EU external strategy on Passenger Name Record (PNR) (debate) 
President
The next item is the statements by the Council and the Commission on the European Union's external strategy on the Passenger Name Record (PNR).
Annemie Turtelboom
Madam President, honourable Members, I believe that the importance and necessity of Passenger Name Record (PNR) data have become clear in recent years. We need only think of the attacks in New York, and also of the failed attack on the flight from Amsterdam Schiphol to Detroit. Of course, in the last few days, too, we have noticed that the threat levels have remained very high.
We need only look at information coming in from several Member States, and also the increased threat levels in a number of countries, such as France and Spain. My home country, too, has increased the threat level for certain places, and a travel alert was also recently received from the United States. I believe that the Commission and the Presidency have worked very hard in the PNR field in the last few months.
The current state of affairs is as follows. On 21 September, the Commission informed the Council about EU policy on the transfer of passenger data to third countries. It also presented three draft negotiating mandates for the conclusion of agreements with Canada, the United States and Australia, all three with identical content.
Therefore, the Council held discussions immediately, on 7 October, regarding these drafts - the method and timing of the three mandates - and decided that all three mandates should indeed have identical content, that the Council would adopt them at the same time, that they would start at the same time, and that the negotiations with the United States, Canada and Australia should start by December of this year at the latest.
Looking at the content of the mandates and of the PNR agreement, the Council is aware that the most important thing with regard to the three agreements is ensuring a sufficiently high level of data protection. In my opinion, our foreign partners, too, must obtain a guarantee that their personal data enjoy sufficient protection. Indeed, we have always required this when concluding agreements with other countries. The European Union has always focused on this, including in its previous agreements with countries.
Indeed, I should like to point out that one of those previous agreements - the one with Australia - was once described as the most data protection-friendly agreement of the year. Therefore, I believe that the European Parliament is right to impose stringent data protection requirements. The Council will therefore ensure that the data protection requirements continue to be respected, and will certainly also ensure, in particular, that the principle of proportionality will always be respected, in order to prevent any infringement of the right to protection of privacy.
Therefore, in the text of the negotiating mandates, the Council has also placed a strong emphasis on the importance of Articles 7 and 8 of the Charter of Fundamental Rights of the European Union. In addition, these mandates lay down retention times and duration of access to PNR data that are proportional and limited.
This requirement has been highlighted even further by taking into account the various ways in which PNR data can be used. Back data can be used only reactively, current data can be used in real time, and risk profiles, in particular, will be drawn up for proactive use.
With regard to the risk models, we are aware that the European Parliament is very concerned about such 'profiling'. Therefore, the Commission will clarify in great detail in its proposal what exactly is meant by 'profiling'. In addition, the Presidency will ensure that risk assessments can never result in stigmatisation of persons of a certain ethnic origin.
I should like to add two comments in my brief introduction: 1) PNR data may indeed only be used by the airlines and thus, not by the Member States' authorities themselves, and, of course, their use by the airlines is subject to permission from the European Union. 2) The Presidency, too, is aware of the importance Parliament attaches to the general agreement between the EU and the United States in the field of data protection. I would refer in this connection to the debate you have just held in this House with my colleague, the Minister for Justice.
In this brief introduction, I should like to make it clear that, whilst these PNR data are a real priority of the Council's, the Council also really wants to take the utmost account of Parliament's justified concerns with regard to striking the good balance between privacy and security that is always needed. I do think that recent events and threats keep forcing us to face the facts. Madam President, I shall, of course, be at Parliament's disposal at any time - not only today but also in the next few weeks - to continue the debate on PNR data and on the mandates.
Cecilia Malmström
Member of the Commission. - Madam President, on 21 September, the Commission issued a package of proposals on the exchange of passenger name records data with third countries and that consisted of a communication on EU external PNR strategy with some principles, as you requested in your resolution from May earlier this year. There were also three recommendations on negotiating directives for new PNR agreements with Canada, Australia and the US. I would like to thank the authors of the May resolution for the excellent team work we have had and the very constructive cooperation on this file and your constructive way of finding solutions to move forward within the new institutional framework.
The objective of the communication is to establish for the first time a set of criteria and principles that would guide us in our external relations concerning PNR. We can use that as a method for communicating with third countries, but also define our own policy with that. The communication will, of course, seek to achieve coherence with the EU PNR that will be presented at a later stage.
The directive has not been adopted, that is, the mandate has not been adopted by the Council yet, but the mandates, of course, follow the structure of the general communication.
The issue of profiling was raised by the Belgian Presidency as well. Risk assessment is an issue that I know comes up very often in the discussions and that is why I have chosen to raise it immediately. The concept of profiling is not, in itself, defined in any legal instrument, but that does not mean that we do not have laws on it. The data protection instruments address it, but call it 'Prohibition of Automated Processing': that means that EU data protection legislation prevents any individual from being subject to a decision which produces legal effects concerning him or her, or significantly affects him or her, and which is based solely on the automated processing of data. It is not prohibited to process data in an automated matter, but decisions which legally affect individuals must not be taken in an automated manner.
