EU Chief Says Mass Data Collection Will Not Prevent Terrorism

The Council in June agreed on an approach to the General Data Protection Regulation (GDPR) that establishes rules adapted to the digital era. The twin aims of this regulation are to enhance the level of personal data protection for individuals and to increase business opportunities in the Digital Single Market.

The GDPR will cover the controversial EU rules on the mass collection of Passenger Name Record (PNR) data of every person flying to or from the EU, and its use by member states and the pan-EU police organization Europol, to fight terrorism and serious transnational crime.

However, Buttarelli has issued his own cool response to the GDPR proposals saying: "The GPDR is not the reform of my dreams but I firmly support the institutions in the last mile to achieve the best possible outcome: improvements are still feasible."

Writing in a recent blog he warned:

"There is little evidence that mass surveillance prevents terrorist attacks and that giving up privacy results in greater security. Indeed, greater security does not require the loss of privacy."

"It is time that nations move beyond the false fad of discussing security vs privacy and focus on implementing laws that take into account privacy rights as well as the indisputable need to fight terrorism," he said.

Mass Collection of Air Travel Data

PNR data is information provided by passengers and collected by air carriers during reservation and check-in procedures. It includes 19 different types of information, including travel dates, travel itinerary, ticket information, contact details, baggage information and payment information. 

However, many MEPs believe the mass collection of such data flies in the face of last year's European Court of Human Rights ruling that it was disproportionate for states to collect and retain vast quantities of data from all citizens. It overturned the EU data retention directive as a result.

Buttarelli believes that the proposed new rules will potentially affect all individuals in the EU. They will impact all organizations within the EU who process personal data as well as organizations outside the EU who process the personal data of individuals within the EU.    

"As a result, the rest of the world is watching closely. The EDPS encourages the co-legislators to retain the individual and human dignity at the heart of the final agreed text: natural persons must be protected not only because they are users, subscribers or consumers.

"We should not allow technology to dictate or diminish our rights and freedoms."