In response to recent terrorist incidents, the European Union is considering a system to collect and analyze passenger data for people traveling within and to the EU. Under the proposal, airlines would be required to submit Passenger Name Record (PNR) data to national authorities for flights that originate from or arrive from non-EU countries.
“We have adopted an important new tool for fighting terrorists and traffickers,” said Timothy Kirkhope, Member of the European Parliament. “By collecting, sharing and analyzing Passenger Name Record information our intelligence agencies can detect patterns of suspicious behavior to be followed up. PNR is not a silver bullet, but countries that have national PNR systems have shown time and again that it is highly effective.”
Once airlines provide the data, national authorities would retain the information for up to five years. After the first six months, sensitive personal identifiers such as names, addresses and contact details would be masked to limit access. The regulation explicitly prohibits processing information about race, political opinions, religion, health or sexual orientation. Authorities would only use and share PNR data when necessary and strictly for preventing, detecting, investigating or prosecuting terrorist offenses and serious crime.
At present, the proposal applies only to flights involving non-EU countries, but it could be expanded in the future to cover intra-EU flights as well. The scope may also broaden to include travel agencies and tour operators as sources of passenger data in addition to airlines.
The regulation still requires further approvals before it is implemented, although it has already received support from the European Parliament.