EU Passenger Name Record Directive

By Thomas Vink, 27th May 2021

The EU Passenger Name Record (PNR) Directive obliges airlines to collect personal, and sometimes potentially sensitive, data of travellers and share it with government authorities. The data is mined and processed, including by algorithmic systems, to profile and categorise travellers on the basis of whether they might be involved in a terrorist offence or serious crime. The potential bias and inaccuracy of the data processing means the number of actual criminals caught is disproportionately low compared to the much larger number of innocent people who are wrongly flagged and detained.

GFF and epicenter.works argue that this data collection amounts to mass surveillance and could lead to discrimination and violations of the right to privacy. They seek to have the PNR Directive struck down on this basis.

EU Passenger Name Record Directive

Organisation Name

epicenter.works and Gesellschaft für Freiheitsrechte (GFF)

Country/Jurisdiction

Austria and Germany

Thematic Area

Privacy and Data Protection

Current Status

Ongoing

Grant type

Single Instance Litigation Support

Description

The EU Passenger Name Record (PNR) Directive obliges airlines to collect personal, and sometimes potentially sensitive, data of travellers and share it with government authorities. The data is mined and processed, including by algorithmic systems, to profile and categorise travellers on the basis of whether they might be involved in a terrorist offence or serious crime. The potential bias and inaccuracy of the data processing means the number of actual criminals caught is disproportionately low compared to the much larger number of innocent people who are wrongly flagged and detained.

GFF and epicenter.works argue that this data collection amounts to mass surveillance and could lead to discrimination and violations of the right to privacy. They seek to have the PNR Directive struck down on this basis.

In the first half of 2020, the German courts agreed with GFF’s request to refer questions to the Court of Justice of the European Union to examine the legality of the directive. If it’s ruled illegal, the practice will have to stop across the EU.

In 2019, epicenter.works made a complaint to the Austrian data protection authority, which was rejected because the authority did not have the power to rule on the directive. epicenter.works have since taken their case to the domestic courts, but it has been put on hold while the courts wait to see how the Court of Justice responds to the questions from the German courts.

"The potential bias and inaccuracy of the data processing means the number of actual criminals caught is disproportionately low compared to the much larger number of innocent people who are wrongly flagged and detained."

Strategic Goal

To prevent illegal mass surveillance of people travelling in and out of Europe, and demonstrate to the authorities and the wider public that this type of mass data retention and processing is illegal and violates human rights.

Organisation Name

Women’s Link Worldwide

Image by CHUTTERSNAP on Unsplash