The European Union is planning a comprehensive expansion of passenger data collection. These new EU Passenger Name Record regulations are aimed at increasing security and improving border controls. In future, airlines are to be obliged to do so, PNR data for all flights - whether from third countries to the EU, from the EU to third countries or within the EU.
The information collected includes passenger names, itineraries and contact details. Last year, 121 million sets of passenger data were recorded, which represents a significant increase compared to the previous year. This expansion raises questions about the Privacy and has been criticized by data protectionists.
The EU Commission argues that these measures are necessary to reduce irregular migration and identify potential security risks at an early stage. Nevertheless, the balance between security and privacy remains a challenge that needs to be mastered.
Key findings
- Extension of PNR data collection to all flights to, from and within the EU
- Recording of names, travel routes and contact information
- Significant increase in data records collected compared to the previous year
- Objectives: Improvement of border controls and identification of security risks
- Data protection concerns remain and require careful consideration
Background to the EU passenger data regulations
The EU passenger data regulations have undergone significant development in recent years. They form the basis for the Transfer of personal data in air traffic and are an important component of the Safety regulations.
What is passenger data?
Passenger data, also known as Passenger Name Records (PNR), comprises up to 60 data points per traveler. This information includes:
- Names and contact details
- Itineraries and payment details
- Seat information and baggage details
This contrasts with API (Advanced Passenger Information) data, which originates from official documents and is considered verified.
Origin of the regulations
The EU PNR Directive was introduced in 2016 to combat terrorism and serious crime. Since 2018, airlines have had to transfer extensive data records of their passengers to state authorities. However, the European Court of Justice restricted its application in 2022.
The EU Commission is currently planning to expand data collection to improve border management and internal security. This includes
- Reduction of the data retention period to six months
- Introduction of a list of offenses for PNR-relevant offenses
- Judicial reservation for search requests in the PNR database
These new regulations have been met with criticism as they could restrict anonymity when flying within the EU. The challenge remains to strike a balance between safety and Privacy to find.
Important changes in the new regulations
The new EU regulations on Passenger data monitoring brings with it significant changes. The Passenger data storage is becoming more comprehensive and detailed. These adjustments are aimed at increasing security and identifying potential risks at an early stage.
Extended data acquisition
The Passenger data monitoring is now extended to all flights within the EU. Previously, it only applied to flights to and from third countries. In addition, the storage period for passenger data will be significantly extended:
- Previous storage period: 30 days
- New storage period: 2 years
This expansion enables a more comprehensive analysis of travel patterns and potential security risks.
Adjustments in data processing
The processing of passenger data is now more targeted. Instead of a general review of all data, the analysis is based on specific risk assessments. This is intended to comply with the ruling of the European Court of Justice and Privacy strengthen.
| Aspect | Old regulation | New regulation |
|---|---|---|
| Flight coverage | Only flights to/from third countries | All EU flights |
| Data storage | 30 days | 2 years |
| Data processing | General review | Risk-based analysis |
These changes in the Passenger data monitoring and Passenger data storage pose new challenges for authorities and airlines. They have to adapt their systems and ensure data protection at the same time.
Objective of the new regulations
The EU has adopted new regulations on passenger data collection. These are aimed at increasing security and improving Border control to improve. The Travel data evaluation is intended to help detect suspicious travel movements and curb irregular migration.
Safety aspects
The new regulations stipulate that passenger data will be stored for 48 hours. In special cases, the retention period can be extended to up to five years. This is intended to support the fight against terrorism and serious crime.
Border controls and migration
The Border control benefits from the expanded data collection. In future, airlines will have to transmit API data to national authorities. This includes passengers' names, date of birth, nationality and passport details.
| Data type | Content | Intended use |
|---|---|---|
| API data | Name, date of birth, nationality, passport details | Border control |
| PNR data | Travel and seat details, contact details, luggage, means of payment | Risk assessment |
The EU Commission is planning to set up a centralized system for the Travel data evaluation to be developed. This is intended to standardize the exchange of data in the EU and increase the efficiency of border controls. Airlines will be given a two-year transition period to implement the new requirements.
