Protection of personal data contained in the passenger name records (PNRs) transferred to the US Bureau of Customs and Border Protection

The committee adopted the resolution drawn up by Johanna BOOGERD-QUAAK (ELDR, NL) on the draft Commission decision noting the adequate level of protection provided for personal data contained in the Passenger Name Records (PNR) transferred to the United States. MEPs objected to the following points in the draft agreement which the Commission had worked out with the US on the obligations for European air carriers: the number of PNR items the US wants to obtain (34); the purposes for which the data might be used (not only for fighting terrorism, but also for fighting "serious crime"); the lack of redress mechanisms for people who are denied entry to the US on the basis of the information in the PNR records; the lack of opportunities for passengers to correct errors in their personal data; the fact that a "pull" instead of a "push" system is used to obtain the data, meaning that the US does not have to ask for the data but has immediate access to it; and the number and kind of agencies that have access to the personal data. The report pointed out that there was no specific EU legislation for using PNR data for public security purposes and that, in the USA, the protection of privacy was not regarded as a fundamental right (in the USA, only US citizens are granted the right to data protection). Commenting on the draft Commission decision, MEPs said that the "undertakings" on which it was based were unreliable in substantive terms, since the option was kept open of amending the rules at any given time. In view of the importance of this issue, they urged the Commission to reach a proper international agreement with the US that would offer genuine guarantees for passengers or, at the very least, the same protection as provided for US citizens. They recommended that such an agreement should stipulate: the guarantees to be offered to passengers in order to enable them to correct their data; the list of serious crimes for which an additional request for information could be made; the list of authorities and agencies which would share the data and the data protection conditions to be respected; the data retention period; and the right to appeal to an independent authority and redress mechanisms in the event of infringements of passengers' rights. Pending a permanent legislative solution or the conclusion of an international agreement, the committee called upon the Member States to require immediate compliance with EU and domestic privacy laws and to require airlines and travel agencies to obtain passengers' consent for the transfer of data. Furthermore, MEPs urged the Commission to block the 'pull' system and to apply the 'push' system. The Commission was also asked to withdraw the draft decision and to submit to Parliament a new adequacy-finding decision. MEPs warned the Commission that they reserved the right to appeal to the Court of Justice should the Commission continue without taking account of Parliament's demands. �