The EU Council has adopted a decision which formally concludes an agreement between the EU and Canada on the transfer and use of passenger name record (PNR) data.
Passenger name record (PNR) data is data collected by air carriers based on the information passengers provide when booking. It includes data such as the name of the passenger, travel dates, itineraries, seat number, baggage, contact details or means of payment. It can be a key tool in the fight against terrorism and serious transnational crime, as its analysis can help identify criminal patterns.
In the EU, the PNR directive from 2016 regulates the transfer from the airlines to EU member states authorities of PNR data of passengers of international flights. The directive also sets standards for the purposes for which PNR data can be processed.
The agreement sets out the conditions for the transfer of PNR data from the EU to Canada for the prevention, detection, investigation and prosecution of terrorist offences or serious transnational crimes.
The EU-Canada agreement includes important privacy and data protection safeguards, demonstrating a commitment to both security and fundamental rights. The agreement for instance excludes the processing of sensitive PNR data, such as information that reveals racial or ethnic origin or political opinions. It also foresees transparency measures vis-à-vis the passengers. Independent public authorities will be tasked with overseeing that data protections safeguards are being kept.
The agreement will enter into force when the EU and Canada have notified each other of the completion of their internal procedures. The EU’s internal procedure will be completed with today’s Council decision.
