MEPs approve PNR, strengthen data protection

Under PNR, data on all air passengers entering and leaving the EU will be shared with national security authorities. [Andrew Thomas/Flickr]

After a series of delays and setbacks, MEPs today (14 April) adopted the controversial European air passenger data directive, though even its supporters accept it is no silver bullet for the EU’s fight against terrorism.

The Passenger Name Record (PNR) directive was adopted by the European Parliament by 461 votes to 179, with nine abstentions. In a concession to the directive’s opponents, lawmakers simultaneously voted to strengthen data protection legislation.

Despite strong criticism from the left, the Greens and the Liberals, British Conservative and PNR rapporteur Timothy Kirkhope (European Conservatives and Reformists group) called the directive “an important new tool for fighting terrorists and traffickers”.

Flight data deal is a reason for UK to stay in the EU, says Tory MEP

Timothy Kirkhope, the British MEP shepherding the controversial passenger name records (PNR) bill through the European Parliament, has named security one of the main reasons for the UK to remain in the EU.

The issue was pushed to the top of the Parliament’s agenda following the recent terrorist attacks in Paris and Brussels.

But for many MEPs, the European PNR will do nothing to respond to reduce the threat posed by international terrorists.

German Green MEP Jan Philipp Albrecht called it a “placebo at best” that would “undermine the fundamental rights of EU citizens but also undermine the security of our societies” by pushing public funds in the wrong direction and away from more effective security measures.

Albrecht is rapporteur, or lead MEP, on the General Data Protection Regulation (GDPR), which was also approved in today’s plenary session. Parliament insisted on linking the PNR vote to the simultaneous adoption of the GDPR as one of the main conditions for its support.

MEPs refuse to vote on PNR before Council strengthens data protection

The ideological battle over the proposed system of recording air passenger information raged on this Monday (7 March), as MEPs refused to vote on the bill. EURACTIV France reports.


Fragmented system

Air transport companies will be obliged to communicate the details of all air passengers entering or leaving the EU with the member state in question. Dates, travel itineraries, ticket information and personal data will be stored by the EU countries’ national surveillance authorities, which will, in theory, use them to identify possible terror suspects.

But each country will keep control of its own database, and will not be obliged to share information with other member states.

This lack of centralisation, the broad and vague nature of the data collected and uncertainty over the length of time passenger information may be stored, were all severely criticised during the debate in the Strasbourg plenary on Wednesday (13 April).

“It is a shame that we did not manage to convince the states, which can be hypocritical, to make this a centralised tool,” said Nathalie Griesbeck, a French Liberal MEP.

Questionable efficiency

Beyond fears over the impact of the legislation on civil liberties, which are in part addressed by Albrecht’s data protection bill, MEPs have expressed serious doubts over the effectiveness of the European PNR in countering the threat of terrorism.

“Do we need to increase the mass of information available to the EU member states’ surveillance services, when they are all saying that they are drowning in data but don’t have the capacity to analyse it?” said Yannick Jadot, a French Green MEP.

Hypocrisy at the heart of the PNR debate

EU member states still refuse to share information on air passengers, fearing the data could fall into the wrong hands. France is pushing for the proposal’s adoption with one hand, while watering it down with the other. EURACTIV France reports.

French Prime Minister Manuel Valls, a firm supporter of PNR, held a press conference with Martin Schulz in Strasbourg on Tuesday (12 April), ahead of today’s vote. “Europe has to face up to the terrorist threat. That is why I welcome the adoption of PNR,” he said.

“We should not oversimplify this issue. Nobody ever said PNR would stop terrorist attacks,” said Valls. “But this system is another tool to make our fight against terrorism more efficient.”

Pittella: The ‘Trumps’ of Europe hamper cooperation on counter-terrorism

The blind illusion of some government that think they can tackle global threats unilaterally must be blamed for the lack of cooperation in Europe to fight terrorism and find a common response to solve the migration crisis, said S&D leader Gianni Pittella, in an interview with EURACTIV.

Officially, member states have two years to transpose the directive into national law, an extra delay that will bring the total time between the Commission’s initial PNR proposal and its implementation to seven years.

“The directive will be implemented by the 28 member states, and in light of their attitudes to this debate, they would do well to do it quickly,” warned Sophia in ‘t Veld, a Dutch Liberal MEP.

Marielle de Sarnez, a French Liberal MEP, said, “I am happy that PNR has finally been adopted. It is the only response to help our intelligence and security services collect and process useful information in the fight against terrorism and organised crime. (…) Although it is a useful tool, PNR can and must be improved. This legislation will allow many European countries to pool their data collection and processing capacities, but it the long term, we must work towards a unified European PNR.”

The EU PNR directive will oblige airlines to hand EU countries their passengers' data in order to help the authorities to fight terrorism and serious crime.

It will require more systematic collection, use and retention of data on air passengers, and will therefore have an impact on the rights to privacy and data protection.

The directive, proposed by the European Commission in 2011, met with opposition in the European Parliament, over fears that it will compromise the private life of European citizens.

The terrorist attacks in Paris in January and November 2015, and those in Brussels in March 2016, gave a political boost to the plans, which were adopted on 14 April.

The main legislative instrument at EU level governing data retention is the Data Retention Directive, which was adopted in November 2006 following the Madrid terrorist train bombings in 2004 and the public transport bombings in London in 2005. These resulted in a text which gave room for different applications at national level and which did not guarantee a sufficient level of harmonisation.

Data protection and privacy in electronic communications are also governed by the E-privacy Directive, which dates back to 2002, although it was slightly revised in 2009.

Subscribe to our newsletters