Passenger name record (PNR)

Since March 5, 2003, European airline companies have given American customs access to reservation files for passengers flying to the United States. The guaranties already obtained by the CNIL and its European counterparts are still insufficient to ensure adequate protection of passengers’ privacy.

The American anti-terrorist legislation and regulations provide for the unilateral obligation of any airline providing flights to the United States to give the controlling services at the American borders access, on request, to the reservation files of their passengers, the “Passenger Name Record” (PNR), contained in their reservation system.

The reservation dossiers are filled in by travel agents in order to give the airline companies the information necessary to provide the services requested by passengers. These files may, therefore, systematically include the identity of the passenger or of passengers travelling together, the complete itinerary, the personal or invoicing address, the telephone number and the means of payment, and in certain cases, the charge card number, medical information or information about diet preferences of a religious nature.

Airline companies which do not comply with the demands of the American customs might be subject to sanctions going as far as landing refusal.

Informed by the airline companies of the threats hanging over them if they did not comply before the end of the year, the CNIL and its counterparts within the “article 29” group (the European group instituted by the 95/46/CE directive) agreed on an opinion, dated October 24, 2002. Whilst recognising that certain exemptions from the purpose principle can be legitimate in the framework of prevention of terrorism, the opinion raises the question of sensitive data and of proportionality. Thus the governments, the European Commission, and public opinion have been made aware of an international issue, in which passengers and airline companies cannot be left alone faced with the American demands.

In co-ordination with the Member States, the European Commission has established a dialogue with the American authorities on both a technical and a political level. In order to obtain a certain number of guarantees, the deadline given by the American administration for carrying out data disclosure has been postponed twice.

Based on the first American commitments contained in a common declaration, dated February 17, 2003, the airline companies finally granted the access to data demanded by the American administration on the 3rd, and last, deadline date of March 5, 2003.

The guarantees obtained notably concern non-access to information about passengers not going to the United States, and special protection or deletion of any sensitive data collected.

The list of questions raised by the data protection authorities, with a view to limiting the required data transmissions to proportionate content and modalities, and the pressure exercised by the very critical resolution voted by the European Parliament on March 13 this year have, however, led the American authorities to propose a list of undertakings on May 22, 2003.

Nevertheless, as acknowledged by the European Commission itself, this American document cannot yet serve as the basis for a satisfactory permanent framework, while it rapid adoption would be necessary.

In its opinion of June 13, 2003 the “Article 29” group recommends improvements on the following points:

•  the purpose of such data transfer must be limited to the prevention of serious acts of terrorism ;
• if its transfer would be acceptable, the data must be limited to identity, itinerary and mode of travel organisation, excluding any data of a sensitive or economic nature, or relating to particular services requested by the passengers ;
• transmission of data must be carried out by the companies themselves and not by direct access by the American authorities to the reservation systems, (“push” instead of “pull”) ;
• the retention period duration should be limited to a few weeks or months instead of the 15 years as planned by  US authorities ;
• an independent body must be able to rapidly receive and deal with complaints by passengers (right of access and correction) and ensure control of any processing intended to detect “undesirable” persons and of persons to be subject to specific control according to standard profiles.

While awaiting a satisfactory solution, the companies must inform passengers and implement the means to transmit the data by themselves in order to remove data to be established as excessive.