Who is affected by the regulations?
The EU Passenger Name Record regulations have far-reaching effects on various players in the aviation industry. Airlines, tour operators and passengers are equally affected. The new regulations aim to increase security, but also pose challenges for data protection.
Airlines and tour operators
Airlines and tour operators are facing new obligations. They must record extensive passenger data and transmit it to the relevant authorities. This applies not only to flights from third countries, but also to intra-European connections. The data includes:
- Name and address
- Telephone number and e-mail address
- Credit card number
- Information on in-flight services
- Hotel bookings and rental cars
The implementation of these requirements requires considerable technical and organizational adjustments. Airlines must update their systems and implement processes for secure data transmission.
Passengers and their rights
For passengers, the new regulations mean more intensive recording of their personal data. The data will be stored for a period of up to 15 years before it is anonymized. This raises questions about data protection.
Passengers have the right to:
- Information on data collection
- Information about stored data
- Correction of incorrect information
The trade-off between security and privacy remains a challenge. The European Parliament emphasizes the importance of citizens' fundamental rights with regard to aviation security and data protection.
The implementation of the EU Passenger Name Record regulations requires a careful balance between security interests and the protection of personal data. Both companies and travelers need to familiarize themselves with the new regulations in order to know their rights and obligations.
Implementation deadlines and procedures
The new EU regulations on the collection of passenger data entail important changes. Airlines must prepare for extended requirements for the transmission of PNR data set. The implementation of this Safety regulations takes place step by step.
Time frame for the introduction
The new regulations will enter into force 20 days after their publication in the EU Official Journal. A central router for data transmission will be set up to improve the exchange of information. The EU member states are working on connecting their automated systems.
| Phase | Measure | Time frame |
|---|---|---|
| 1 | Entry into force of the regulations | 20 days after publication |
| 2 | Setting up the central router | In progress |
| 3 | Connection of national systems | Transition phase |
Implementation steps for companies
Airlines must adapt their systems to record and transmit additional PNR data. This now also includes information on passengers' baggage. The data will be forwarded to the authorities before arrival at the EU's external borders.
Strict rules apply to storage: Passenger data is stored in the system for six months. After that, the personal information is deleted. Longer storage is only permitted in cases of suspected terrorist activities or serious criminal offenses.
The EU supports companies in implementing these new Safety regulations financially. The aim is to increase border security and combat serious crime more effectively.
Effects on data protection
The expansion of passenger data collection poses new challenges for data protection. The EU regulations on Transfer of personal data must be brought into line with the strict data protection regulations.
Data protection regulations of the EU
The European Court of Justice (ECJ) has ruled that the Passenger data storage fundamental rights must be taken into account. The storage period was limited from 5 years to a maximum of 6 months. This decision has far-reaching consequences for all EU member states.
Passenger data may only be stored if there is a specific need to avert danger. The use of artificial intelligence in the prevention of PNR data has been prohibited. This shows the EU's efforts to find a balanced approach between security and data protection.
Challenges for companies
Airlines are faced with the task of implementing the new data protection requirements. They have to adapt their systems to ensure the shortened storage period and restricted use of data.
| Aspect | Old regulation | New regulation |
|---|---|---|
| Storage duration | 5 years | Max. 6 months |
| Data scope | Extensive (incl. credit card numbers) | Restricted |
| Use of AI | Allowed | Prohibited in the prevention area |
Implementing these changes requires significant investment in IT infrastructure and training. Companies must ensure that they protect the privacy of passengers and at the same time meet security requirements.
Critical voices on the new regulations
The expansion of EU passenger data regulations has met with considerable criticism. Data protectionists see this as a serious intrusion into citizens' privacy. The Federal Council has already criticized the proposed directive due to excessive costs and data protection concerns.
