EU passenger-data deal with US

This item appears on page 67 of the June 2012 issue.

In April, the European Union Parliament ratified an agreement with the United States on the sharing of EU Passenger Name Record (PNR) information with US authorities.

PNR info includes the full name, birth date, passport number and credit card info for each passenger flying into the US. The US Department of Homeland Security requires this data to be collected by airlines at the time a ticket is sold and uses it to screen incoming visitors for security risks.

Replacing a 2007 agreement, the new agreement 1) limits the use of PNR data to “the prevention, detection, investigation and prosecution of terrorism and serious transnational crime (i.e., drug or human trafficking)”; 2) shortens data retention from 15 to 10 years; 3) strips personal ID info from the data after six months; 4) prevents data from being used in “automated decisions” and requires a review by a person before action is taken; 5) gives EU citizens the right to review their PNRs, request changes and challenge it in court; 6) establishes joint oversight with regular reviews; 7) requires that onward transfers of the PNR data to third countries take place only if the third country provides equal levels of protection, and 8) requires the US to notify EU states if PNR data is forwarded by the US to a third country.