The PNR communication highlights these principles and lays down efficient and effective measures to safeguard the interest of data subjects. In particular, any automated decision should be verified by a human being and allow the data subject to explain his or her point of view. This means that the final decision taken towards a person can never be taken in a fully automated manner. In this way, the communication seeks to ensure that the processing of data does not go beyond what is legitimate and that the processes comply with fundamental rights, including our current data protection rules.
You have also requested the Commission to clarify the state of play on bilateral agreements and memoranda of understanding relating to the visa waiver programme. I will try to enlighten you a little bit on this. In August 2007, the US passed the implementing recommendations of the 9/11 Commission Act and a section of this covers the modernisation of the visa waiver programme. The terms and conditions of this law affect all EU members, independent of whether they are in the visa waiver programme or not.
On the EU side, this act led to a twin-track approach agreed by the Council in March 2008. The EU track concerns the negotiations between the EU and the US regarding conditions for access to the US and, indeed, to the visa waiver programme. That falls under EU competences - repatriation of own nationals, enhanced travel document security and airport security. This resulted in an EU-US agreement confirming that the EU satisfies these conditions.
We also had the bilateral track: bilateral negotiations between the EU and between the US and Member States to satisfy US conditions for access to the visa waiver programme which fall under the Member States' competence as opposed to EU competence. That is, cooperation with the US on serious crime, counter-terrorism initiatives and information sharing in these areas.
Under this bilateral track, a number of Member States initially signed a memorandum of understanding with the US. This memorandum was not intended to be, in itself, a legal base for any exchange of data. They confirmed a willingness of the parties to negotiate agreements on passenger information, screening information on known or suspected terrorists, information to combat terrorism and serious crime, and information, migration and border security matters.
According to the information that the Commission has just gathered from the Member States, eight Member States have signed such a memorandum of understanding with the US.
After the signature of these memoranda, the US and some Member States have negotiated two types of agreements. First, agreements on enhancing cooperation in preventing and combating serious crime: that concerns cooperation on matching of fingerprints and DNA samples. Fourteen Member States have identical agreements with the US.
Secondly, agreements on the exchange of screening information concerning known or suspected terrorists: these concern exchange of specific information about individuals who are suspected or known terrorists, namely, their full name, their date of birth, passport and citizenship. Ten Member States have such agreements. But let me add that none of these bilateral agreements cover PNR data. The exchange of PNR data only takes place under the EU-US agreement.
Following the entry into force of the Lisbon Treaty and the abolition of the former pillar structure, all conditions for the US visa waiver programme now fall under EU competence. The Commission is right now evaluating whether the twin-track approach agreed in 2008 should be updated following the entry into force of the Lisbon Treaty. I will, of course, keep you fully informed about this.
The Parliament resolution also refers to the EU-US cooperation on one-stop aviation security. This is the responsibility of Vice-President Kallas who is Transport Commissioner. He has been pursuing negotiations with the US transportation security administration to exempt US-originating passengers at EU airports from rescreening. This should improve efficiency at EU airports without compromising security. Vice-President Kallas has kept the Committee on Transport and Tourism of this House informed about these issues.
It is important to underline that this issue is very much distinct from PNR. The one-stop cooperation aviation security is not about transfer of personal data and it does not concern information processing with respect to the pursuit of suspected criminals or terrorists, so as such, we will not raise it in the PNR negotiations.
To conclude - and I am sorry to be a bit long but I think this needed to be clarified - I would like to note that the Council will, as the President-in-Office from the Belgian Presidency said, adopt the negotiating mandates very soon. I am committed as always to keeping you informed about the progress in all the negotiation stages. It has already been decided that we will conduct negotiations in parallel with all three countries, but they will not necessarily be completed at the same time.
I know that this is of particular interest to your House and I therefore remain at your disposal to discuss this now and with the relevant committees and with the other Members whenever you wish to do so.
Axel Voss
Madam President, tomorrow's vote on Passenger Name Records would not have been necessary had we here in Parliament been taken more seriously and kept better informed by the Commission and the Council on the subject of the forwarding of data by the EU and its Member States to third countries since the SWIFT decision. If interinstitutional relations continue in this way, there is a risk that we will end up in the same psychological situation with the US in respect of PNR as was the case with SWIFT. Nobody wants that, and I also think it would be very dangerous. Nonetheless, we must still make the effort to resolve this.
When it comes down to it, what I feel is missing here is a clear concept of what exchange of data is required in order to prevent terror; we can then adopt a position on the basis of this. First SWIFT, then PNR; then came the memorandum of understanding with national databases being accessed; then a framework agreement with the US; then the amendment of our own data protection amending act; now we want to install this programme for one-stop security - it all seems rather piecemeal to me.
Moreover, we need to clarify or find out once and for all what data the US actually needs to prevent terror, as well as how we can assist with this and bring it about. What we have seen so far is a kind of salami tactics, and that is damaging.
