Full text 
Document stages in plenary
Select a document :

Texts tabled :


Debates :

Votes :

PV 12/07/2007 - 6.7
CRE 12/07/2007 - 6.7
Explanations of votes

Texts adopted :


Texts adopted
PDF 127kWORD 94k
Thursday, 12 July 2007 - Strasbourg
PNR Agreement

European Parliament resolution of 12 July 2007 on the PNR agreement with the United States of America

The European Parliament,

–   having regard to Article 6 of the Treaty on European Union, Article 8 of the Charter of Fundamental Rights of the European Union and Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms,

–   having regard to its recommendation of 7 September 2006 to the Council(1) and its resolution of 14 February 2007(2) on PNR,

–   having regard to the previous PNR agreements between the European Community and the United States of America of 28 May 2004 and between the European Union and the United States of America of 19 October 2006,

–   having regard to the draft agreement of 28 June 2007 between the European Union and the United States of America on the processing and transfer of PNR data by air carriers to the United States Department of Homeland Security (DHS), informally transmitted by the President-in-Office of the Council, Minister Wolfgang Schäuble, to the Chair of the Committee on Civil Liberties, Justice and Home Affairs,

–   having regard to the judgment of 30 May 2006 of the Court of Justice in Joined Cases C-317/04 and C-318/04,

–   having regard to the letter from the DHS of 28 June 2007 on the assurances explaining its safeguarding of PNR data, informally transmitted by the President-in-Office of the Council, Mr Schäuble, to the Chair of the Committee on Civil Liberties, Justice and Home Affairs,

–   having regard to the letter from the European Data Protection Supervisor of 27 June 2007, concerning the new PNR agreement with the US ('the new PNR agreement'), addressed to the President-in-Office, Mr Schäuble, and the responses he received from Mr. Schäuble and from Jonathan Faull, Director-General of the Justice Liberty and Security Directorate-General of the Commission of 29 June and 3 July 2007, respectively

–   having regard to Article 2 of the Council of Europe's Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, regarding supervisory authorities and transborder data flows,

–   having regard to Council Directive 2004/82/EC of 29 April 2004 on the obligation of carriers to communicate passenger data(3),

–   having regard to Rule 103(2) of its Rules of Procedure,

A.   whereas the declared purpose of the new PNR agreement is to provide a legal basis for the transfer of EU PNR data to the US on the one hand, and to ensure an adequate protection of personal data and procedural safeguards for EU citizens on the other,

B.   whereas the new PNR agreement is meant to help prevent and combat terrorism and international crime,

C.   whereas the new PNR agreement fails to meet the second objective, as it is substantively flawed in terms of legal certainty, data protection and legal redress for EU citizens, in particular as a result of open and vague definitions and multiple possibilities for exceptions,

D.   whereas the new PNR agreement provides the legal framework for the transfer of EU PNR data to the US and, by doing so, provides a basis for the air carriers to operate their business in the US,

E.   whereas adequate protection of the privacy and civil liberties of individual citizens and data quality controls are necessary if the sharing of data and information is to be a valuable and reliable tool in the fight against terrorism,


1.  Recognises the difficult conditions under which the PNR negotiations took place, and acknowledges, in principle, the benefit of having a single EU-US PNR agreement rather than 27 bilateral agreements between the Member States and the US;

2.  Strongly regrets the lack of democratic oversight of any kind, as the new PNR agreement, prompted by US requirements, has been negotiated and agreed without any involvement of the European Parliament and leaving insufficient opportunity for national parliaments to exercise any influence over the negotiating mandate, to thoroughly assess the proposed new PNR agreement, or to propose modifications to it;

3.  Is concerned at the persistent lack of legal certainty as regards the consequences and scope of the obligations imposed on the airlines as well as the legal relationship between the new PNR agreement and the DHS letter;

4.  Criticises the failure of the new PNR agreement to offer an adequate level of protection of PNR data, and regrets the lack of clear and proportionate provisions as regards the sharing of information and retention and supervision by data protection authorities; is concerned about the numerous provisions that are to be implemented at the discretion of the DHS;

5.  Calls, therefore, on the national parliaments of the Member States to examine the draft new PNR agreement carefully in the light of the observations made in this resolution;

As regards the legal framework

6.  Is concerned that the DHS's handling, collection, use and storage of PNR data is not founded on a proper agreement, but only on non-binding assurances that can be unilaterally changed by the DHS at any given moment and that do not confer any rights or benefits on any person or party;

7.  Regrets the lack of clear purpose-limitation given in the DHS letter, which notes that the PNR data may be used for the fight against terrorism and related crimes, but also for a range of unspecified additional purposes, notably 'for the protection of the vital interests of the data subject or other persons, or in any criminal judicial proceedings, or as otherwise required by law';

8.  Welcomes the willingness of the DHS to move to the PUSH system no later than 1 January 2008 in principle, but regrets the fact that the shift – already foreseen in the 2004 PNR agreement – has been delayed for years, even though the condition of technical feasibility has long since been met; believes that the PUSH system for all carriers should be a sine qua non for PNR transfers; stresses that the concurrent existence of the 'PUSH' and 'PULL' systems could lead to a distortion of competition between EU carriers;

