The Passenger Name Record scheme (PNR) appears to be back on track following its dismissal last year. PNR is a record in the database of a computer reservation system used by all airlines that contains the itinerary for a passenger or a group of passengers. This information contains names and payment information of passengers and the data is not verified.
Giovanni Buttarelli, the European Data Protection Supervisor (EDPS), said that the current draft of the law goes too far. Security agencies argue that they need the information for the, “prevention, detection, investigation and prosecution of terrorist offences and serious crime”, but with the scheme likely to cover at least all flights to and from the European Union (EU), and possibly intra-EU and/or domestic flights, more than 300 million non-suspect passengers could be caught in the operation. Further to this in light of the Safe Harbour opinion from the Advocate General and the Safe Harbour judgment it is difficult to see how PNR can be upheld between the EU and the US. One argument raised in relation to PNR is that although data is being collected and can be used for security purposes, if leaked or hacked into it has the potential to be used for terrorist activities.
Other arguments centre on the surveillance of all individuals travelling by plane to, from and possibly within the EU, the lack of accuracy of this data, the breach of the purpose limitation principle (i.e. re-using booking data for incompatible purposes such as law-enforcement), as well as the lack of evidence of the effectiveness, necessity and proportionality of the scheme. In March 2015 the European Commission tried to defend the scheme in a letter to the European Parliament which was struck down by the Court of Justice of the European Union on the grounds that it represented an interference with the rights of privacy and data protection. There does not appear to be a balance struck with the PNR as data will be collected on everyone whether or not there is a link between their data and whether they have committed a criminal act. PNR returning to the table is perhaps in light of the recent Germanwings crash where the view of the German Interior Minster is that data should be exchanged within and outside Intra-Schengen flights thus extending the scope of the current PNR. Air crashes like the one suffered by Germanwings and the disappearance of the Malaysian Airlines plane have elevated growing concerns around security on airlines. PNR poses many problems as firstly it collects too much data and much of this is not relevant or necessary, and secondly the data collected is not used for border control purposes and is purely for security. At present the UK and many other European airlines already employ facial recognition and iris scanning software as security measures.