Proposal for a Council Framework Decision on the use of Passenger Name Record (PNR) for law enforcement purposes - Hoofdinhoud

Inhoudsopgave van deze pagina:

Delen

1. Tekst
2. Originele weergave

3. Meer informatie

• 1. 

  Articles 1 through 4 of the above Commission proposal were discussed at meeting of the Multidisciplinary group of 4 February 2008 and at the meeting of the Friends of the

Presidency of 25 February 2008.

• 2. 

  The following delegations entered a general scrutiny reservation on the proposal: DELETED. In addition, a number of delegations also entered a parliamentary scrutiny reservation: AT,

DK, EE, FR, HU, IE, LT, MT, NL, PL, PT, SE and UK. DELETED welcomed that the

Commission had tabled a proposal on the use of PNR data, as requested by the Council.

DELETED however pointed out that specific provisions of the Draft Framework decision

still needed a thorough examination in order to ensure that it would be compatible with all

data protection and constitutional requirements.

• 3. 

  The Presidency has redrafted Articles 1-4 in order to accommodate as much as possible as possible the comments made by delegations. Article 5(1) has also been redrafted in order to

take account of the comments made with regard to Article 2(b). Many points obviously

require further reflection and discussion.

________________________

ANNEX

Proposal for a

COUNCIL FRAMEWORK DECISION

on the use of Passenger Name Record (PNR) for law enforcement purposes

THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on European Union, and in particular Article 29, Article 30(1)(b) and

Article 34(2)(b) thereof,

1

Having regard to the proposal from the Commission , 2

Having regard to the opinion of the European Parliament , Whereas,

3

(1) The European Council adopted the Declaration on combating terrorism on 25 March 2004 inviting the Commission to bring forward, inter alia a proposal for a common EU approach

to the use of passengers data for law enforcement purposes.

(2) The Commission has been further called upon to bring forward a proposal for the use of 4 5

PNR in the Hague Programme and at the extraordinary Council meeting of 13 July 2005 .

1

OJ

2 OJ 3

Bulletin of the EU 3-2004. 4

The Hague Programme ­ Strengthening Freedom, Security and Justice in the European Union, paragraph 2.2 Terrorism. 5

Council Declaration on the EU response to the London bombings ­ point 6.

(3) It is one of the objectives of the European Union to offer a high level of security and protection within an area of freedom, security and justice; this requires that the prevention of

and fight against terrorist offences and organised crime, be carried out in an adequate

manner. The definitions of terrorist offences and organised crime are taken from Articles 1

1

to 4 of the Council Framework Decision 2002/475/JHA on combating terrorism and Article 2

2 of the Council Framework Decision (xx/xx) on the fight against organised crime respectively.

(4) The Council adopted Directive 2004/82/EC of 29 April 2004 on the obligation of air carriers 3

to communicate passenger data which aims at improving border controls and combating illegal immigration by the transmission of advance passenger data by air carriers to the

competent national authorities.

(5) Because of the information they contain, PNR data are appropriate to effectively prevent, 4

detect, investigate and prosecute terrorist offences and organised crime and thus to enhance internal security; the obligations imposed on air carriers by virtue of this Framework

Decision should be separate from those established by Directive 2004/82/EC.

(6) Air carriers already collect PNR data from their passengers for their own commercial purposes. This Framework Decision does not impose any obligation on air carriers to collect

any additional information from passengers or to retain any data or any obligation on

passengers to provide any data in addition to that already provided to air carriers on a

voluntary basis.

(7) To prevent, detect, investigate and prosecute terrorist offences and organised crime, it is essential that all Member States introduce provisions laying down obligations on air carriers

operating flights to or from the territory of one or more Member States of the European

Union; intra-EU flights should not be covered by this Framework Decision, except those

segments connecting two EU-airports which are part of an international flight.

1 OJ L 164, 22.6.2002, p. 3. 2

OJ 3

OJ L 261, 6.8.2004, p. 24. 4

Throughout the text, the term 'fight' has been replaced by the terms ' detect, investigate and prosecute'.

