agreements are made between two sides, it is a compromise and, in the spirit of compromise, the Council of Ministers approved it unanimously. In my view it was right to do so, and the German Presidency was given due recognition for all the hard work it put into this agreement.

It is a binding agreement which will certainly help to fight terrorism or, better still, to prevent it. No member of the Committee on Civil Liberties, Justice and Home Affairs should forget that the US Secretary of Homeland Security came to Parliament and gave you some information and, in some cases, specific facts about terror suspects who were stopped thanks to PNR data. There were just a few cases, but they concern people who were stopped thanks to PNR data and were later involved in bomb attacks elsewhere in the world.

Despite all the impact assessments that we have conducted and may yet conduct, I believe that the agreement in question, which provides legal certainty, is infinitely better than the absence of an agreement. I am sorry that we do not agree on this point, but I have a duty to be sincere.


  Kathalijne Maria Buitenweg (Verts/ALE). – Mr President, we are lacking an important piece of information. The PPE-DE Group is basing its positive opinion partly on the fact that the amount of data now being sent to the US is reduced from 34 to 19. I have challenged the Commission to say which of the 15 pieces of information are no longer being transferred to the US, because as far as I see it – and the rapporteur Sophia in 't Veld also mentioned this – most of the fields are merged so that the change is mainly cosmetic. I would like to be convinced that the opposite is true. I would like the Commission to list the 15 information fields which are now no longer being transferred to the US.


  President. The debate is closed.

The vote will take place on Thursday 12 July 2007.

Legal notice - Privacy policy