EU PNR: every air passenger as a potential suspect

Today is a historic day for better and for worse: on the one hand, the European Parliament took an important privacy step forward today with the adoption of the General Data Protection Regulation. On the other hand, the European Parliament today approved massive storage of European passenger data. This makes every airline passenger a potential suspect.  

The General Data Protection Regulation will replace national privacy laws in all EU member states (including the Dutch Personal Data Protection Act) and broadly for better privacy protection across the European Union. For example, Privacy Impact Assessments and Privacy by design mandatory; two key issues that Privacy First has been advocating for years. Fundamental privacy principles such as necessity, proportionality and subsidiarity (mandatory use of privacy-friendly alternatives) will be more strongly enshrined and better elaborated. It is therefore surprising that today, at the same time, the European Parliament also adopted another measure that actually tramples on these principles: the European Passenger Information Directive ('Passenger Name Records', PNR) on all air passengers within and outside the European Union. Under this PNR directive, the data of all European air passengers will be retained in central government databases for 5 years for investigation and prosecution of serious crimes, counter-terrorism, intelligence work, etc. Countless travel data (including name and address details, phone numbers, destinations, credit card details and even meal details) of many millions of people will therefore remain available to police, judicial and intelligence services for years to come for the benefit of. data mining and profiling. However, in 99.99% of cases, this concerns completely innocent citizens, including mostly holidaymakers and business travellers. This constitutes a flagrant violation of their right to privacy and freedom of movement. For this reason, there was a lot of political opposition to this plan in recent years and it was since 2010 already several times rejected by both the Dutch House of Representatives and the European Parliament. Last year, the Dutch governing parties VVD and PvdA also appeared to be vehemently against. At the time, VVD and PvdA spoke of a "holiday register" and threatened to go to the European Court of Justice themselves if the European PNR Directive was adopted. However, after the recent attacks in Paris and Brussels, many political objections seem to have vanished like snow in the sun. This while the legally required "social necessity" and proportionality of mass PNR storage have still not been demonstrated. In Privacy First's view, this makes the current PNR directive a priori illegitimate. Therefore, Privacy First is currently considering legal action to get this directive taken off the table, either through national courts or by direct appeal to the European Court of Justice in Luxembourg. Privacy First will also continue to argue for a more privacy-friendly PNR system, where only suspicious persons are registered and monitored and the majority of travellers will be left alone.

Click HERE for an earlier interview with Privacy First on this topic at BNR Nieuwsradio and HERE for earlier comments by Privacy First on Radio 1 (from 3m50s).

Update: click HERE For a brief response from Privacy First last night on the RTL News (from 6m50s), later that evening repeated by Radio 1 (from 2m15s).

© RTL News