(8) The availability of PNR data to competent national authorities in accordance with the provisions of this Framework Decision is necessary for the purposes of preventing,

detecting, investigating and prosecuting terrorist offences and organised crime, the

regulation of such availability should be proportionate to the legitimate security goal

pursued.

(9) The retention period of PNR data by competent national authorities should be proportionate to the purposes for which they are sought; namely the prevention of and fight against

terrorist offences and organised crime. Because of the nature of the data and their uses, it is

important that the data are kept for a sufficiently long period as to fulfil the purpose of

developing risk indicators and establishing patterns of travel and behaviour. In order to

avoid a disproportionate use, it is important that after some years, the data is moved to an

inactive database and only accessible under very strict and more limited conditions. At the

same time this ensures that they are available if they are needed in specified exceptional

circumstances. It is also important to permit the extension of the period of retention of the

data where such are used in an ongoing criminal investigation or judicial procedure.

(10) [The Council Framework Decision (xx/xx) on the Protection of Personal Data Processed in 1

the Framework of Police and Judicial Cooperation in Criminal Matters] should be applicable to all the data processed in accordance with this Framework Decision. The rights

of the data subjects in relation to such processing, such as the right to information, the right

of access, the right of rectification, erasure and blocking, as well as the rights to

compensation and judicial remedies should be those provided under that Framework

Decision.

1

This text may have to be revised depending on the outcome of the discussions to be had on the data protection chapter of the Framework Decision.

(11) To ensure the effectiveness of the obligations on air carriers to make PNR data available, dissuasive, effective and proportionate sanctions, including financial penalties, should be

provided for by Member States against those air carriers failing to meet these obligations.

The Member States should take all necessary measures to enable air carriers to fulfil their

obligations under the Framework Decision. In case where there are repeated serious

infringements which might undermine the basic objectives of this Framework Decision,

these sanctions may include measures such as the immobilisation, seizure and confiscation

of the means of transport, or the temporary suspension or withdrawal of the operating

licence. Such sanctions should be imposed only in exceptional cases.

(12) It is necessary that competent national authorities are provided with PNR data which are collected by air carriers.

(13) As a result of the legal and technical differences between national provisions concerning information, including PNR, air carriers will be faced with different requirements regarding

the types of information to be transmitted, as well as the conditions under which this

information needs to be provided to competent national authorities.

(14) These differences may be prejudicial to the effective co-operation between the competent national authorities for the purposes of preventing, detecting, investigating and prosecuting

and fighting terrorist offences and organised crime.

(15) The Commission in its Communication of 16 December 2003 on `Transfer of air PNR data: 1

a global EU-approach" has outlined the core elements of an EU policy in this area; it further provided support to and contributed actively to the work undertaken in the

framework of the multilateral initiative of ICAO which resulted in the development of the

ICAO guidelines on PNR; such guidelines should be taken into account. Measures adopted

solely at national or even Union level, without taking into account international coordination

and cooperation, would have limited effects. The measures adopted by the Union in this

field should therefore be consistent with the work undertaken in international fora.

1

COM(2003) 826, 16.12.2003.

(16) There are two possible methods of data transfer currently available: the 'pull' method, under which the competent authorities from the State requiring the data can reach into ("access")

the air carrier's reservation system and extract ("pull") a copy of the required data and the

'push' method, under which air carriers transmit ("push") the required PNR data to the

authority requesting them. The 'push' method is considered to offer a higher degree of data

protection and should be mandatory for all carriers established in the Union. As regards third

country carriers, "push" should be the preferred method whenever it is technically,

economically and operational possible for third country carriers.

(17) PNR data required by a Member State should be transferred to a single representative unit of the requesting Member State, as to ensure clarity to air carriers.

(18) The contents of any lists of required PNR data to be obtained by the competent national authorities should reflect an appropriate balance between the legitimate requirements of

public authorities to prevent, detect, investigate and prosecute terrorist offences and

organised crime, thereby improving the internal security within the EU and the protection of

fundamental rights of citizens, notably privacy; such list should not contain any personal

data that could reveal racial or ethnic origin, political opinions, religious or philosophical

beliefs, trade-union membership or data concerning health or sex life of the individual

concerned; the PNR data contain details on the passenger's reservation and travel itinerary

which enable competent authorities to identify air passengers representing a risk for internal

security.