I know that there has been a break as a result of the entry into force of the Treaty of Lisbon, but it is even more damaging for us if the Council and Commission do not keep us informed of these processes.
I am therefore asking the representatives of the Council and the Commission for five things. Firstly, please develop a sensible concept that sets out comprehensively and conclusively what the exchange of data for the purposes of fighting terrorism involves. I also ask you to bring about coherence in the EU on matters relating to the forwarding of data and not to divide these into national and European matters. I also ask that the competence for decisions on these matters be set at a general European level and for the opportunity to take into account that we may prefer to conclude PNR agreements with Canada and Australia. Finally, I request that the process be speeded up, because the terrorists are constantly revealing where our security is lacking - just as recently in the case of freight transport.
Birgit Sippel
Madam President, in a globalised world, terrorism and crime are, unfortunately, also globally organised, and therefore we know that we need to cooperate internationally and need to exchange data. I am very pleased to hear that both the Commission and the Council consider that citizens' rights and data protection are both matters to be accorded very high priority. However, that does not mean that Parliament can rest on its laurels, since issues such as retention periods, data volumes and purpose limitation, as well as controls and whether protective clauses can really be implemented in the area of data protection, will remain critical points. In this sensitive area, what we need is not blind checks, but more trust.
The terms on which data is exchanged must therefore also be set at a particularly high level, since it is not just a matter of specific agreements with Australia and the US; a number of other countries such as Korea and India also already want to have PNR agreements with us. For this reason, too, it is very important that we build in particularly high security standards at this point. The same applies to the forwarding of data to third countries. Here again, we must examine very carefully the terms that we want to incorporate.
At the same time, when discussing PNR data, we also need to look beyond this. What is the point of keeping the volume of data as low as possible when negotiating on PNR if the US, as a countermove, announces that it wishes not only to levy an entry fee, but also to collect additional data from passengers?
We also have a problem within the European Union. What is the point of agreeing the highest possible standards and attempting to limit data volumes if, at the same time, bilateral agreements are being concluded without us having any knowledge of their content and security standards? Mrs Malmström has said that this is not about PNR data, but rather that all data that is collected should apparently serve the purpose of fighting terrorism and combating crime. I would therefore like to end by making one more request: what we need is not just good provisions on the individual measures, but also at last to take an overall view of all the measures, all the data that is transferred by the EU and the Member States. We need to be quite clear about this: we will never achieve one hundred percent security, however many measures we take and however much data we collect. That is a fact that we have to face up to.
Sophia in 't Veld
on behalf of the ALDE Group. - Madam President, I would like to thank the Commissioner and the Minister for their introductions. I very much welcome the very cooperative attitude of the Commission and the Council. We have had examples in the past where the cooperation was less intimate. I think that this example shows that, if the three main institutions can reach an agreement, we can speak with a single voice on behalf of 500 million citizens - and that is a very powerful voice.
The resolution has been tabled jointly by six political groups, meaning that this Parliament is sending a very strong political signal. I would also like to thank all the shadow rapporteurs of the other groups for their very good cooperation. There is one point which the Commissioner and the Minister did not address in their presentations: the issue of proportionality and necessity. Both the Council and the Commission still claim that the massive - not ad hoc - collection and storage of PNR data is necessary and proportional in view of the fight against terrorism. I am willing to believe them, but this claim has to be substantiated: we need proof of necessity, proof of proportionality. Why? The proportionality test is not a political test; it is a legal test.
European data protection laws require the collection and storage of data to be proportional and necessary. This is not something that we can agree on politically; it is something that has to be proven in court. If somebody goes to court and the court rules that these agreements are not watertight, then we look like idiots. The European Parliament cannot be asked to endorse something which is open to legal challenge. That is a key issue.
There are some other things which need clarification. I am pleased to hear that the Commission is looking into the profiling issue, but I think that we need some further discussion on that. Some of the Member States are proposing a sunset clause. I would, of course, wholeheartedly endorse that; I hope that the Council decides to introduce that. Finally, the European Commission refers to good relations with third countries, but these agreements cannot be seen as instruments of international diplomacy. They are instruments of international cooperation in law enforcement and protecting civil liberties and the rule of law. We need to get it right now, because we are not only negotiating with the US, Canada and Australia, but also setting a model and example for agreements with other countries.
Jan Philipp Albrecht
Madam President, Mrs Malmström, ladies and gentlemen, we, as Parliament, will tomorrow adopt a joint resolution which once again emphasises our concerns regarding the exchange of passenger name record data. Why will we do so? We will do so because we have been raising points of criticism for several years, but we have the feeling that insufficient attention has been paid to them in the current negotiations, and because it is important to us that this criticism is taken into account from the outset so that this agreement will at least have a chance of ultimately receiving approval here in Parliament.
