Legislative Observatory
European Parliament
Please fill in this field to find a procedure

EU/Australia agreement: processing and transfer of passenger name record (PNR) data by air carriers to the Australian Customs and Border Protection Service

2011/0126(NLE)

Opinion of the European Data Protection Supervisor on the proposal for a Council decision on the conclusion of an Agreement between the European Union and Australia on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the Australian Customs and Border Protection Service.

The EDPS notes that he has already been consulted informally in the course of May 2011on this proposal. Considering that his comments remain valid with regard to the substance of the proposal, the EDPS has decided to make his observations more widely available in the form of a public opinion. He uses this occasion to raise some further issues and encourages Council and Parliament to take these views into account.

Necessity and proportionality: the EDPS states that the necessity and proportionality of PNR schemes have to be demonstrated. These two fundamental requirements are essential aspects of data protection law, under Articles 7 and 8 of the Charter of Fundamental Rights and Article 16 of the TFEU. The EU has to ensure that the requirements of EU data protection law are met, also in cases where data of European citizens are processed and transferred from the EU territory to a third country. In such cases, the necessity and proportionality have to be evaluated and established, before any agreement can be signed. In addition to elements supporting the necessity of the PNR scheme, proportionality requires an adequate balance between the purpose followed and the processing of massive amounts of data resulting in a serious intrusion in the private life of individuals.

As far as PNR schemes are concerned, the purpose is to fight terrorism and serious (transnational) crimes, using the collection of massive amounts of data relating to all passengers, in order to perform risk assessment on these passengers. Up to now, the EDPS has not seen any convincing elements in the justifications presented for existing PNR schemes or for those being envisaged, such as the EU PNR scheme which he analysed in detail in his opinion of March 2011. 

Besides, even if necessity were established, the EDPS emphasises that the proportionality test still needs to be met. He questions the balance between the processing of personal data on a large scale and the purpose followed, especially in view of the variety of crimes included in the scope of application of the draft agreement. He takes into account that for the fight of terrorism and serious crime other effective instruments are available.

His remaining comments are without prejudice to this preliminary and fundamental observation. Whilst welcoming the safeguards provided in the proposal, particularly with regard to data security aspects, supervision and enforcement provisions, the EDPS has also identified a significant margin for improvement, especially with regard to the following:

Scope: the EDPS welcomes the exclusion of the processing of sensitive data from the scope of application, but notes that sensitive data may be ‘processed’. The agreement provides that these data may be sent in a first stage by the airlines, and then deleted by public authorities in a second stage. The sending by the airlines is an act of processing. The EDPS considers that airlines should be obliged to filter out sensitive data at the source of the processing.

Definitions: the EDPS regrets that the present definitions are wider than the definitions of the proposal for a directive on EU-PNR, which itself should still have been further narrowed down, especially with regard to minor offences.

While in the EU-PNR proposal definitions take into account the consequences of activities defined as ‘terrorist’, such as concrete damages to persons or governments (death, attacks upon the physical integrity, destruction to a transport system, an infrastructure facility, etc.), the proposal is less specific and more purpose-oriented when it refers to intimidating persons, governments, or seriously destabilising fundamental political or economic structures. The EDPS considers that more precision is needed in relation to the notions of ‘intimidating, compelling and coercing’, as well as the ‘fundamental political, constitutional, economic, or (especially) social structures of a country or an international organisation’. This would prevent the application of the PNR scheme in cases which it should in any event not target, such as legitimate activities (for instance peaceful demonstrations) in a social, cultural or political context

Inclusion of some exceptional purposes: the possibility of processing data in other exceptional cases raises additional questions, especially as it extends to ‘threat to health’. The EDPS considers that such an extension of purpose is disproportionate, especially as alternative and more specific procedures can be available to deal with important threats to health where needed on a case-by- case basis. Besides, PNR data is not the most appropriate tool to identify passengers: more reliable data do exist, in particular API data.

Retention period for PNR data: the EDPS considers the length of the data retention period as one of the major difficulties in the proposal. A period of retention of five and a half years, including three years without any masking of data, is clearly disproportionate, especially if this retention period is compared with the previous Australian PNR scheme, which did not provide for the storage of data except on a case-by-case basis. Extensive justification should be given to explain why such a long period of retention, which was not deemed necessary in the first Australian PNR scheme, is now needed.The EDPS considers that the complete (i.e. irreversible) anonymisation of all data should take place, if not immediately after analysis, after 30 days as a maximum.

Legal basis: the legal basis for the agreement should be reconsidered. Against the background of settled case law, and apart from Article 218(6)(a), the EDPS believes that the agreement should — in any case primarily — be based on Article 16 of the TFEU and not on Article 82(1)(d) and Article 87(2)(a) of the TFEU. This is completely in line with Declaration 21 to the Lisbon Treaty.

These observations should be read in the wider context of the legitimacy of any PNR scheme, seen as the systematic collection of passenger's data for risk assessment purposes. Only if the scheme respects the fundamental requirements of necessity and proportionality under Articles 7 and 8 of the Charter of Fundamental Rights and Article 16 of the TFEU, could a proposal satisfy the other requirements of the data protection framework.

The EDPS therefore also concludes that more attention should be given to these fundamental requirements in the final evaluations that will precede the conclusion of the agreement.