This page contains a limited version of this dossier in the EU Monitor.
|dossier||COM(2013)528 - Conclusion of the Agreement with Canada on the transfer and processing of Passenger Name Record data.|
This legislation aims at obtaining PNR data electronically in advance of a flight's arrival and therefore significantly enhances the Canada Border Services Agency's ability to conduct efficient and effective advance risk assessment of passengers and to facilitate bona fide travel, thereby enhancing the security of Canada. The European Union, in cooperating with Canada in the fight against terrorism and other serious transnational crime, views the transfer of PNR data to Canada as fostering international police and judicial cooperation. This will be achieved through the sharing of analytical information containing PNR data obtained by Canada with competent police and judicial authorities of Member States, as well as with Europol and Eurojust within their respective mandates.
PNR is a record of each passenger's travel requirements which contains all information necessary to enable reservations to be processed and controlled by air carriers.
Air carriers are under an obligation to provide the Canada Border Services Agency with access to certain PNR data to the extent it is collected and contained in the air carrier's automated reservation and departure control systems.
The data protection laws of the EU do not allow European and other carriers operating flights from the EU to transmit the PNR data of their passengers to third countries which do not ensure an adequate level of protection of personal data without adducing appropriate safeguards. A solution is required that will provide the legal basis for the transfer of PNR data from the EU to Canada as a recognition of the necessity and importance of the use of PNR data in the fight against terrorism and other serious transnational crime, whilst providing legal certainty for air carriers. In addition, this solution should be applied homogenously throughout the European Union in order to ensure legal certainty for air carriers and respect of individuals' rights to the protection of personal data as well as their physical security.
The European Union concluded an agreement i in 2005 with Canada on the processing of PNR data based on a set of commitments by the Canada Border Services Agency in relation to the application of its PNR programme. The commitments were annexed to a Commission Decision on the adequate protection of personal data contained in the Passenger Name Record of air passengers transferred to the Canada Border Services Agency.  Following the expiry of the Commission Decision in 2009, the Canada Border Services Agency unilaterally undertook to assure the EU that the commitments would continue in full force and effect until a new agreement applies.
Following the entry into force of the Lisbon Treaty, the European Parliament adopted a resolution on 5 May 2010 in which it requested a renegotiation of the Agreement on the basis of certain criteria.
On 21 September 2010, the Council received a recommendation from the Commission to authorise the opening of negotiations for an Agreement between the European Union and Canada for the transfer and use of PNR data to prevent and combat terrorism and other serious transnational crime.
On 11 November 2010, the European Parliament adopted a resolution i on the recommendation from the Commission to the Council to authorise the opening of negotiations.
On 2 December 2010, the Council adopted a Decision, together with a negotiation directive, authorising the Commission to open negotiations on behalf of the European Union. Following negotiations between the parties, the Agreement was initialled on 6 May 2013.
This Agreement takes into consideration and is consistent with the general criteria laid down in the Communication from the Commission on the Global Approach to the transfer of PNR data to third countries and the negotiating directives given by the Council.
PNR has proven to be a very important tool in the fight against terrorism and serious crime. The Agreement secures several important safeguards for those persons whose data will be transferred and processed. In particular, the purpose of processing of PNR data is strictly limited to preventing, detecting, investigating and prosecuting terrorist offences and serious transnational crime. The retention period of the PNR data is limited and the data will be depersonalised after a period of 30 days. Individuals are provided with the right to access, correction, redress and information. The data will be transferred using exclusively the push method, under which air carriers transfer (‘push’) the required PNR data to the Canada Border Services Agency, thus allowing air carriers to retain control of what data is provided. The use of sensitive data is limited to very exceptional cases and subject to strict conditions and effective safeguards, including the approval by the President of the Canada Border Services Agency and the deletion of the data after a very short timeframe. Oversight of Canada's compliance with these rules shall be exercised by the Privacy Commissioner of Canada and the Recourse Directorate of the Canada Border Services Agency.
Article 218(6)(a) of the Treaty on the Functioning of the European Union states that the Council shall authorise the conclusion of international agreements.
The Commission therefore proposes to the Council to adopt a decision approving the conclusion of the Agreement between Canada and the European Union on the transfer and processing of Passenger Name Record data.