Richtlijn 2016/681 - Gebruik van persoonsgegevens van passagiers (PNR-gegevens) voor het voorkomen, opsporen, onderzoeken en vervolgen van terroristische misdrijven en ernstige criminaliteit

Inhoudsopgave

  1. Samenvatting van Wetgeving
  2. Use of passenger records to prevent terrorism and serious crime
  3. Wettekst

1.

Samenvatting van Wetgeving

2.

Use of passenger records to prevent terrorism and serious crime

SUMMARY OF:

Directive (EU) 2016/681 on the use of passenger name record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime

WHAT IS THE AIM OF THE DIRECTIVE?

  • It aims to regulate the transfer of the passenger name record (PNR) data of passengers on international flights from airlines to the European Union (EU) Member States.
  • It also regulates the processing of these data by Member States’ competent authorities.

KEY POINTS

What are PNR data?

They consist of booking information stored by airlines in their reservation and departure control systems. The information collected includes:

  • travel dates;
  • travel itinerary;
  • ticket information;
  • contact details;
  • means of payment used;
  • baggage information.

Scope

  • Each Member State must establish a Passenger Information Unit (PIU). A PIU is responsible for:
    • collecting, storing and processing the data, as well as transferring the data or the results of the processing to the competent national authorities;
    • exchanging PNR data and the results of processing with other Member States and Europol.

Airlines must provide PIUs in Member States with the PNR data for flights entering or departing from the EU. It also allows – but does not require – Member States to collect PNR data concerning selected intra-EU flights.

Processing

The data collected may only be processed to prevent, detect, investigate and prosecute terrorist offences and serious crime. Data should only be processed in the following cases:

  • for a pre-arrival assessment of passengers against pre-determined risk criteria and relevant law enforcement databases;
  • for use in specific investigations/prosecutions;
  • as input in the development of risk assessment criteria.

Transfer and exchange of data

  • Member States should not be able to access airline companies’ databases.
  • PNR data are sent by the airline to the PIU of the Member State concerned.
  • When necessary and relevant, a Member State must supply PNR data on an identified person to the competent authorities of another Member State.
  • PNR data may be transferred to a non-EU country under certain specific conditions.

Storage

  • Data provided by airline carriers must be stored in a database by the PIU for 5 years from the time of its transfer to the Member State in which the flight is landing or from which it is departing.
  • After 6 months the transferred data must be ‘depersonalised’ to mask out certain information including;
    • name;
    • address and contact information;
    • all payment information including billing address.
  • Disclosure of the full PNR information after this 6-month period has expired is only permitted if:
    • it is reasonably believed to be necessary in order to respond to requests for PNR data made by competent authorities or Europol — on a case-by-case basis and;
    • it has been approved by a judicial or other national authority competent under national law to verify whether the conditions for disclosure are met.

Transfer of PNR data to non-EU countries

  • Part Three, Title III of the EU-UK Trade and Cooperation Agreement (see summary) deals with the issue of the transfer, processing and use of PNR data in relation to flights between the EU and the UK. It also sets out the rules for police and judicial cooperation in criminal matters between the UK and the EU in respect of PNR data.
  • The EU has also signed agreements specifically on the transfer of PNR data with Australia and with the United States of America.

FROM WHEN DOES THE DIRECTIVE APPLY?

It has applied since 24 May 2016 and had to become law in the Member States by 25 May 2018.

BACKGROUND

For further information, see:

MAIN DOCUMENT

Directive (EU) 2016/681 of the European Parliament and of the Council of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime (OJ L 119, 4.5.2016, pp. 132-149)

RELATED DOCUMENTS

Trade and Cooperation Agreement between the European Union and the European Atomic Energy Community, of the one part, and the United Kingdom of Great Britain and Northern Ireland, of the other part (OJ L 149, 30.4.2021, pp. 10-2539)

Agreement between the United States of America and the European Union on the use and transfer of passenger name records to the United States Department of Homeland Security (OJ L 215, 11.8.2012, pp. 5-14)

Agreement between the European Union and Australia on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the Australian Customs and Border Protection Service (OJ L 186, 14.7.2012, pp. 4-16)

last update 20.10.2021

Deze samenvatting is overgenomen van EUR-Lex.

3.

Wettekst

Richtlijn (EU) 2016/681 van het Europees Parlement en de Raad van 27 april 2016 over het gebruik van persoonsgegevens van passagiers (PNR-gegevens) voor het voorkomen, opsporen, onderzoeken en vervolgen van terroristische misdrijven en ernstige criminaliteit