European Commission Wants Collection And Retention Of Passenger Data For Everyone Flying In And Out Of Europe

from the open-breach-of-fundamental-rights dept

Another day, another shameless exploitation of the Charlie Hebdo attacks. We’ve just reported on an EU call for Internet companies to hand over their crypto keys; now the European Commission is trying to push through a requirement for wide-ranging information about everyone flying in and out of Europe to be collected and stored for years. As reported by the Guardian:

The European commission plan to be published on Wednesday would require 42 separate pieces of information on every passenger flying in and out of Europe, including their bank card details, home address and meal preferences such as halal, to be stored on a central database for up to five years for access by the police and security services.

The European Commission calls its plan (pdf) a “workable compromise”, and goes on to list revisions that it claims address concerns of the European Parliament’s Civil Liberties Committee, which rejected the whole idea of blanket retention of “Passenger Name Records” (PNR) back in 2013. Statewatch provides a summary of the main changes:

Changing the scope from “terrorism and serious crime” to “terrorism and serious transnational crime”;

Reference to all the offences covered by the European Arrest Warrant is replaced by “a shorter list of offences that a relevant to transnational travel”;

Reducing the retention period of the “full PNR” from 30 days to seven days, and changing the longer “depersonalised” retention period to four years in relation to “serious transnational crime” (it remains five years for terrorism);

“establishing stricter conditions for access to PNR data” including “the appointment of a Data Protection Officer within the national units responsible for the processing of PNR data”;

“explicitly spelling out the rights of passengers to have access to their PNR data (retained by the PIU) and to request the modification or erasure of their data”;

Whether or not these are enough, the Greens MEP Jan Philipp Albrecht, who is vice-chairman of the European Parliament’s Civil Liberties Committee, points out a more fundamental problem with the proposal:

“The commission plans are an affront to the critics of the European parliament and the European court of justice who have said that data retention without any link to a certain risk or suspicion isn’t proportionate.

“It is an open breach of fundamental rights to blanketly retain all passenger data,” he added.

Albrecht is referring to the important judgment handed down by the EU’s Court of Justice last year, which ruled blanket data retention was “invalid“. The European Commission is acutely aware of this issue, and says right at the start of the leaked document:

The proposed compromise takes due account of the judgment of the Court of 8 April 2014 on the Data Retention Directive, as far as the judgment appears applicable to PNR.

However, it is by no means clear that the current proposal would in fact be regarded as “valid” by the court. Moreover, the Commission’s document admits that it is anyway likely to meet resistance in the European Parliament:

In case the Commission would adopt its revised proposal without an accompanying Impact Assessment, the [European Parliament] or in any case some political groups would likely express their criticism, given the important implications derived on PNR from the [EU Court of Justice] ruling on [Data Retention Directive].

As that indicates, this move is just part of a larger argument within the European Union about how much surveillance of European citizens is appropriate, how long data about them should be retained and with what data protection safeguards. That, in its turn, feeds into even wider discussions with the US over the Safe Harbor agreement, NSA spying and the inclusion (or not) of a chapter on data flows within TAFTA/TTIP and TISA.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “European Commission Wants Collection And Retention Of Passenger Data For Everyone Flying In And Out Of Europe”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

Going down the list

As that indicates, this move is just part of a larger argument within the European Union about how much surveillance of European citizens is appropriate, how long data about them should be retained and with what data protection safeguards.

That would be:

1. None whatsoever that isn’t related to an active, targeted investigation that has been authorized by a court-approved targeted warrant or similar order.
2. Only so long as the investigation is ongoing and the data is required, after which all the data collected is purged.
3. Only those directly involved in a given investigation should be allowed to have access to the data collected during the course of that investigation. If another agency desires access to the information, they should be required to go through the same steps they would if they were starting from scratch, and are barred from arguing that just because the other agency has access, they should too.

