European Data Board Clarifies Guidelines on Collecting Data from Airline Passengers
The European Data Protection Board Friday issued additional guidance on processing air passenger name record (PNR) data under the EU PNR Directive.
Sign up for a free preview to unlock the rest of this article
Passengers provide PNR data to airlines, which includes names, travel dates, itineraries, seats, baggage, contact details and payment methods.
In June 2022, the European Court of Justice (ECJ) upheld the validity of the PNR Directive, which permits collection of passenger data for use in the prevention, detection, investigation and prosecution of terrorist offenses and serious crime.
However, the ECJ ruled that to comply with the EU Charter of Fundamental Rights, the directive had to be interpreted as including several limitations to the processing of personal data, the board noted.
The high court laid out several elements that national laws adopting the PNR Directive must comply with, the EDPB said. These included limiting data collection to the purposes set out in the directive, and applying the PNR system only to terrorist offenses and serious crimes having an objective link with carrying passengers by air.
Friday's guidance includes practical recommendations such as how European countries should select flights from which PNR data is collected and how long data should be retained, the EDPB said.
In a 2022 statement after the judgment, the EDPB said that interpretation of the most critical aspects of the PNR judgment was key to harmonizing regulations across the EU.