(19) In order to enhance the internal security of the European Union as a whole, each Member State should be responsible for assessing the potential threats related to terrorist offences and

organised crime. Guidance for common general criteria for such risk assessment should be

provided for by the Committee established by this Framework Decision.

(20) As a fundamental principle of data protection, it is important to ensure that no decision which produces an adverse legal effect to a person or seriously affects him shall be taken by

the competent authorities of the Member States only by reason of the automated processing

of PNR data or by reason of a person's race or ethnic origin, religious or philosophical

belief, political opinion or sexual orientation.

(21) Member States should share with other Member States the PNR data that they receive as necessary. Transfers of PNR data to third countries and adequacy findings should be

governed by the Council Framework Decision (xx/xx) on the Protection of Personal Data

Processed in the Framework of Police and Judicial Cooperation in Criminal Matters and

should be further subject to additional requirements relating to the purpose of the transfer,

Whenever the Union has concluded international agreements on such transfers, the

provisions of such agreements should be duly taken into account.

(22) Member States should ensure that the transfer of the relevant PNR data from air carriers to the competent national authorities takes place using state of the art technological means to

guarantee, to the maximum extent possible, the security of the data transmitted.

(23) Since the objectives of this Framework Decision cannot be sufficiently achieved by the Member States acting alone, and can therefore, by reason of the scale and effects of the

action, be better achieved at the level of the European Union, the Council may adopt

measures in accordance with the principle of subsidiarity as set out in Article 5 of the EC

Treaty and referred to in Article 2 of the EU Treaty. In accordance with the principle of

proportionality, as set out in Article 5 of the EC Treaty, this Framework Decision does not

go beyond what is necessary to achieve those objectives.

(24) This Framework Decision respects the fundamental rights and observes the principles recognised, in particular by the Charter of Fundamental Rights of the European Union,

HAS ADOPTED THIS FRAMEWORK DECISION:

CHAPTER I

GENERAL PROVISIONS

Article 1

Objectives

This Framework Decision provides for the making available by air carriers of PNR data of

passengers of international flights to the competent authorities of the Member States, for the

purpose of preventing detecting, investigating and prosecuting terrorist offences and organised

crime, as well as the processing of those data, including their collection, use and retention (...) by

these authorities and their exchange (...) between them.

Article 2

1

Definitions

For the purpose of this Framework Decision the following definitions shall apply:

(a) `air carrier' means an air transport undertaking with a valid operating licence or equivalent permitting it to carry out carriage by air of passengers, as stated in the operating licence;

(b) "international flight" means any flight scheduled to enter the territory of at least one Member State of the European Union originating in a third country or to depart from the

territory of at least one Member State of the European Union with a final destination in a

2

third country ;

1

DELETED scrutiny reservation. 2

Two Member States (DELETED) pleaded in favour of the inclusion of intra-EU flights.

(c) `Passenger Name Record (PNR)' means a record of each passenger's travel requirements which contains all information necessary to enable reservations to be processed and

controlled by the booking and participating air carriers for each journey booked by or on

behalf of any person. Such a record may be contained in reservation systems, Departure

Control Systems (DCS), Global Distribution Systems (GDS) or equivalent systems, or is

1

otherwise known by the air carrier . In the context of this Framework Decision, PNR data shall mean the data elements described in the Annex and only to the extent that these are

collected or otherwise known by the air carriers;

2

(d) 'passenger' means any person, except members of the crew , carried or to be carried in an aircraft with the consent of the carrier;

(e) `reservation systems' means the air carrier's computerised inventory system, in which PNR data are collected from reservations made via computerised reservation systems as defined

in Regulation (EEC) No 2299/89 on a code of conduct for computerized reservation

systems or via direct booking channels like the air carriers' Internet websites, call centres

or sales outlets;

