New directive on the use of Passenger Name Record (PNR)
The new directive regulates the use of Passenger Name Record (PNR) data in the EU. Its main objective: the prevention, detection, investigation and prosecution of terrorist offences and serious crime.
The directive obliges airlines to hand national authorities passengers' data for all flights from third countries to the EU and vice versa.
Today, the directive has been published in the European Official Journal and is now entering into force. Member states now have two years in which to transpose its provisions into their national laws.
Main points of the PNR Directive:
- Flights from 3rd countries arriving or leaving a Member State, including transits, must submit PNR data to the PIU (Passenger Information Unit). The PIU will analyse the data and, where relevant, inform the authority in the specific Member State.
- Both the PIU and the national authorities would be overseen by an independent, objective body of authority.
- PNR data transferred would be retained in the national PIU for an initial period of 6 months, after which all data elements which could serve to identify a passenger will be masked out.
- The masked out data will be stored for a maximum of 5 years.
- The collection and use of sensitive data revealing a person’s race or ethnic origin, religious or philosophical beliefs, political opinion, trade union membership, health or sexual activity will be prohibited.
As a reminder, the proposal was approved by 461 votes to 179, with 9 abstentions in the European Parliament on the 14 April. On the 21 May, it was formally approved by the Council.
For additional information, please visit the Council website as well as the European Parliament website. Here attached you will find the directive in English. Other languages versions are available here.