EU-USA PNR: European Data Protection Supervisor (EDPS): EDPS issues an opinion on the new EU-US Passenger Name Record agreement

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

EU-USA PNR: European Data Protection Supervisor (EDPS): Opinion (pdf): The EDPS comments:

""Any legitimate agreement providing for the massive transfer of passengers' personal data to third countries must fulfil strict conditions. Unfortunately, many concerns expressed by the EDPS and the national data protection authorities of the Member States have not been met. The same applies to the conditions required by the European Parliament to provide its consent."

"- the 15-year retention period is excessive: data should be deleted immediately after its analysis or after a maximum of 6 months;
- the purpose limitation is too broad: PNR data should only be used to combat terrorism or a well defined list of transnational serious crimes;
- the list of data to be transferred to the DHS is disproportionate and contains too many open fields: it should be narrowed and exclude sensitive data;
- there are exceptions to the "push" method: these should be removed, the US authorities should not be able to access the data directly ("pull" method);
- there are limits to the exercise of data subjects' rights: every citizen should have a right to effective judicial redress;
- the DHS should not transfer the data to other US authorities or third countries unless they guarantee an equivalent level of protection."


See Statewatch's: Observatory on the exchange of data on passengers (PNR) with USA

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.

 

Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error