On April 14, 2016, a plenary session of the European Parliament gave the green light to the International Air Passenger Record (PNR, Passenger Name Record) to move forward with the creation of a macro database of passengers passing through European airports.
Many passengers wonder about the effects this will have on the way we travel, or worry about the possibility of having their privacy exposed.
After its approval by the parliament, the proposal will have to be formally adopted by the council and, once it is published in the Official Journal of the European Union, member states will have two years to turn it into national law.
The creation of the European Registry has been under study since 2007, but it was given greater priority after the attacks in Paris and Brussels in order to prevent, detect, investigate, and prosecute terrorism and other serious crimes. This legislation takes into account serious offenses: membership in criminal organizations, human trafficking, sexual exploitation of children and child pornography, drug trafficking, arms trafficking, corruption, fraud, money laundering, murder, rape, and kidnapping.
In order to create the record, airlines will be obliged to hand over passenger data that is currently collected for commercial purposes to national authorities. The new record will also gather the data provided when making an airline reservation: name, date of reservation, flight date, address and telephone number, payment method, full itinerary, travel agency used where applicable, number and type of seat, baggage information, as well as the number and names of other passengers on the same reservation.
It is important to emphasise that the processing, either directly or indirectly, of sensitive information such as revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union affiliation, health, sexual history or sexual orientation of a person, is explicitly prohibited.
This information will be kept for five years. In the first six month period all passenger information will be maintained. However, after this initial period, the data will then become anonymous, depriving it of information which could lead to the identification of the corresponding passenger.
Member States will have to establish a “Passenger Information Unit” which will be responsible for managing, analysing, and processing the data collected by airlines. The units will also be responsible for communicating said information to the relevant authorities, and exchanging it with other European Union Information Units and Europol.
The PNR record is different from the Advanced Passenger Information (API) register which collects details for passport control (name, date of birth, passport number, and nationality). While the API register is used to identify terrorists and “known” criminals with the use of alerts, the PNR register will enable risk assessment of unknown persons. The combined data analysis will identify specific behaviour patterns and establish relationships between “known” and “unknown” persons.
It will establish certain “risk indicators”; for example, if a reservation has been made through the Internet or a travel agency, if the ticket has been paid for in cash or by credit card, and if the passenger route follows a pattern commonly used by terrorists. The aim is to monitor certain suspicious passengers and, where appropriate, to anticipate threats and prevent certain crimes from being committed.
How many people will be affected by the PNR?
The PNR will only collect data from international flight passengers operating between a member state and third countries. National authorities will be able to collect PNR data of certain intra-community flights with prior notification to the European Commission.
Of the 879 million passengers who flew to or from airports in the European Union in 2014, 43% took flights between EU countries, 18% took domestic flights, and 39% took flights to or from non-EU countries.
This means that in 2014 the data of 343 million passengers was sent to national authorities.
It is worth remembering that PNR agreements already exist between the European Union and the United States (since 2004), Australia (2008), and Canada (2006), authorizing airlines to send information to the authorities of these countries.
How will the PNR affect me?
Many people wonder about the effects this will have on the way we travel, or worry about the possibility of having their privacy exposed.
The answer is that you can remain calm. If you are not a terrorist, a criminal, an arms dealer, or you don’t conduct any other criminal activity, then you won’t even know that the PNR even exists as data is sent automatically and securely between air carriers and the authorities.
Furthermore, as previously mentioned, air companies already collect information about us for commercial purposes, meaning that your private life will remain just as exposed as it was prior to the PNR; no more, no less.
So in summary, if you lead a “respectable” life, then the PNR will not change it one little bit.