(f) 'Push method' means the method under which air carriers transmit the required PNR data into the database of the authority requesting them;

(g) "Pull method" means the method under which the authority requiring the data can access the air carrier's reservation system, departure control system, Global Distribution System

and equivalent system and extract (...) the required data into their database;

3

(h) "terrorist offences" means the offences under national law, referred to in Articles 1 to 4 of 4

the Council Framework Decision 2002/475/JHA on combating terrorism ;

1

Suggested clarification of the type of data covered by the Framework Decision. 2

DELETED wanted to include crew members. 3

DELETED thought it was sufficient to mention Article 2 and it was not necessary to include Articles 2, 3 and 4.

4

OJ L 164, 22.6.2002, p. 3.

(i) "organised crime" means the offences under national law, referred to in Article 2 of the 1

Council Framework Decision (xx/xx) on the fight against organised crime . CHAPTER II

RESPONSIBILITIES OF THE MEMBER STATES

Article 3

2

Passenger Information Unit

• 1. 

  (....) Each Member State shall set up or designate a public authority, to act as its "Passenger Information Unit". The Passenger Information Unit may be designated from authorities of

the Member State which are responsible for the prevention, detection, investigation or

prosecution of terrorist offences and organised crime. It may also be separate branch of a

3

competent authority as defined in Article 4 . Each Member State shall notify its Passenger Information Unit to the Commission and the General Secretariat of the Council within

twelve months after this Framework Decision enters into force, and may at any time update

its notification. The Commission shall publish this information in the Official Journal of

the European Union.

1

Several Member States (DELETED) criticised this reference to organised crime for being too narrow and indicated that forms of serious crime should be included in the scope of the proposal instead of the only membership of a criminal organisation. In this perspective, inspiration might be drawn from the draft Council Decision establishing the European Police Office (EUROPOL), which in Article 4(2) refers to forms of serious crime listed in the Annex to that draft decision. That Annex in turn has the same list of offences as in Article 2 of the Framework Decision on the European arrest warrant. 2

DELETED scrutiny reservation. 3

Several delegations (DELETED) asked that the Framework Decision would allow the PIU to be a branch of the law enforcement authority competent for acting upon the PNR.

• 2. 

  The Passenger Information Unit shall be responsible for collecting the PNR data from the air carriers or the intermediaries, according to Articles 5 and 6, in relation to international

flights which arrive or depart from the territory of the Member States which it serves. To

the extent that the PNR data of a passenger as collected, includes data additional to those

included in the Annex or special categories of personal data that would reveal the racial or

ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership

or data concerning health or sex life of the person concerned, the Passenger Information

1

Unit shall delete such data immediately upon their receipt .

• 3. 

  The Passenger Information Unit shall further be responsible for analysing the PNR data 2

and for carrying out a risk assessment of the passengers in order to identify the persons requiring further examination by the competent authorities of the Member State, as

referred to in Article 4 3 . Such analysis and risk assessment shall be aimed at preventing, detecting, investigating or prosecuting terrorist offences and organised crime, only for the

following purposes:

­ to identify persons who are or may be involved in a terrorist or organised crime offence,

as well as their associates;

­ to create and update risk indicators for the assessment of such persons;

­ to provide intelligence on travel patterns and other trends relating to terrorist offences

and organised crime;

­ to be used in criminal investigations and prosecutions of terrorist offences and organised

4

crime .

1

DELETED scrutiny reservation on paragraph 2. DELETED scrutiny reservation on the need

for a general obligation to delete all sensitive data. DELETED were in favour of such general obligation. DELETED thought this should be left to the PIU. The Presidency intends to revert to this issue at a later stage in the context of a general discussion on the use of sensitive data.

2

DELETED indicated that it thought Member States should not be under an obligation to analyse the PNR data of all passengers.

3

Some delegations pleaded in favour of some degree of harmonisation with regard to the risk assessment: DELETED. 4

DELETED scrutiny reservation.