Concerns about privacy
The planned five-year storage period for passenger data is seen as particularly problematic. This period is ten times longer than the retention period for telecoms data. In addition, 42 data records per passenger are to be stored. This will lead to an enormous collection of data.
The Data Retention Directive is the most privacy intrusive instrument ever adopted by the EU.
Opinions from industry experts
Data protection experts such as Ulrich Kelber warn of a fundamental shift in the handling of ID data. The European Court of Justice (ECJ) has ruled that airlines may only process personal data to the extent absolutely necessary.
| Aspect | Point of criticism |
|---|---|
| Storage duration | 5 years (10x longer than for telecom data) |
| Data records per passenger | 42 |
| ECJ ruling | Only necessary data processing permitted |
Despite these concerns, the resolution on passenger data retention was adopted in the European Parliament by 532 votes to 136. The debate on the correct handling of passenger data and data protection is likely to continue for a long time to come.
Positive aspects of passenger data collection
The expanded passenger data collection brings important advantages for the security and efficiency of air traffic. Supporters see it as an effective instrument for improving the security situation and optimizing border controls.
Improving the security situation
The collection of passenger data helps to strengthen security regulations. By analyzing around 20 different pieces of information such as names, addresses and travel histories, suspicious patterns can be detected. This helps to identify potential threats and prevent crime.
The EU Commission expects the evaluation of this data to shed light on suspicious travel routes and potential terrorists.
More efficient border controls
The collection of passenger data enables more efficient border control. By transmitting the data to central offices in advance, authorities can carry out risk assessments and speed up the clearance process. This leads to shorter waiting times for passengers and improved management of migration flows.
| Aspect | Advantages |
|---|---|
| Security | Early detection of threats, prevention of criminal offenses |
| Border control | Faster processing, improved migration management |
| Privacy | Clear rules for manual review, limited storage period |
Despite the advantages, the measures must be in line with fundamental rights. The European Court emphasizes the need to limit the use of data to what is necessary and to establish clear rules for verification.
Practical tips for travelers
Passenger data monitoring affects every air traveler. It is important that you as a passenger know your rights and know how to deal with the Travel data evaluation can handle.
What should you know as a passenger?
Your personal data is collected and stored during flights. You have the right to receive information about this data. For travel to the USA, certain passenger data must be transmitted at least 72 hours before departure. For flights between Canada and the USA, a valid passport or Nexus card is required.
- Travelers under the age of 18 should carry a birth certificate or student ID with them
- Boarding will be denied without valid identification documents
- Certain Asian nationals can travel through Canada to the USA without a Canadian visa under certain conditions
Sources of information for further questions
If you have any questions about travel data evaluation, you can contact various offices:
| Contact | Responsibility |
|---|---|
| Data protection officer of the airlines | Information about stored data |
| Data protection authorities | General questions about data collection |
| Travel agencies | Current regulations for travel destinations |
Find out about the current regulations before you travel. The European Commission provides up-to-date information on passenger data monitoring online. Use these sources to travel well prepared and safely.
Conclusion and outlook for future developments
The new EU Passenger Name Record regulations mark an important step in the evolution of European security measures. The LIBE Committee has endorsed updated legislation on extended data collection, underlining the importance of these regulations.
Summary of the most important points
The expansion of passenger data collection aims to increase security and reduce irregular border crossings. At the same time, it presents airlines and tour operators with new challenges in the area of data protection. The regulations affect all passengers and require a careful balance between security interests and privacy.
Possible future adjustments to the regulations
It is to be expected that the EU passenger data regulations will be further adapted in the future. The increasing number of irregular border crossings could lead to a tightening of security regulations. At the same time, there is likely to be an increased focus on data protection aspects in order to ensure compatibility with EU law. A continuous review and adjustment of the regulations will be necessary in order to meet the changing challenges.
English 
Deutsch 
Español 
Français 
Polski