Furthermore, airlines should provide to all of EU Member States information about passengers who arrive at or depart from the EU territory i.e. approximately 25% of the EU flights. The Member States can retain and analyse the information to prevent and combat terrorism and other transnational crimes. The information may be kept for 7-years from the date of collection in an active database following which the data will be moved to an inactive status for 8-years, to be accessed only in exceptional circumstances. However, in the event of a serious crime investigation the personal data may be accessed up to 15 years.
The provisions of the Directive do not justify the necessity to collect the advance passenger information - the data that are irrelevant for the travelling - and it allows sharing the information not only with relevant authorities within the EU but also with third parties outside the zone. Also, the time of storage is unnecessarily long while storage protection is not secured as the passengers’ rights and their remedies have not been specified. Under the proposal, EU Members States would be required to establish a body in charge of the data storage and procession. However, they are left with a quite a high degree of deliberation and is unclear what steps they are responsible to take to prevent the information leakage.
Combat and prevention of terrorism and other transnational crime should undoubtedly remain on the agenda of every State. However, the current version of the Passenger Name Record agreement is an aggressive intrusion into private life leading to obnoxious practices of profiting. It should not be given the green light until security arrangements and measures are specifically defined.
Geiger is managing partner of Alber & Geiger, a leading EU government relations law firm in Brussels.