There are three principal points of criticism, and Mr Voss has also already mentioned some of them. First of all, it is important and necessary to understand that we want a common European approach and not different data exchange measures with different provisions on data protection. It is therefore important to make it clear that a uniform solution should be found to this with the contracting parties at European level.
The second point - and this is even more important - is that all of this is above board and in accordance with the legal basis in the treaties. As Parliament, we have made it clear many times that we reject the use of passenger name record data for profiling purposes, and long storage times are incompatible with constitutional law. For us, that means that the proactive and reactive use of passenger name record data is actually out of the question as a matter of principle. This must be made clear in the mandate and also in the negotiations in order for it to be possible, ultimately, for Parliament to grant its approval.
Philip Bradbourn
on behalf of the ECR Group. - Madam President, PNR is, as has been acknowledged, an important tool for national security. It is a key component in the battle to keep us safe, not just in the air, but on the ground. However, PNR must only be a tool to combat terrorism. It must not become a free licence for the retention of data by governments or their agencies.
Therefore, we must deeply consider who we allow access to this data and why; not just to which country but which agencies. What benefits will there be to us from their access to it? How will it be protected by them and, importantly, how can we be assured that it remains so? We must also be certain that all arrangements with third countries are mutual so that we too can benefit. PNR is an important weapon in ensuring we protect ourselves against such terrorism, but it is not the only weapon: pragmatism and proportionality should be key to every decision we make in this House; the subject of passenger name records is no different.
Rui Tavares
When discussing this Passenger Name Record (PNR) agreement, we all remember what happened in the case of SWIFT; it has already cropped up several times in this debate. The case of SWIFT was a telling one. We may disagree about SWIFT itself, and we certainly voted differently in this Chamber, but we are all agreed on one thing: we have learned a great deal about what to do and what not to do.
About what to do: we learned that Parliament must speak very firmly in defending the privacy interests of 500 million citizens. This time, moreover, the fact that we have six political groups participating in writing a resolution means that we intend to use the voice of Parliament in a clearer and more united way.
Yet we also know a lot about what not to do. At this stage of the negotiations on PNR, we can still use what we have learnt. This is clearly that the Council should prepare its mandate, which we will read very carefully; the Commission should conduct the negotiations, as it is the negotiator; and Parliament should have the final say. However, at the same time, what we have learnt is much more than that. It is obvious that Parliament should be kept informed at all stages, but at this juncture, I appeal directly to the Commission: the Commission could also accept Parliament's ideas during the course of this process. I recall that with SWIFT, for instance, it was Parliament's idea to have a supervisor in Washington. In the course of this process, Parliament is bound to have many ideas that should be included in the negotiations without, of course, trampling on the prerogatives of the Commission, but the fact is that Parliament will have the final word, de facto and de jure, on this negotiation, and it will certainly use it.
There is also one thing that I believe we should not forget in this process, which we have, at times, forgotten, namely, that these data are personal data. This means that we are dealing with loaned data belonging to members of the public, as we say in our resolution when talking about the concept of informational self-determination. This means that at all moments in this process and during the use of such data in the future, they will have to have direct access to what is being done with their data.
Jaroslav Paška
At present, personal data on our citizens is being transferred to the United States on the basis of various agreements. Of these, it is particularly the bilateral agreements and memoranda of understanding concluded between certain Member States and the US that are giving rise to serious concerns over breaches of the data protection rights of European citizens.
It is therefore a good thing that the European Commission has turned to the European Council with a request to begin talks between the EU and the US on the creation of a new framework agreement on the transfer and processing of personal data for the purposes of preventing, investigating, detecting or prosecuting crime, within the framework of police and judicial cooperation in criminal matters.
Commissioner, in the negotiations with our American friends, however, we must insist that the new framework agreement is balanced and correct with regard to the rights of EU citizens in the area of personal data protection. It would also be a good thing if the new framework agreement were to amend the current bilateral agreements, which are incorrect and which, in many cases, infringe the personal data protection rights of our citizens.
Daniël van der Stoep
(NL) Madam President, the Dutch Party for Freedom (PVV) is very much in favour of measures that could help in the fight against terrorism, and Islamic terrorism in particular. The PVV also attaches great importance to protecting the privacy of Dutch citizens and takes the view that, where these interests clash, they need to be carefully weighed up against each other.
The United States can have some of our passenger data, but on three conditions. The first is that these data be used only in the fight against terrorism. The second is reciprocity. American airlines must also ensure that European authorities are sent these data, as happens the other way round. The data should be provided not to a European agency but rather to the authorities of the European Member State that is the aircraft's transit or final destination.
The third condition is that the data transferred be non-discriminatory. The United States and, thus, also European countries, can request all data that has been provided voluntarily by passengers. I emphasise the word 'voluntarily'. Data on religion, ideology, address, telephone number, credit card number and data from a person's passport may be provided, but my party takes the view that data not provided voluntarily by passengers, such as data on sexuality, ethnic origin or disability, must not be provided.
