On Tuesday 28 January, Bulgarian MEP Nikola Minchev (Renew Europe), rapporteur on the draft agreement between the EU and Canada regarding the transfer of air passenger data, called on his colleagues on Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) to quickly approve the agreement sealed between Toronto and the European Commission last October (see EUROPE 13497/5).
With the LIBE Committee set to vote on the issue on 18 February, the Bulgarian defended a balanced text, having been endorsed by the European Data Protection Supervisor and taken into account the grounds for invalidation in 2017 by the Court of Justice of the EU, which at the time had judged the text contrary to fundamental rights (see EUROPE 11837/2).
Under the terms of the new agreement, air passenger data transmitted to authorities by airlines would be kept for a maximum of 5 years in exceptional cases, for example for profiles presenting a risk to EU security.
Article 16 stipulates that “the maximum retention period of five years shall be accompanied by an obligation to delete the data after the passenger’s date of departure, unless a risk assessment indicates a link on the basis of objective elements from which it may be inferred that the PNR data might make an effective contribution to fulfilling the purposes of the Agreement, in addition to the obligation for Canada to review its assessment every two years”.
Article 17 stipulates that any use of PNR data “for purposes other than security and border control checks shall be subject to prior review by a court or by an independent administrative body”. And “subsequent transfers of PNR data to other government authorities will be subject to appropriate safeguards and, in the event of disclosure outside Canada, will be limited to countries which have concluded a comparable agreement with the EU or which have been the subject of an adequacy decision by the European Commission” (Article 20).
In terms of safeguards, the draft agreement stipulates that “the processing of sensitive data (...) is explicitly prohibited [and] if the Canadian Authority would receive such data, it is obliged to delete it”.
In addition, individuals will be notified about the use of their PNR data and will be able to access (only) their PNR data and will have a right to correction, a right to appeal and a right to information.
While the rapporteur received support from the EPP and PfE groups, which consider the agreement balanced and likely to prevent terrorist risks in the EU or to detect patterns of serious crime, the S&D and Greens/EFA groups, like Birgit Sippel (S&D, German) and Tineke Strik (Greens/EFA, Dutch), expressed reservations.
Ms Sippel explained that her group continues to have concerns about the five-year retention of data in high-risk situations, which she asked to be clarified. Article 17 and the use of PNR data for purposes other than border security and terrorism also raise questions within the S&D group.
The Greens/EFA MEP said that the agreement is not yet entirely convincing - it is uncertain that it addresses all the concerns raised by the Court of Justice of the EU. The MEP also asked for clarification on the five-year rule and the passenger data that can be retained after departure from Canada.
The European Commission representative defended a very solid text of the agreement and concentrated on the provisions relating to the agreement’s regular evaluation by both parties. He assured that the draft agreement’s logic is also very clear, with a five-year retention period in exceptional cases only.
Link to the draft recommendation: https://aeur.eu/f/f9l (Original version in French by Solenn Paulic)