EU's zombie data-grab plan climbs out of coffin
EU Parliament split over blanket data retention for air passengers
The European Parliament is divided over new efforts to revive a plan to slurp citizens' travel info.
The Passenger Name Records (PNR) system was thought dead after the parliament rejected it in 2013, but following the Charlie Hebdo attack national governments have again insisted that the only way to prevent such tragedies is to get even more access to personal data.
Conservative MEP Timothy Kirkhope was told to have another go at creating a text that the parliament could agree on. He published his revised report yesterday.
The proposed PNR system would allow law enforcement to store all the information collected by airlines about their passengers throughout the EU.
Kirkhope insists his changes take into account the civil liberties concerns raised by other MEPs. But those opposed to PNR retention on principle say he is just tinkering at the edges and the whole plan is fundamentally flawed.
Among Kirkhope's proposals:
- Narrowing the scope of the system to terrorism and "serious transnational crime" (but there is a very long list of what constitutes "serious transnational crime")
- Ensuring that sensitive data is deleted and other data masked after 30 days (a document recently leaked from the European Commission suggested pseudonymisation [replacing personal data with pseudonyms] after just seven days)
- Reducing the data retention period for "serious crime" to four years, while keeping it at five years for terrorism
- Requiring every country to appoint a data protection supervisory officer
Kirkhope rightly predicted that "there are bound to be members in the committee who are still not satisfied with this report and probably never will be."
"Without a European PNR system, we will begin to see national governments going it alone," Kirkhope said in a statement. "The result would be a patchwork of PNR systems with holes in the net, which criminals will exploit, and lower standards of data protection. We will work with haste, but we also plan to get this right so that we have a well-balanced system that protects liberties and lives."
Dutch MEP Sophie in 't Veld told El Reg that "this is emphatically NOT a new proposal," saying, "I really see no reason to basically restart the whole process on exactly the same basis. A bit like saying to Parliament, 'You voted, but you got it wrong. Just keep voting until we get the outcome we want'."
"The required evidence for necessity and proportionality is not something to be negotiated between politicians, but it has to be provided by the experts in the field. We need to facts and figures, demonstrating that PNR data are necessary. Other travel data are already available, such as API [advanced passenger information, including passport and ticket information] and SIS [Schengen Information System], and more. Which gap does PNR fill?"
German MEP Jan Philipp Albrecht was also annoyed with the latest offering. "Kirkhope shows up with almost the same proposal the European Parliament had rejected in April 2013 because of disproportionality," he said. "He still wants blanket data retention of all air passengers flying in the EU for five years."
The report will be discussed by the Committee on Civil Liberties, Justice, and Home Affairs in the European Parliament on Thursday morning. ®
Sponsored: Becoming a Pragmatic Security Leader