Member of the EU Civil Liberties, Justice and Home Affairs Committee Thursday voted through an EU directive regulating the use of Passenger Name Record (PNR) data "for the prevention, detection, investigation and prosecution of terrorist offences and serious crime" by 38 votes to 19, with 2 abstentions.
The controversial mass data collection has brought criticism from civil rights groups who say the mass collection of data is a breach of the right to privacy and will not, in any case stop terrorism. The PNR data handed over by the airlines will be retained for five years. For the first six months, the data will be "unmasked" to include personal identifying information, after which the data will then have to be "masked out" for the remaining four and a half years.
In a statement released to Sputnik, the European Data Protection Supervisor (EDPS) Giovanni Bertarelli said:
"An EU PNR scheme program would be the first large-scale and indiscriminate collection of personal data in the history of the Union. Since it is likely to cover at least all flights to and from the EU and may also involve intra EU and/or domestic flights, millions of non-suspect passengers would potentially be affected by the EU PNR proposal."
The EU PNR directive would oblige airlines to hand EU countries their passengers' data in order to help the authorities to fight terrorism and serious crime.
It contains several different types of information, such as travel dates, travel itinerary, ticket information, contact details, travel agent through which the flight was booked, means of payment used, seat number and baggage information. The data is stored in the airlines' reservation and departure control databases.
"We cannot wait any longer to put this system in place […] The choice is not between an EU PNR system and no EU PNR system; it is between an EU PNR system and 28 national PNR systems that will have vastly differing, or absent, standards for protecting passenger data," said Parliament's Civil Liberties Committee lead negotiator on the EU PNR proposal, Timothy Kirkhope.
However, Buttarelli's statement said:
"The EDPS urges caution before such a scheme is agreed and recalls that the Court of Justice of the European Union defined a high threshold for the untargeted and indiscriminate collection of data in its decision on the Digital Rights Ireland case, which invalidated the data retention Directive."
Delighted that my PNR deal received the support of the EP Justice Cttee (38-19). We can now offer greater security pic.twitter.com/OeEtN7g3md— Timothy Kirkhope MEP (@TimKirkhopeMEP) December 10, 2015
He was referring to Max Schrems, the Austrian anti-Facebook campaigner who won a landmark decision before the court, which struck down the Safe Harbor data transfer arrangement that allowed the personal information of Europeans to go to the United States without adequate legal protections.
"In our capacity as an independent adviser to the institutions, the EDPS is duty bound to point out the serious impact of EU PNR on the rights to privacy and data protection, as we have already done in our opinions on EU PNR. Our freedoms cannot be protected by undermining the right to privacy," the EDPS statement said.