FRAMINGHAM 2 FEBRUARY 2011 - If the European Commission has its way, all air travelers regardless of nationality will have to give their personal details to national authorities when they fly in or out of the European Union.
The commission presented its proposals on Wednesday for a European Union-wide Passenger Name Record (PNR) Directive to fight serious crime and terrorism. Under the proposal, passengers flying to and from destinations in the E.U. would have their data, including home address, mobile phone number, credit card information and e-mail address, checked and stored by national police.
This PNR data is already collected by airlines as a byproduct of their business, and there are agreements to share this data among the E.U. and the U.S., Canada and Australia. However, the commission’s proposal will greatly widen the scope and increase the amount of data collected.
The commission said that such a measure was needed in order to crack down on terrorism.
“While terrorism decreased in the EU during 2009, according to Europol’s E.U. Terrorism Situation and Trend Report 2010, the threat of terrorism remains real and serious. Most terrorist activities are transnational in character and involve international travel,” according to a commission statement. However, concerns have already been raised about a possible expansion of the stated goals of the initiative, since the new directive would include ‘serious crimes’ as justification for accessing stored data.
This is the first step in what will be a long battle for such a directive. The proposal must be approved by member states and the broadly pro-civil liberties European Parliament. Already some parliamentarians have questioned the need for a new system.
"We are skeptical about the absolute necessity of a European system of flight data storage," said German member of the European Parliament, Manfred Weber. "So far, the U.S. and other countries using the PNR system have failed to convince us about its necessity.”
The commission promises strong protection of privacy, with personal information stored nationally for only 30 days after passengers' flights. However, given recent breaches of other E.U. data systems such as E.U. emission trading records, concerns have been raised regarding security. National police will not have direct access to the airlines’ databases, but the air carriers concerned are obliged to send the data to them.
After 30 days, law enforcement authorities must make the data anonymous and can then retain it for no more than five years. The information, however, could be "re-personalized" on a case-by-case basis if there are suspicions of a serious crime or terrorist offense.
Sign up for Computerworld eNewsletters.