Madam President, I should also like to reiterate why these measures are necessary. Let us be clear that they are not necessary to combat Christian or Buddhist terrorism. Regrettably, these measures are necessary because of the threat to the free world posed by Islam. It is about time the Members of this House grasped this at long last.
Agustín Díaz de Mera García Consuegra
(ES) Madam President, freedom and security are essential elements for the implementation of any current democratic legal structure, in which freedom uses security as the most valued tool for protection.
The transfer of Passenger Name Record (PNR) data to third countries is an essential element of the transnational fight against terrorism and organised crime. It should be based on scrupulous compliance with EU rules on the protection of personal data, as laid down in Articles 7 and 8 of the Charter of Fundamental Rights and Article 16 of the Treaty on the Functioning of the European Union. For this reason, we must welcome the communication from the Commission on the global approach to transfers of PNR data to third countries and its recommendations that the Council authorises the opening of negotiations in this area with Australia, Canada and the United States, as both instruments take up Parliament's concerns regarding security, defending fundamental rights and protecting personal data.
However, it should be pointed out that PNR data cannot be used for profiling, which is why the Commission sought to clarify - in my view, successfully - the differences between the expressions 'risk assessment' and the aforementioned profiling.
Moreover, the Commissioner said that checking will be done by humans rather than being automated. Well, we will see what happens.
Madam President, we need a single, general, legally binding agreement to protect personal data. This top-level agreement must be implemented through sectoral agreements in order to combat terror and organised crime.
As regards the need, Madam President, it is obvious. As regards proportionality, it must, in all cases, be an inalienable requirement.
Juan Fernando López Aguilar
(ES) Madam President, I would like to join with those in Parliament who have supported the usefulness and timeliness of this recommendation by the Commission to the Council to negotiate to establish a framework agreement for data transfer and the protection of personal data between the United States and the European Union. I would also like to express my support for an accommodating approach, so that this framework agreement covers not only all future agreements on transfers of data between the European Union and the United States, but also bilateral agreements between the United States and each of the Member States in the context of judicial and police cooperation.
Secondly, I would like to join those in Parliament who have expressed regret and rejection regarding the measures adopted by the United States authorities to introduce administrative fees under the Travel Promotion Act which therefore increase the costs of travel and, consequently, the movement of people, through the Electronic System for Travel Authorisation.
In practice, this amounts to a tax and to reintroducing visas, on top of the exclusion of the visa waiver for Romania, Poland, Bulgaria and Cyprus, and therefore means a two-tier system and double standards in the treatment of the Member States. We therefore call on the Commission to make it a priority to express its rejection of these measures and to also consider the option of reciprocating.
Thirdly, however, I would like to say that the importance of the Passenger Name Record and the legal agreement between the European Union and the United States lies precisely in the fact that they have to combine data protection with data exchange, and therefore guarantee the principles that are in Parliament's resolutions and which will be in the resolution that we adopt tomorrow: the need to strengthen the proportionality principle and the necessity principle, the minimisation of unnecessary data and, of course, purpose limitation. These principles ensure that there is a balance between freedom and security, because freedom is one of Parliament's commitments. Security is, however, now one of the European Union's objectives, as the Commissioner herself acknowledged.
We therefore call on you to incorporate this commitment to strengthen the guarantee of privacy and fundamental human rights into future air security actions, into data protection for the Passenger Names Record, into the review of security checks, and into the current debate on the introduction of security scanners in airports.
Judith Sargentini
(NL) Madam President, we are well aware that we are always running behind society somewhat. Developments happen, and policy and legislation follow later. The fact that the format now includes civil rights requirements to be observed by a Passenger Name Record (PNR) agreement is very sensible, but it does show that we keep running behind developments. The previous debate, regarding the framework agreement on data protection, was another illustration of this.
My fear is not that this list, which looks good, now exists and is being used; my fear concerns the preservation of the various bilateral agreements between Member States and other countries. I have a question for Mrs Turtelboom of the Council, therefore, and that is whether she can guarantee that these are definitively at an end? I wish to advise the negotiators to take the European Convention for the Protection of Human Rights and Fundamental Freedoms along in book form, place these fundamental rights beside them on the table when they are about to start negotiating, and make regular reference to them.
Marie-Christine Vergiat
(FR) Madam President, once again, we are being asked for an agreement concerning the protection of European citizens' data when it is transferred to the United States and which is also applicable in Canada and Australia. In this House, we are all very committed to the safety of our fellow citizens. The debate is not about that.
Yes, our fellow citizens have a right to security, but they have a right to it in all areas, including legal certainty. We know that in the name of combating terrorism in particular, many safeguards to which all citizens are entitled have been jeopardised and that quantity has all too often taken precedence over quality.
I would like to congratulate our rapporteur on the work she has done, which is along the right lines, particularly when she emphasises the issues of necessity and proportionality. I would willingly add to that the issue of reciprocity. When it comes to defending human rights, however, the United States is far from being a model, and we know that European citizens do not enjoy the same protection there as in Europe and that a number of them are regularly subjected to what I would call administrative harassment - and what is worse - on the grounds that they are suspected of being terrorists. What does this mean? Worse still, what will happen to these guarantees when the data is transferred to third countries, especially with a view to prevention?
