Legislative Observatory
European Parliament
Please fill in this field to find a procedure

EU/Australia agreement: processing and transfer of passenger name record (PNR) data by air carriers to the Australian Customs and Border Protection Service

2011/0126(NLE)

PURPOSE: to conclude an Agreement between the European Union and Australia on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the Australian Customs and Border Protection Service.

NON-LEGISLATIVE ACT: Council Decision 2012/381/EU on the conclusion of the Agreement between the European Union and Australia on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the Australian Customs and Border Protection Service.

BACKGROUND: Australian legislation empowers the Australian Customs Service to require each air carrier operating passenger flight to and from Australia to provide it with electronic access to Passenger Name Record (PNR) data prior to the passenger arriving or leaving Australia.  The requirements of the Australian authorities are based on the Customs Act 1901, the Customs Administration Act 1985, the Migration Act 1958, the Crimes Act 1914, the Privacy Act 1988 and the Freedom of Information Act 1982. This legislation aims at obtaining PNR data electronically in advance of a flight's arrival and therefore significantly enhances the Australian Customs Service's ability to conduct efficient and effective advance risk assessment of passenger and to facilitate bona fide travel, thereby enhancing the security of Australia. 

The European Union in cooperating with Australia in the fight against terrorism and other serious transnational crime views the transfer of data to Australia as fostering international police and judicial cooperation which will be achieved though the transfer of analytical information flowing from PNR data by Australia to the competent Member States authorities as well as Europol and Eurojust within their respective competences.

The European Union signed an agreement in 2008 with Australia on the transfer and processing of PNR data based on a set of commitments by the Australian Customs Service in relation to the application of its PNR programme.

Following the entry into force of the Lisbon Treaty and pending the conclusion of the agreement, the Council sent the 2008 Australia Agreement to the European Parliament for its consent for the conclusion. The European Parliament adopted a resolution in which it decided to postpone its vote on the requested consent and requesting a renegotiation of the Agreement on the basis of certain criteria (see RSP/2010/2657). Pending such renegotiation, the 2008 Agreement would remain provisionally applicable. 

On 23 September 2010, the Council received three recommendations from the Commission to authorise the opening of negotiations for an Agreement between the European Union and Australia for the transfer and use of Passenger Name Record (PNR) data to prevent and combat terrorism and other serious transnational crime.

On 2 December 2010, the Council adopted a Decision authorising the Commission to open negotiations on behalf of the Union with Australia for the transfer and use of Passenger Name Record (PNR) data to prevent and combat terrorism and other serious transnational crime.

In accordance with Council Decision 2012/380/EU, the Agreement between the European Union and Australia on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the Australian Customs and Border Protection Service has been signed, subject to its conclusion at a later date.

It is now necessary to conclude this Agreement on behalf of the European Union.

CONTENT: under this Decision, the Agreement between the European Union and Australia on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the Australian Customs and Border Protection Service is hereby approved on behalf of the Union.

PNR and basic principles of the Agreement: to recall, PNR is a record of each passenger' travel requirements which contains all information necessary to enable reservations to be processed and controlled by air carriers. Air carriers are under an obligation to provide the Australian Customs Service with access to certain PNR data to the extent it is collected and contained in the air carrier's automated reservation and departure control systems. However, the data protection laws of the EU do not allow European and other carriers operating flight from the EU to transmit the PNR data of their passengers to third  countries which do not ensure an adequate level of protection of personal data  without adducing appropriate safeguards. Accordingly, a solution is required that will provide the legal basis for the transfer of PNR data from the EU to Australia as a recognition of the necessity and importance of the use of PNR data in the fight against terrorism and other serious transnational crime, whilst avoiding legal uncertainty for air carriers. In addition, this solution should be applied homogenously throughout the European Union in order to ensure a legal certainty for air carriers and respect of individuals' rights to the protection of personal data as well as their physical security.

Safeguards: the Agreement has secured several important safeguards for those whose data will be transferred and processed. In particular, the purpose of processing of PNR data is strictly limited to preventing, detecting, investigating and prosecuting terrorist offences and serious transnational crime. Individuals are provided with the right to access, correction, redress and information. The data will be transferred using exclusively the 'push' method and the use of sensitive data is prohibited.

Retention period: the retention period of the PNR data is limited and the data will be depersonalised after a certain period.

Compliance: compliance with these rules shall be subject to independent oversight by the Australian Information Commissioner

Fundamental rights: the Agreement respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union, notably the right to private and family life, the right to the protection of personal data, and the right to effective remedy and fair trial.

Territorial provisions: the United Kingdom and Ireland take part in the adoption of the Decision. Denmark is not taking part in the adoption of this Decision and is not bound by the Agreement or subject to its application.

ENTRY INTO FORCE: the Decision shall enter into force on 15.07.2012. The Agreement shall enter into force on 01.06.2012.