Explanatory Memorandum to COM(2011)807 - Conclusion of the Agreement with the USA on the use and transfer of Passenger Name Records to the US Department of Homeland Security

Please note

This page contains a limited version of this dossier in the EU Monitor.

dossier COM(2011)807 - Conclusion of the Agreement with the USA on the use and transfer of Passenger Name Records to the US Department of Homeland ...
source COM(2011)807 EN
date 23-11-2011
U.S. legislation empowers the Department of Homeland Security (DHS) to require each air carrier operating passenger flights to and from the U.S., to provide it with electronic access to Passenger Name Record (PNR) data prior to the passenger arriving or leaving the U.S. The requirements of the U.S. authorities are based on title 49, United States Code, section 44909c (3) and its implementing regulations (title 19, Code of federal regulations, section 122.49b).

This legislation aims at obtaining PNR data electronically in advance of a flight's arrival and therefore significantly enhances DHS ability to conduct efficient and effective advance risk assessment of passengers and to facilitate bona fide travel, thereby enhancing the security of the U.S. The Agreement will also foster international police and judicial cooperation through the transfer of analytical information flowing from PNR data by the U.S. to the competent Member States authorities as well as Europol and Eurojust within their respective competences.

PNR is a record of each passenger's travel requirements which contains all information necessary to enable reservations to be processed and controlled by air carriers.

Air carriers are under an obligation to provide the DHS with access to certain PNR data contained in the air carrier's automated reservation and departure control systems.

The data protection laws of the EU do not allow European and other carriers operating flights from the EU to transmit the PNR data of their passengers to third countries which do not ensure an adequate level of protection of personal data without adducing appropriate safeguards. A solution is required that will provide the legal basis for the transfer of PNR data from the EU to the U.S. as a recognition of the necessity and importance of the use of PNR data in the fight against terrorism and other serious transnational crime, whilst avoiding legal uncertainty for air carriers. In addition, this solution should be applied homogenously throughout the European Union in order to ensure a legal certainty for air carriers and respect of individuals' rights to the protection of personal data as well as their physical security.

The European Union signed an agreement in 2007 with the United States on the transfer and processing of PNR data based on a set of commitments by DHS in relation to the application of its PNR programme[1].

Following the entry into force of the Lisbon Treaty and pending the conclusion of the agreement, the Council sent the 2007 U.S. Agreement to the European Parliament for its consent for the conclusion. The European Parliament adopted a resolution[2] in which it decided to postpone its vote on the requested consent and requesting a renegotiation of the Agreement on the basis of certain criteria. Pending such renegotiation, the 2007 Agreement would remain provisionally applicable.

On 21 September 2010, the Council received a recommendation from the Commission to authorise the opening of negotiations for an Agreement between the European Union and the United States of America for the use and transfer of Passenger Name Record (PNR) data to prevent and combat terrorism and other serious transnational crime.

On 11 November 2010, the European Parliament adopted a resolution on the Recommendation from the Commission to the Council to authorise the opening of the negotiations.

On 2 December 2010, the Council adopted a Decision, together with a negotiation directive, authorising the Commission to open negotiations on behalf of the European Union. Following negotiations between the parties, the Agreement was initialled on 17 November 2011.

This Agreement takes into consideration and is consistent with the general criteria laid down in the Communication from the Commission on the Global Approach to the transfer of Passenger Name Record (PNR) data to third countries[3] and the negotiating directives given by the Council.

PNR has proven to be a very important tool in the fight against terrorism and serious crime. The Agreement has secured several important safeguards for those whose data will be transferred and used. In particular, the purpose of processing of PNR data is strictly limited to preventing, detecting, investigating and prosecuting terrorist offences and serious transnational crime. The retention period of the PNR data is limited and PNR will be used for a shorter period in the fight against serious transnational crime and a longer one for terrorism. In addition, the data will be depersonalised after aperiod of 6 months. Individuals are provided with the right to access, correction, redress and information. The push method of transfer is recognised as the standard mode of transfer, with which all carriers will need to comply within 2 years of the Agreement. Sensitive data is to be used in very exceptional cases and deleted after a very short timeframe. Compliance with these rules shall be subject to independent review and oversight by various Department Privacy Officers, as well as by the DHS Office of Inspector General, the Government Accountability Office and the U.S. Congress.

The Article 218(6)(a) of the Treaty on the Functioning of the European Union states that the Council shall authorise the conclusion of international agreements.

The Commission therefore proposes to the Council to adopt a decision approving the conclusion of the Agreement between the European Union and the United States of America on the use and transfer of Passenger Name Record data to the United States Department of Homeland Security.