We know that 80% of this data has already reached the United States. The statements I have just heard are, regrettably, far from reassuring.
Monika Flašíková Beňová
(SK) The European strategy on the provision of personal data on travellers is an important step towards the harmonisation of legislation in this area. The existence of a number of parallel legislative initiatives shows the need for consistency. It must be said, however, that this strategy has a number of shortcomings, particularly in the area of personal data protection, as has been mentioned here several times.
The Commission document recently published in September also criticised the European Data Protection Supervisor. I agree with the part of the criticism which relates to levels of necessity and authorisation concerning requests for a particular type of data. In my opinion, we need to place strict limits on the possibility of data being used to create profiles and estimate risk.
Such data handling requires greater justification than is contained in the actual text and, at the time, we must better specify how to prevent data being misused.
I would now like to mention a couple of examples from other agreements, including an agreement between the EU and the US concerning the provision of passenger data to the American Department of Homeland Security. The agreement includes a controversial comparison between this data and data from databases on immigrants. I do not know, but in my opinion, this condition does not correspond to the aim of the agreement, which is to combat terrorism and serious crime.
It will therefore be essential for us to avoid such controversial errors when formulating these agreements in the future, and I hope that the Commission will manage that, as we definitely cannot consider the current document to be satisfactory, particularly in the area of personal data protection.
Salvatore Iacolino
(IT) Madam President, Minister, Commissioner, ladies and gentlemen, listening to the significant contributions that have so far been offered by my fellow Members, there is no doubt that the need to reach a reasonably quick understanding on defining this framework agreement on the Passenger Name Record constitutes a strong stimulus from Parliament.
Starting from the premise that there is currently no homogenous legislative framework in force - and this certainly contrasts strongly with the real and perceived need to fight terrorism with aggressive, robust measures, balancing privacy and security - one must consider that actions to guarantee security can be effectively realised through international cooperation. At the same time, as was seen some time ago in Parliament when we approved the SWIFT project, we definitely need to bear in mind the Council's negotiating mandate, but also the significant contributions that Parliament will also be able to offer in a context where the fight against illegal immigration can be assured through the framework agreement.
Petru Constantin Luhan
(RO) At a time of great mobility, we cannot enjoy security without an efficient exchange of data. It is our duty to protect our citizens against terrorist attacks and organised crime. However, a balance needs to be found between security and privacy. I welcome the fact that the European Parliament's resolution emphasises that PNR data cannot be used for profiling. I believe that the partnership between the US, Canada and Australia, on the one hand, and the European Union, on the other, can offer the ideal solution for combating terrorism and organised crime.
I think that both sides need, first of all, to find common ground on understanding what is involved in achieving this objective. We must bear in mind that Europeans, by their very mentality, attach particular importance to respect for their privacy. The EU cannot give its consent to this until every detail pertaining to the security of the data being transferred between the parties involved is clarified.
Ioan Enciu
(RO) The strategy being proposed marks a step forward in terms of how to approach future agreements in this area. It is important that a balance is struck between protecting privacy and fundamental rights and the need to combat terrorism. If the strategy is applied in the way it is presented, it will provide firm, enforceable guarantees concerning respect for the rights which European citizens enjoy within the European Union. As Commissioner Malmström has assured us, profiling will not be possible through automatic processing of the data supplied. We hope that this is the case, because this was one of our concerns, as was also the data storage period.
Although we are not talking about personal data, I basically believe that it is ultimately a matter of citizens' right to privacy. This is why a process for making administrative and legal appeals also needs to be provided for citizens affected by the misuse of this data input. Transfers of PNR data to third countries must be carried out on a case-by-case basis and only with the European Union's explicit consent.
Angelika Werthmann
(DE) Madam President, the way that the Commission has put its global approach to transfers of passenger name record data to third countries up for discussion is to be welcomed, particularly before negotiations with third countries get under way. That shows that it has learnt from past methods. As has already been said many times with regard to ACTA and SWIFT, here, too, I have huge concerns with regard to data protection standards. However, in this case, it is essentially about the handling of data with which the authorities, for example, intend to identify possible accomplices of suspects. At first sight, this is something entirely beneficial, but on further consideration, it is a very serious assumption to place European citizens under general suspicion on the basis of meagre circumstantial evidence. Would we actually supply the names and data for this purpose?
Andrew Henry William Brons
Madam President, I am not, of course, in favour of the European Union assuming the right to conclude treaties at all. However, I will endeavour to look objectively at the principles governing treaties about PNR. The approach taken to weigh the two sometimes contradictory needs of privacy and security is essentially sound. People have a right to keep details of their lives confidential, but authorities have not only a right, but a duty, to safeguard the lives of their peoples. If only terrorists and serious criminals wore black hats and displayed sinister sneers, those two needs could be satisfied simultaneously.