The criteria and guarantees in respect of such risk assessments will be provided for under

national law, which shall take due account of the recommendations for common general

criteria, methods and practices for the risk assessment adopted under the procedure of

Articles 13, 14 and 15. No risk assessment criterion shall be based on a person's race or

ethnic origin, religious or philosophical belief, political opinion, trade union membership,

health or sexual orientation.

• 4. 

  The Passenger Information Unit of a Member State shall transmit the analytical information flowing from PNR data of individuals identified in accordance with paragraph 3 for

potential further examination to the relevant competent authorities of the same Member

State, referred to in Article 4, by electronic means or, in case of failure, by any other

1

appropriate means . The Passenger Information Units shall not take any decision on the basis of a passenger's PNR data which produces an adverse legal effect concerning a person

or seriously affects him.

5. (...)

• 6. 

  Two or more Member States may jointly set up or designate the same authority to serve as their Passenger Information Unit. Such Passenger Information Units shall be established in

one of the participating Member States and shall be considered the national Passenger

2

Information Unit of all such participating Member States . The participating Member States shall agree on the modalities of the operation of the Passenger Information Unit, the

control of the data and in particular on the applicable requirements on data security, data

protection and supervision, in accordance with the requirements laid down in this

Framework decision.

1

DELETED indicated telex might be used. DELETED asked for the deletion of of alternative means. DELETED scrutiny reservation.

2

DELETED pleaded in favour of a supranational analysis of PNR data.

Article 4

Competent authorities

• 1. 

  Each Member State shall adopt a list of the competent authorities which shall be entitled to receive analytical information flowing from PNR data from the Passenger Information

Units in order to examine this information further .

• 2. 

  Competent authorities shall only include authorities of the Member States which are responsible for the prevention, detection, investigation or prosecution of terrorist offences

and organised crime.

• 3. 

  Each Member State shall notify the list of its competent authorities in a declaration to the Commission and the General Secretariat of the Council within twelve months after this

Framework Decision enters into force, and may at any time update its declaration. The

Commission shall publish the declarations in the Official Journal of the European Union.

• 4. 

  The PNR data of passengers may be processed by the competent authorities of the Member States only with the aim of preventing, detecting, investigating or prosecuting terrorist

offences and organised crime.

• 5. 

  The limitation set out in paragraph 4 shall not affect or interfere with national law enforcement or judicial powers in case other offences, or indications thereof, are detected in

the course of the processing described in paragraph 4 or in the course of enforcement action

further to such processing.

• 6. 

  The competent authorities of the Member States shall not take any decision which produces an adverse legal effects on a person or seriously affects him shall be taken on the basis of a

passenger's PNR data only by reason of an automated processing of PNR data or only on the

basis of a person's race or ethnic origin, religious or philosophical belief, political opinion,

trade union membership or health or sexual orientation.

Article 5

Obligation on air carriers

• 1. 

  Member States shall adopt the necessary measures to ensure that air carriers make available the PNR data of the passengers of international flights to the national Passenger

Information Unit of the Member State on whose territory the international flight referred to

is entering, departing or transiting, in accordance with the conditions specified in this

Framework Decision. In cases in which a transiting international flight includes a segment

involving two or more different Member States, air carriers should make available the PNR

data of the passengers to the Passenger Information Units of all the involved Member

1

States .

____________________

1

This addition is suggested by the Presidency in order to accommodate a remark that was made with regard to transit flight in the context of the discussion on Article 2(b)

• 6 nov '07
  Gebruik van persoonsgegevens van passagiers (PNR-gegevens) voor wetshandhavingsdoeleinden
  
  
  
• 6 nov '07
  COM(2007)654 - Gebruik van persoonsgegevens van passagiers (PNR-gegevens) voor wetshandhavingsdoeleinden
  
  
  
• 16 dec '03
  COM(2003)826 - Doorgifte van passagiersgegevens (PNR-gegevens): een allesomvattende EU-aanpak
  
  
  
• 24 feb '03
  JAI(2003)4 - Verplichting voor vervoerders om passagiersgegevens door te geven
  
  
  
• 14 okt '88
  COM(1988)447 - Gedragsregels voor geautomatiseerde boekingssystemen