The European Parliament held its first debate, on 4 March in the Committee on Civil Liberties Committee (LIBE) in Brussels, on the EU-US and EU-Australia agreements giving the two partner countries access to airline passenger data (passenger name records, PNR) as part of the counter-terrorism drive. Yet barely a month after the explosive SWIFT issue, MEPs are already placing another sword of Damocles over the European Commission’s head: they decided to postpone their vote of assent (mandatory for international agreements due to the entry into force of the Lisbon Treaty) until the EU executive proposes a common model for PNR data exchange with third countries.

The next airing of views on the issue – the plenary of 18-21 April in Strasbourg - promises to be heated. The EP will be outlining its requirements for a PNR data model. In fact, back in 2008, MEPs had listed “minimal conditions” in a resolution, namely: legal limits, a solid legal basis, data protection standards and a limited retention period. In addition, “the Commission must keep Parliament fully informed and I hope that the information we have been requesting since 2003 will be submitted to us,” declared rapporteur Sophie In’t Veld (ALDE, Netherlands), who championed the protection of personal data. She asked the EU executive to have a package ready “towards the end of autumn”. All the political groups in the LIBE committee, including the EPP Conservatives, support her initiative, said an EP spokesman.

On the Council and Commission side, priority will doubtless be to avoid a further snub after the rejection – by a large majority of the EP – of the transatlantic counter-terrorism agreement on US access to European financial data (SWIFT agreement, named after the Belgian company that provided the data until then). In spite of the security arguments used by the Americans, the Council and the Commission, the EP found the agreement insufficient in terms of data protection and rejected it in mid-February. During the LIBE committee debate, the Council representative said it would be for the Commission to draw up a proposal. The executive replied: “We are drafting a communication on what could be a standard model for PNR with third countries”. The Commission nevertheless voiced doubts about the rapporteur’s projected timing.

Turning down the PNR will be complicated for the EP, however. “The consequences will be much more serious,” said In’t Veld. For SWIFT, the EP argued that the transfer of banking data could continue under the 2003 agreement on mutual legal assistance, which entered into force on 1 February (it is a more restrictive system because data must be related to a specific investigation and not transmitted en masse, as under SWIFT, noted the EP). However, for PNR, rejection would completely halt the flow of data. The MEP added: “The transmission of PNR data is one of the conditions the United States imposed [on European countries] in exchange for a derogation from the visa scheme” via the system of abolition of visas for most member states.

WHAT DATA?

Apart from the United States, there are agreements with Australia and Canada. However, the agreement with Ottawa has already been concluded, unlike those with Washington and Canberra – signed in 2007 – conclusion of which therefore depends on the EP. For MEPs, the idea is to define at European level the data to be shared or not with third countries and the conditions for doing so.

Airlines collect 19 different elements of information during passenger registration, such as the travel itinerary, place of purchase of the ticket, seat number and payment data. Today, most PNR data can be obtained by the Border Protection and Customs Bureau, an agency of the US Homeland Security Department, said the US Mission in Brussels. MEPs are, of course, expected to demand a stricter model. “An agreement with the United States and Australia is one thing, but other countries are another matter,” said Maltese Conservative Simon Busuttil. He added: “I can entrust my data to the USA but with some others it would be difficult”. He asked what safeguard clauses could be included “to ensure we are not exposed, rather than protecting citizens’ security”. German MEP Axel Voss urged that PNR “be used to bring security to our citizens but we must also ensure their privacy is as well protected as possible”. Dutch Socialist Emin Bozkurt wants to have an idea as soon as possible of the measure the EU might take.

Jan-Philipp Albrecht (Greens-EFA, Germany) warned the Council: “If you act as if there had been no SWIFT, this would not be proper cooperation. But I am glad to see the Commission is negotiating a shift of position and I hope the Council will move in the same direction”. Portuguese radical left member Rui Tavares called for data to be collected “in a limited way and be kept for as short a time as possible”.

These PNR agreements have sparked criticisms in the EP from the start, since the data were originally collected for business purposes by the airlines. The agreement with the United States, signed in 2007, lays down the conditions under which the US Homeland Security Department can collect, process and transmit the data. It replaces the 2004 agreement, which was annulled by the EU Court of Justice, in May 2006, following a complaint by MEPs.

The rapporteur wants a common data model for all PNR agreements “toward the end of autumn”