However, the Union does allow its own ideological inhibitions to get in the way of achieving the right balance. I can understand its reluctance to reveal unnecessarily information about people's origins or opinions. Where this has no connection or even correlation with terrorism, that inhibition is a healthy one. However, in an era in which a particular section of the population is disproportionately involved in terrorism - and that section might change - I see no objection against profiling of that population.
Cecilia Malmström
Member of the Commission. - Madam President, the terrorist threat is still there and we need to address it. We have lots of tools to do so, but changing and sharing of information is key to doing this. We have PNR agreements. I already have seen strong evidence that PNR is essential to identify and to prevent terrorist attacks. We will make sure that this evidence is provided to the European Parliament with concrete examples, both from the three countries we are discussing and from the subsequent EU PNR. This is essential to enable you to assess this properly and to discuss it with your voters.
We should exchange PNR, but that should not be done without rules. We need to have the relevant information, to be able to join the dots and to have clear rules. We need to define the scope, the retention times, to have a high level of data protection and the possibility of redress for the individual. We need to have clear rules on third-country transfer and we need to be proportionate. All this is in the communication from the Commission and I am very happy to see that, although the details might vary, your communication is very much in line with this.
These are the issues that will be subject to negotiations with our three partners; they will be difficult, yet ambitious on our part. My goal is to do this together with the Council and with the EU's other three institutions, so that the institutions can speak with one voice and be a clear partner in this.
From the beginning, I have tried to involve Parliament and to engage in an open and transparent way with it, with its relevant committees, the rapporteurs, the shadow rapporteurs, the coordinators and so on, and will continue to do so. I undertake that, at all stages of the negotiations, once they have begun, I will keep you fully and immediately informed, to have an open discussion and to listen to your views. Although the Commission will lead the negotiations, I am willing to discuss with you and to inform you and have good cooperation with you on this.
Annemie Turtelboom
Mr President, at all events, I should like to start by saying that, as Minister for Home Affairs, I know that we have managed to prevent potential attacks all too often through the exchange and interpretation of information. This is precisely what makes this debate and the conclusion of a sound Passenger Name Record (PNR) agreement so important, of course.
I know that the Commission faces a very difficult task as soon as the mandates have been adopted by the Council; it will have to open the actual negotiations and strike a balance between what everyone here wants - that on which there is a broad consensus - namely, the protection of personal data, on the one hand, and, on the other, the clear tenor here in this assembly that says: we need these PNR data, we have a frequent need for information, precisely in order to protect us against terrorist attacks, for example.
However, I am pleased that the European Parliament, the Council and the Commission are on the same wavelength and have the same balance at the back of their minds: a balance between data protection and security for which we all bear responsibility. I think we have now reached the point at which we can adopt the mandates. Afterwards, there comes the difficult job of the actual negotiations; we must ensure that we do not deviate too far from our mandate and that we continue to define that balance ourselves at all times.
I should like to address a number of specific questions, such as the comment on the sunset clause. It is indeed important to point out that this mandate is valid for seven years, that it will be assessed after four years and that, if the agreement should be concluded and also adopted here, an extension will only be possible following a debate here in Parliament; which I think is logical. This is not a real sunset clause, but it does very strongly resemble one in terms of the deadline and of the assessment after four years.
In addition, the Council's conclusions rightly state that we set very great store by Articles 7 and 8 of the Charter of Fundamental Rights of the European Union - indeed, comments have been made on the subject - and we must continue to guarantee these. Of course, it is important to all of us - and this is also in the mandate - that an independent body be established to which individuals can make a complaint if they notice that their data have been used wrongfully or for other purposes.
Finally - and this will be a very difficult point - the question of profiling, and of course we all want risk assessments. After all, risk assessments can be carried out on the basis of the data gathered to enable the right decisions to be made. On the other hand, of course, it is imperative to prevent the stigmatisation of certain ethnic groups, even though one group may have been advocating it here. I believe we want absolute freedom from ethnic stigmatisation. I believe that this, too, is one of the fundamental rights we all enjoy as European citizens, and particularly in my role as President-in-Office of the Council, I wish to make sure that we do not end up in such a situation.
President
The debate is closed.
The vote will take place tomorrow, Thursday, 11 November 2010, at 12:00.
Written statements (Rule 149)
Vilija Blinkevičiūt
Parliament aims to strengthen the procedures for the transfer of passenger name record (PNR) data to third countries. Special attention should be paid to the protection of passengers' personal data. Law enforcement agencies can use the data provided by passengers to investigate crimes committed and assess risk. In the resolution, Parliament therefore emphasises that people's right to access information and their right to privacy must be safeguarded. Furthermore, Parliament wants the transfer of data to comply with European data protection standards. It is very important to introduce enforceable standards on the protection of personal data, which would guarantee the protection of fundamental human rights and freedoms. Independent government institutions on both sides of the Atlantic must be responsible for the application of these standards. Parliament agrees with the Commission's recommendation to open negotiations for an agreement between the European Union and the United States of America on protection of personal data when transferred and processed for the purpose of preventing, investigating, detecting or prosecuting criminal offences, including terrorism. To ensure effective cooperation between the institutions, the Commission should update the European Parliament at every stage of the negotiations on personal data protection.