Any agency found in possession of collected data, and that hasn’t gone through the proper steps to gain authorized access to it will have those in charge of the agency, and the ‘lower ranked’ employees involved, removed from office and sentenced to 1-10 years in prison, depending on the severity of their actions, with a minimum one year sentence. Once their sentence is over, they will be released, though barred from serving running for, or serving in, public office for the rest of their life.

The above seem like fair rules to me, though for agencies used to doing whatever they want, laws and rights be damned, I imagine the above would be seen as insane and ludicrously restrictive. How are they supposed to (fail to) find terrorists if they can’t spy on everyone, all the time after all? /s

That One Guy (profile) says:

Re: Re: Going down the list

The punishment is meant to be harsh, in part because I am so gorram sick of government and/or public officials pulling the ‘Ooops, my bad’ excuse when they get caught doing something, and then getting nothing more than a slap on the wrist for their actions. The other reason is to give some real incentive for those running an organization to make absolutely sure that they do not allow such actions to occur in their organization.

I suppose if it could be conclusively proven that those in charge of an organization were not aware of the existence of ‘unauthorized’ data on their systems, then a hefty personal fine, loss of position, and being barred from any government in the future, while those that did know would still face the jail time, could make for an acceptable alternative, it’s just with wiggle room like that you’d have nothing but ‘See no evil, hear no evil’ bosses, who intentionally made sure to remain as clueless as possible regarding what their department/organization was doing. This is why I feel they have to face some sort of punishment, even if they ‘didn’t know’, to give them incentive to keep such activity from happening.

As for your second point, while true, if you could only propose ideas that would be acceptable to the current batch of parasites, then pretty much anything other than ‘Give the government more power’ would be disqualified right off the bat, because anything less would be considered unacceptable to them.

Cassie says:

Re: Re: Re: Going down the list

I feel there should be softer consequences, but only based on what the persons contribution to the activity is. Because with the wonderful setup you paint, even the secretary who may have heard of it, but had no part in it would have to face a year in jail and what not. We shouldn’t punish those who had no part to play other than ” This person had minimal knowledge of the plot” because then we would only be forcing offices to empty out every time something came to light. Every office has a secretary who hears everything, yet knows nothing of real value. ( Note: I only say secretary because that’s an easy enough example for me to come up with)

That One Guy (profile) says:

Re: Re: Re:2 Going down the list

Hmm, how about this: The bosses of a particular agency will always be punished, jail if involved, personal fines if proven that they knew nothing(with the range of jail/fine sentencing dependent on involvement and severity of the action), loss of position and barred from government work either way. This is to motivate them to keep on eye on their subordinates, and do their hardest to stay withing the rule/law.

Now it may seem unfair to hold them accountable for what their subordinates do, even if they aren’t aware of it, but if the boss doesn’t know what’s going on, then either they are intentionally keeping themselves in the dark, or they’re incompetent, and in either case, they need to be removed from their position and replaced.

Subordinates will only suffer the penalty if they were involved. General, vague knowledge wouldn’t count, they would have to be either directly involved with the action, or have sufficient evidence proven that they knew what was going on to also be subject to the punishment.

Anonymous Coward says:

One of the key things is that the European Commission is almost entirely unelected, whereas the European Parliament is not. This is supposedly to reduce the change of populist legislation form getting through.

However, it seem that the EP is reining in the worst excesses of the EC. IT’s going to be interesting in those countries running European elections this year as to how it’s going to proceed.

I would recommend that the unelected EC have a power reduction at the moment, as it’s currently being corrupted by outside (often corporate) interests.

sorrykb (profile) says:

So much cynicism

The European commission plan to be published on Wednesday would require 42 separate pieces of information on every passenger flying in and out of Europe, including their …meal preferences…

Have you even considered that maybe they’re just trying to make sure they’ll have the right food ready for us when we’re detained indefinitely?
This is what happens when you try to pay attention to your customers’ needs… Geez.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...