Oireachtas Committee rejects passenger records proposals
November 17th, 2008
The Irish Times is reporting that the Joint Committee on European Scrutiny (a cross party committee which examines proposed EU legislation) has published a report which is highly critical of European proposals on passenger records.
The draft Framework Decision on the Use of Passenger Name Record (PNR) for Law Enforcement is an astonishing proposal which, if passed, would establish giant databases tracking the travel of every individual, logging details of every flight they make and keeping that information for 13 years. That information could then be accessed and shared with other countries without any individual suspicion, much less any form of warrant or prior permission. The proposal envisages using this information for “profiling” of all passengers. As originally proposed, the database would apply only to international flights (entering or leaving the EU) but some states are now pushing to extend this to include all flights within the EU while the UK is taking this further still and is seeking to create a database of all ferry and rail traffic within the EU.
This proposal has already been the subject of criticism across Europe from, for example, the European Data Protection Supervisor. In a presentation to the Joint Committee the Data Protection Commissioner clearly explained why the proposal is unacceptable:
We all support reasonable and proportionate measures to counter violence perpetrated against innocent people, but such measures should represent a proper balance between the need to combat such illegality and the rights of the innocent majority to go about their daily lives without undue interference by the State. In my opinion, and that of my EU colleagues, the Commission proposal fails this test. The proposal involves an obligation on air carriers to transmit to a state authority, called a “passenger information unit”, the PNR information that the passenger has provided to the air carrier in respect of any journey by air into or out of the European Union. The information typically includes contact details, such as address, phone number and e-mail, as well as payment information, such as credit card details. Under the proposal, the information has to be retained by the passenger information unit for a total of 13 years.
Such information is given by a passenger for the purpose of the provision of a service, namely air travel. The Commission proposal is that this information should be transmitted to state authorities for a totally different purpose, the combating of what is described as terrorism and organised crime. It is a basic data protection principle that information collected for one purpose should not be used for another purpose and should be deleted when no longer required for the purpose for which it was collected. The Commission proposal offends against this basic principle. Under the proposal, air carriers will have no choice but to hand over a complete record of an individual’s movements in and out of the European Union to a state entity that will retain it for 13 years, and not only a record of travel, but also of contact and payment information.
Many regular travellers would have difficulty recalling where they had travelled to, even in the past year. With this proposal, the state will have a detailed record of all such travel in and out of the European Union, and for a period going back 13 years. Therefore, whether it is a business trip to Singapore, a shopping trip to New York or a holiday in Morocco, the state will have full details. Can this invasion of individual privacy be considered a proportionate response to threats from the small number who may be tempted to engage in terrorism or organised crime?
One must also have concern for the ability of the state to protect the confidentiality of such information. Recent cases investigated by my office have, unfortunately, demonstrated that deliberate or inadvertent leaking or misuse of such information is a significant risk. Experience in other EU countries is no different…
There is little hard evidence of the actual usefulness of PNR passenger data in combating terrorism or organised crime. All we are presented with is general comments that such information is useful, with a small number of examples. There is even less evidence of the additional utility of PNR data over the more reliable API data that is already being collected. The result is that a key test under European law — that of proportionality — does not seem to be met. Even if one were to accept the case presented for this proposal — I do not — the protection provided for the innocent majority who have nothing to do with terrorism or organised crime is vague and inadequate. These deficiencies are spelled out in the written opinion my EU colleagues have already delivered and which has been provided to the committee.
If this proposal is implemented, we will have taken a further step to what has been called the surveillance society, where our day-to-day activities are constantly monitored and our private space is more and more restricted. We already have a situation, under data retention law, where the details of who we communicate with electronically is compulsorily stored, in case it would be useful for the investigation of crime. With this proposal, our international travel movements will be monitored by the State for the same reason. Can it only be a matter of time before this is extended to all of our movements? (Emphasis added)
The Joint Committee has now accepted these points (and also pointed out that – incredibly – neither Ryanair nor EasyJet were consulted in relation to the proposal).
What can you do about this? The responsible Irish official is the Minister for Justice. You might like to let him know that your privacy is important, and that the proposals (which Ireland has supported) are unacceptable. Ask him why he has ignored the concerns raised by the Data Protection Commissioner and proceeded with a measure based on “little evidence” with “vague and inadequate protections” for your personal information. Ask him whether he plans to ignore the concerns raised by our democratic representatives in the Joint Oireachtas Committee. Contact details? Email: minister@justice.ie, Phone: 01 602-8202 (ask for the Minister’s Office), Fax: 01 661-5461, Snail Mail: 94 St. Stephen’s Green, Dublin 2. And of course you should cc your local TDs (details here) and let them know that this issue is important to you in deciding how you will vote.
