After a series of delays and setbacks, MEPs today (14 April) adopted the controversial European air passenger data directive, though even its supporters accept it is no silver bullet for the EU’s fight against terrorism.
The Passenger Name Record (PNR) directive was adopted by the European Parliament by 461 votes to 179, with nine abstentions. In a concession to the directive’s opponents, lawmakers simultaneously voted to strengthen data protection legislation.
Despite strong criticism from the left, the Greens and the Liberals, British Conservative and PNR rapporteur Timothy Kirkhope (European Conservatives and Reformists group) called the directive “an important new tool for fighting terrorists and traffickers”.
The issue was pushed to the top of the Parliament’s agenda following the recent terrorist attacks in Paris and Brussels.
But for many MEPs, the European PNR will do nothing to respond to reduce the threat posed by international terrorists.
German Green MEP Jan Philipp Albrecht called it a “placebo at best” that would “undermine the fundamental rights of EU citizens but also undermine the security of our societies” by pushing public funds in the wrong direction and away from more effective security measures.
Albrecht is rapporteur, or lead MEP, on the General Data Protection Regulation (GDPR), which was also approved in today’s plenary session. Parliament insisted on linking the PNR vote to the simultaneous adoption of the GDPR as one of the main conditions for its support.
Air transport companies will be obliged to communicate the details of all air passengers entering or leaving the EU with the member state in question. Dates, travel itineraries, ticket information and personal data will be stored by the EU countries’ national surveillance authorities, which will, in theory, use them to identify possible terror suspects.
But each country will keep control of its own database, and will not be obliged to share information with other member states.
This lack of centralisation, the broad and vague nature of the data collected and uncertainty over the length of time passenger information may be stored, were all severely criticised during the debate in the Strasbourg plenary on Wednesday (13 April).
“It is a shame that we did not manage to convince the states, which can be hypocritical, to make this a centralised tool,” said Nathalie Griesbeck, a French Liberal MEP.
Beyond fears over the impact of the legislation on civil liberties, which are in part addressed by Albrecht’s data protection bill, MEPs have expressed serious doubts over the effectiveness of the European PNR in countering the threat of terrorism.
“Do we need to increase the mass of information available to the EU member states’ surveillance services, when they are all saying that they are drowning in data but don’t have the capacity to analyse it?” said Yannick Jadot, a French Green MEP.
French Prime Minister Manuel Valls, a firm supporter of PNR, held a press conference with Martin Schulz in Strasbourg on Tuesday (12 April), ahead of today’s vote. “Europe has to face up to the terrorist threat. That is why I welcome the adoption of PNR,” he said.
“We should not oversimplify this issue. Nobody ever said PNR would stop terrorist attacks,” said Valls. “But this system is another tool to make our fight against terrorism more efficient.”
Officially, member states have two years to transpose the directive into national law, an extra delay that will bring the total time between the Commission’s initial PNR proposal and its implementation to seven years.
“The directive will be implemented by the 28 member states, and in light of their attitudes to this debate, they would do well to do it quickly,” warned Sophia in ‘t Veld, a Dutch Liberal MEP.
Marielle de Sarnez, a French Liberal MEP, said, “I am happy that PNR has finally been adopted. It is the only response to help our intelligence and security services collect and process useful information in the fight against terrorism and organised crime. (…) Although it is a useful tool, PNR can and must be improved. This legislation will allow many European countries to pool their data collection and processing capacities, but it the long term, we must work towards a unified European PNR.”
The EU PNR directive will oblige airlines to hand EU countries their passengers' data in order to help the authorities to fight terrorism and serious crime.
It will require more systematic collection, use and retention of data on air passengers, and will therefore have an impact on the rights to privacy and data protection.
The directive, proposed by the European Commission in 2011, met with opposition in the European Parliament, over fears that it will compromise the private life of European citizens.
The terrorist attacks in Paris in January and November 2015, and those in Brussels in March 2016, gave a political boost to the plans, which were adopted on 14 April.
The main legislative instrument at EU level governing data retention is the Data Retention Directive, which was adopted in November 2006 following the Madrid terrorist train bombings in 2004 and the public transport bombings in London in 2005. These resulted in a text which gave room for different applications at national level and which did not guarantee a sufficient level of harmonisation.
Data protection and privacy in electronic communications are also governed by the E-privacy Directive, which dates back to 2002, although it was slightly revised in 2009.