9.  Insists that the joint periodic review by the DHS and the EU must be comprehensive and take place annually and that the results must be published; insists that the review must include an assessment of the effectiveness of the measures in terms of greater security; regrets the fact that the review does not provide for any involvement of national or European data protection supervisors, which was provided for under the previous PNR agreement;

10.  Insists that passengers must be properly informed of the use of their data and their rights, especially the right to redress and the right to be informed on what basis a traveller is stopped, and that this obligation rests with the airlines; believes that the DHS and the Commission must take responsibility for the information provided to passengers and proposes that the 'Short notice for travel between the European Union and the United States' suggested by the Article 29 Working Party (WP 132) be made available to all passengers;

11.  Regrets the fact that the EU negotiations with the US took no account of Directive 2004/82/EC or of the EU's PNR agreements with Australia and Canada, which ensure higher standards of protection of personal data;

12.  Recalls that the administrative agreement concluded between the EU and the US must not have the effect of reducing the level of protection of personal data assured by Member States' national legislation, and regrets that it will create further confusion as to the obligations of EU airlines and the fundamental rights of EU citizens;

As regards data protection

13.  Welcomes the provision that the US Privacy Act will be extended administratively to EU citizens;

14.  Regrets the fact that the DHS reserves the right to introduce exemptions under the Freedom of Information Act;

15.  Regrets the failure of the new PNR agreement to lay down precise criteria for the definition of the protection of personal data transferred to the DHS which could be considered adequate according to EU standards;

16.  Deplores, in this respect, the fact that EU citizens' PNR data are to be treated solely according to US law, without an adequacy assessment or any indication of the specific US legislation applicable;

17.  Deplores the fact that the length of retention of PNR data will be extended from 3.5 years to 15 years, as well as this being retroactively applied to data collected under the previous PNR agreements; strongly criticises the fact that after the 15-year retention period, consisting of a 7-year 'active' and an 8-year 'dormant' period, there is no guarantee that the data will be definitively deleted;

18.  Takes note of the reduction in data fields from 34 to 19, but points out that the reduction is largely cosmetic due to the merging and renaming of data fields instead of actual deletions;

19.  Notes with concern that sensitive data (i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and data concerning the health or sex life of individuals), will be made available to the DHS and that these data may be used by the DHS in exceptional cases;

20.  Is concerned that data will be kept for seven years in 'active analytical databases', leading to a significant risk of massive profiling and data mining, which is incompatible with basic European principles and is a practice still under discussion in the US Congress;

As regards sharing of information

21.  Regrets the failure of the new PNR agreement to define precisely which US authorities may access the PNR data;

22.  Is concerned at the envisaged transfer of analytical information flowing from PNR data from the US authorities to police and judicial authorities in the Member States, and possibly to Europol and Eurojust, outside the framework of specific judicial procedures or police investigations, as mentioned in the DHS letter, since this should only be allowed in accordance with the existing EU-US agreements on mutual legal assistance and extradition;

23.  Strongly opposes the provision that third countries in general may be given access to PNR data if adhering to DHS-specified conditions, and that third countries may exceptionally, in unspecified emergency cases, be given access to PNR data without assurances that the data will be handled according to the DHS level of data protection;

24.  Regrets the fact that the EU has accepted 'not to interfere' with regard to the protection of EU citizens' PNR data that may be shared by the US with third countries;

25.  Notes that the new PNR agreement allows the DHS to provide PNR data to other US domestic governmental authorities in relation to specific cases and in proportion to the nature of the case; regrets that the new PNR agreement lacks any indication as to which US authorities may access the PNR data and that the purposes set out in Article I of the DHS letter are very broad;

As regards a European PNR system

26.  Notes that the new PNR agreement makes reference to a possible future PNR system at the level of the EU or in one or more of its Member States, and the provision that any PNR data in such a system may be made available to the DHS;

27.  Demands that the Commission clarify the state of play with regard to an EU PNR system, including making available the feasibility study it has pledged to undertake;

28.  Repeats the concerns expressed by the Article 29 Working Party as regards the use of PNR data for law enforcement purposes, notably calling on the Commission to substantiate:

   a) the operational need and purpose of collecting PNR data at the point of entry into EU territory;
   b) the added value of collecting PNR data in the light of the already existing control measures at the point of entry into the EU for security purposes, such as the Schengen system, the Visa Information System, and the API system;
   c) the use that is envisaged for PNR data, in particular whether it is for identifying individuals in order to ensure air security, for identifying who enters the territory of the EU, or for general negative or positive profiling of passengers;

29.  Insists that Parliament be involved, pursuant to Articles 71(1)(c) and 251 of the Treaty establishing the European Community, in all relevant developments;

30.  Recalls that the new PNR agreement will eventually have to be reviewed in the light of future EU institutional reforms, as outlined in the conclusions of the European Council of June 2007 and in the mandate for the next IGC;

31.  Intends to seek a legal appraisal of the new PNR agreement for conformity with national and EU legislation, and invites the Article 29 Working Party and the European Data Protection Supervisor to present comprehensive opinions in this respect;

o   o

32.  Instructs its President to forward this resolution to the Council, the Commission, the governments and parliaments of the Member States, and the US Congress.

(1) OJ C 305 E, 14.12.2006, p. 250.
(2) Texts Adopted, P6_TA(2007)0039.
(3) OJ L 261, 6.8.2004, p. 24.

Legal notice - Privacy policy