The Opinion of the European Data Protection Supervisor on the Communication from the Commission on the global approach to transfers of Passenger Name Record (PNR) data to third countries has been released.
I look forward to reading analyses of the opinion. Here are some its statements:
17. As developed below, the EDPS considers that the bulk transfer of data about innocent people for risk assessment purposes raises serious proportionality issues. The EDPS questions in particular the proactive use of PNR data. While “re-active” use of data does not raise major concerns, as far as it is part of an investigation of a crime already committed, real time and proactive use lead to a more critical assessment.
18. According to the wording of the Communication, even in the “real time context”, PNR data will be “use(d) in order to prevent a crime, survey or arrest persons before a crime has been committed”, based on “predetermined fact-based risk indicators”9. The main idea to take measures with regard to persons before a crime has been committed on the basis of risk indicators, is in the view of the EDPS a proactive measure, the use of which in a law enforcement context is traditionally strictly defined and limited.
19. Besides, neither the notion of risk indicators, nor the notion of “risk assessment” is sufficiently developed, and the latter could easily be confused with the notion of “profiling”. This similarity is even strengthened by the alleged objective which is to establish “fact based travel and behavioural patterns”. The EDPS questions the link between the original facts, and the patterns deduced from these facts. The process aims at imposing on an individual a risk assessment – and possibly coercive measures – based on facts which are not related to this individual. As already stated in his previous opinion on a proposal for an EU-PNR, the main concern of the EDPS relates to the fact that “decisions on individuals will be taken on the basis of patterns and criteria established using the data of passengers in general. Thus decisions on one individual might be taken, using as a reference (at least partially), patterns derived from the data of other individuals. It is thus in relation to an abstract context that decisions will be taken, which can greatly affect data subjects. It is extremely difficult for individuals to defend themselves against such decisions”10.
20. The use of such techniques on a wide scale involving the screening of all passengers therefore raises serious questions of compliance with fundamental privacy and data protection principles, including those laid down in Article 8 ECHR, Articles 7 and 8 of the Charter and Article 16 TFEU.
21. Any final decision on the legitimacy of PNR schemes should take into account these elements, which should be analysed and developed in the impact assessment being conducted in the framework of the EU PNR project. The agenda should be set in order to allow a careful consideration of the results of this impact assessment in the drafting of global requirements for PNR schemes.
And from later sections:
26. The Communication indicates that sensitive data shall not be used unless in exceptional circumstances. The EDPS deplores this exception. He considers that the conditions of the exception are too broad and do not bring any guarantees: use on a case by case basis of the data is only presented as an example; besides, the purpose limitation should be a general principle applicable to any processing of PNR data, not only a guarantee applying to sensitive data. The EDPS considers that allowing for the processing of sensitive data, even in limited cases, would align the level of protection of protection of all PNR schemes on the less data protection compliant scheme rather than on the most compliant. He therefore calls for a complete exclusion of the processing of sensitive data, as a principle.
35. PNR schemes presented in the Communication do not per se meet the necessity and proportionality tests as developed in this opinion and in previous opinions of the EDPS and the Article 29 Working Party. To be admissible, the conditions for collection and processing of personal data should be considerably restricted. The EDPS is in particular concerned about the use of PNR schemes for risk assessment or profiling.