Ágnes Hankiss
in writing. - (HU) Is the EU truly able to receive the intelligence data arriving from the United States? The motion for a resolution on the Passenger Name Record (PNR) is welcome, since it seeks to promote an agreement between the United States and the European Union based on a balance between security and data protection. There is one point on which I feel it is inadequate. In agreement with Mrs Reding in her emphasis on a culture of reciprocity, I would like to raise the question: if we really consider it important that data exchange be reciprocal - that is, that we should not only give but also receive from the United States information relevant to the prevention of terrorism - then it is not enough simply to submit a wish list to the USA but, in practice, we need to create or name the EU body that is capable of receiving and processing the intelligence data received from the USA while, at the same time, ensuring uniform access to the information by the Member States. This problem has already come to the fore in relation to the SWIFT agreement enshrining the transfer of data on bank transactions, but it has not been resolved since that time. It would have been fortunate if the motion had emphatically drawn attention to this imminent task as well.
Andreas Mölzer
In recent years, more and more fundamental rights have been curtailed in the name of combating terror. The rationality of this is often dubious. While passengers are searched almost down to their underwear and are not allowed to carry nail files or deodorant in their luggage, checks on freight are often left to the shippers themselves. If this changes in future, the balance between freedom and security must be preserved because, in the case of passenger checks, this has already been lost, and thus, as the hysteria surrounding terrorism subsides, the requirements are relaxed once again.
Just as questionable is the issue of whether, in the case of travel to the US, the FBI needs to know someone's name, address, email address, credit card number and baggage number and be permitted to store this data for up to 15 years. In future, if someone arouses slight suspicion in the United Kingdom, for example - not on account of religious affiliation, where there is a proven terrorism connection - but is suspicious because they fly at short notice, possibly without luggage, and pay in cash, then, for the transfer of passenger name record data, and not only to the US, at the very least there should be a general right to complain and to take legal action and the data should not simply be stored in perpetuity. Of course, the data must only be stored for a specific purpose. If fundamental rights are infringed in order to provide a sense of security, the infringement must be as small as possible and the rights of those affected must be reinforced.
Nuno Teixeira
The Commission has presented a range of proposals on the exchange of Passenger Name Record (PNR) data with third countries and on the opening of negotiations on the agreements with Australia, Canada and the US. The establishment of general principles on PNR is one of the tools for preventing transnational crime and terrorism. However, it raises concerns about the protection of civil liberties and fundamental rights. The PNR database is provided by passengers during the reservation and check-in process, allowing the authorities in charge to investigate crimes committed in the past, prevent new crimes and carry out risk analyses. This security instrument is now used with third countries, leading to the need to establish the legal security of the data. These proposals focus especially on the modes of PNR data transfer, on standards for monitoring the correct implementation of the PNR agreement, and on its reciprocity. Parliament supports the Commission's recommendations and the opinion of the European Data Protection Supervisor, while stressing that passengers' privacy must not be violated and that these data should be used solely for their intended purposes.
Georgios Toussas
The joint motion for a resolution proves once again that the European Parliament, like all the EU institutions, represents a serious danger to grassroots freedoms and democratic rights. The resolution uses the pretext of terrorism and the 'need for anti-terrorist cooperation' between the EU and the United States to justify keeping general records on all passengers travelling from the EU to the United States, Canada and Australia. Empty talk about so-called personal data protection guarantees is the European Parliament's excuse for approving the execution of an agreement between the EU and the United States on passenger records, which it has hypocritically presented as unacceptable to date. In this joint motion for a resolution, the political spokesmen of capital, cheek by jowl with the opportunists, are insultingly deceiving the public with talk of an agreement that will, apparently, contain personal data protection guarantees. No agreement and no guarantee can safeguard the protection of personal data, when they are being handed over to and are at the mercy of the secret services and the repressive mechanisms of the United States and other countries. The Greek Communist Party voted against this unacceptable resolution and calls on the public to step up their fight against the EU and its anti-grassroots and repressive policy, which is striking at social, democratic and fundamental human rights.
Zbigniew Ziobro
One of the greatest threats the world has faced in recent years is the asymmetric war against terrorism, along with the threats arising from the growth in international organised crime. It will be impossible to create an effective protective umbrella against this hazard unless Europe and the US cooperate to this end. Exchanging information is a key aspect of this cooperation, and this is why PNR is an absolutely essential element of joint security. It is important to bear in mind, however, that its effectiveness depends solely on the exchange of data with the US being entirely reciprocal. I hope, too, that adoption of the agreement will speed up ratification of the agreements between the US and the European Union on the visa waiver programme, which will make it possible for US visas to be abolished, inter alia for Polish citizens.