Entry Filed under: DRI, Data Retention, Mass surveillance
3 Comments Add your own
1. Rahood | November 20th, 2008 at 3:05 pm
The link [kablenet.com/kd.nsf/FrontpageRSS/..!OpenDocument] just times out on me can you please provide another link as I would very much to read it. Thanks.
2. TJ | November 20th, 2008 at 4:59 pm
Funny, the link works for me. Here’s the full text:
Government sticks to EU passenger plan
7 August 2008
The government has continued to argue that international passenger data should be analysed for immigration and non-serious crime, potentially risking its access to other European countries’ data
On 11 June, the House of Lords European Union committee warned the government that it faced problems in continuing to use passenger name records (PNRs) for anything other than tackling terrorism and serious crime, as other European countries are against wider use.
A draft framework decision intends to require EU member states to collect PNRs for all flights in and out of Europe specifically for tackling terrorism and organised crime. But in an official response published on 6 August, the Home Office says it will continue to use PNRs within its e-Borders project, including those from internal flights and other forms of transport, and try to persuade other countries to change their minds.
“As currently drafted, there is a real risk that the EU PNR proposal would degrade e-Borders by prohibiting the use of PNR data for combating immigration offences,” it says. “We will therefore lobby strongly for the (EU) framework decision not to preclude the use of PNR for this purpose.”
In response to a warning from the Lords committee that the government’s stance may force it to opt out of the framework decision, denying Britain PNR data from other countries, the Home Office says that it has invited delegations from other member states to visit its joint border operations centre, and has made presentations in Brussels. “We are working hard with EU partners to reach agreement on a text which is acceptable to all,” it says.
The Home Office also explains its work to collect PNR-like data, which includes contact details for passengers and information on how they bought the ticket, for international rail and sea journeys. It says legislation already exists to collect similar data for sea and for international rail journeys except between Northern Ireland and the Republic, and it is working on systems to collect information such as vehicle registrations and travel documents.
It is also working on taking data from the Eurostar rail service as it does from airlines, but with allowances made for shorter reservations and check in times, and the high proportion of passengers who do not book in advance.
The response adds that there is no legal power to collect reservation data from road vehicles, such as coaches, moving internationally.
Source: Kable’s Government Computing
Publication date: 07/08/2008
3. barry | November 27th, 2008 at 3:28 pm
I asked Jim O’Keefe to table a PQ to the Min on this; here is the answer –
“The proposed EU Council Framework Decision on the use of Passenger Name Records (PNR) for law enforcement purposes is under consideration within the Council framework at present. Under the French Presidency of the Council the Member States have undertaken an in-depth thematic reflection on the nature of a PNR system and issues related to it, with the active involvement of sectoral operators, fundamental rights and data protection interests and the European Parliament. This work will be continued under the incoming Czech Presidency of the Council.
The proposed Framework Decision will include appropriate safeguards to be built into any system which is established in order to protect fundamental rights, particularly the right to data privacy. The exact nature and extent of these safeguards is yet to be finalised but views expressed by the Member States and a range of other interested parties, including the Article 29 Working Party on data protection, the European Data Protection Supervisor and the European Fundamental Rights Agency, will be taken into account.
The proposal has been the subject of a recent report by the Oireachtas EU Scrutiny Committee, which heard the views of the Data Protection Commissioner. He expressed his reservations about certain aspects of the proposed Framework Decision and the Committee’s report reflects those concerns. I will, of course, take into account the views of the Committee in the course of further discussions on this proposal at EU level.
Measures to assist the Gardaí in their fight against terrorism and serious crime which are proportionate and which contribute to a more secure environment for Irish and other EU citizens deserve support. PNR data are widely collected by operators in the travel sector and it makes sense to make use of data sources which are already available. However, I remain conscious of the need to achieve balance and proportionality in any measures that would be taken in this field.”
The usual anodyne response, but I think the very fact the question was put may make the Dept realise that the issue is being scanned. Jim is undersatanding of the issues but is no aware of the details. I have no political affiliation with him or his party, but I have found he is at least willing to react.
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed