The IT Law Wiki


In the aftermath of September 11, 2001, the U.S. Congress required the U.S. Customs Service (what would become the U.S. Department of Homeland Security’s Bureau of Customs and Border Protection (CBP)) to require air carriers to provide Customs with access to passenger name records (PNR) for purposes of screening individuals traveling to and from the United States.[1] PNR is originally collected by airlines and airline reservation systems for commercial purposes and then shared with CBP consistent with the Aviation and Transportation Security Act of 2001 (ATSA). PNR information is a critical tool used by the U.S. Customs Service in the screening of travelers to identify individuals of interest who are planning to travel to the United States.

In 2002, following the publication of the U.S. Customs Service interim PNR implementing regulations, the European Commission (EC) advised DHS that th EU Data Protection Directive[2] generally prohibited cross-border sharing of personal data with non-EU countries. Transfers outside the EU could only be made following a determination that the receiving entity in the third country was deemed to have “adequate” data protection standards.

To avoid a potential conflict of laws between the U.S. and EU, DHS and the EU negotiated an Interim Arrangement on PNR. The Arrangement was concluded in March 2003. CBP then issued implementation guidance to its Officers in the field to ensure that PNR data received from Europe was treated consistent with the Interim Arrangement.

On May 28, 2004, the Department of Homeland Security (DHS) and the EU signed an international agreement regarding the processing of PNR, which replaced the Interim Arrangement. The Agreement followed CBP's issuance of a set of Undertakings setting forth how CBP would process and transfer PNR data received in connection with flights between the EU and the U.S. and the subsequent issuance of an Adequacy Finding by the EU concerning such transfers. Under this agreement, the EU agreed to permit airlines operating flights to or from the United States to provide U.S. authorities with passenger name record (PNR) data in their reservation and departure control systems within 15 minutes of a flight's departure (in order to comply with provisions in the Aviation and Transportation Security Act of 2001. As part of the Undertakings, DHS and CBP provided for a Joint Review to take place between the U.S. and EU to examine CBP's implementation of the Undertakings. The Undertakings also created a compliance and complaint resolution role for the DHS Chief Privacy Officer and specified that the DHS Privacy Office should lead an annual review of the Arrangements. This accord was controversial in Europe because of fears that it violated the privacy rights of EU citizens and did not contain sufficient protections to safeguard their personal data.

In December 2004, Congress strengthened DHS's authority for collecting PNR by requiring that, where practicable, the Department should conduct passenger screening before individuals depart on a flight destined for the United States.

In September 2005, the DHS Privacy Office completed its review of the PNR program and issued a public report reviewing CBP's policies and practices consistent with the U.S.-EU arrangement. That review resulted in findings of substantial compliance, but included key areas for improvement. The Report was issued in conjunction with the U.S.-EU Joint Review of the Undertakings on EU PNR held September 2005.

In May 2006, the European Court of Justice (ECJ) responded to a complaint filed by the European Parliament that challenged the legal basis for the PNR Agreement. The ECJ found that the Agreement had in fact been concluded under inappropriate EU legal authority and therefore found the Agreement invalid. EU officials stressed, however, that the Court did not rule that the agreement infringed on European privacy rights.

As a result, the DHS and the EU negotiated and concluded interim agreement in October 2006. The Agreement responded to the ECJ decision and lessons learned from the implementation of the 2004 Agreement. This Interim Agreement self terminated in 2007.

In July 2007, the United States and the EU concluded negotiations on a new, seven-year agreement to ensure the continued transfer of PNR data. U.S. officials appeared pleased with several provisions of this new deal, such as: allowing the U.S. Department of Homeland Security to share PNR data with other U.S. agencies engaged in the fight against terrorism; extending the length of time that the United States can store such data (from 31⁄2 to 15 years ultimately); and permitting the United States to access sensitive information about a passenger's race, ethnicity, religion, and health in exceptional circumstances. The new accord also required airlines to send data from their reservation systems to U.S. authorities at least 72 hours before a flight departs. The United States agreed, however, to reduce the number of fields from which data would be collected, from 34 to 19.[3]

Although the 2007 U.S.-EU PNR agreement was provisionally in force since its signing, the European Parliament had to approve it in order for the accord to be formally signed and remain in force. Many MEPs, however, objected to key elements of the 2007 agreement, including: the amount of PNR data transferred; the length of time such data could be kept; and what they viewed as an inadequate degree of redress available for European citizens for possible data misuse. Some MEPs also worried that U.S. authorities might use PNR data for "data mining" or "data profiling" purposes. At the same time, many MEPs recognized that rejecting the U.S.-EU PNR agreement would create legal uncertainties and practical difficulties for both travelers and air carriers. As such, in May 2010, the EP agreed to postpone its vote on the 2007 PNR deal, calling instead upon the European Commission to present a "global external PNR strategy" setting out general requirements for all EU PNR agreements with other countries; the EP also essentially expected that the EU PNR deal with the United States (as well as similar EU agreements on PNR data pending with Australia and Canada) would be renegotiated to conform to the new PNR standards put forth by the Commission.[4]

In September 2010, the European Commission issued its "global external PNR strategy"[5] and called for the renegotiation of the EU's PNR agreements with the United States, Australia, and Canada. Among other general principles proposed in the "external PNR strategy," the Commission asserted that PNR data should be used exclusively to combat terrorism and other serious transnational crimes, passengers should be given clear information about the exchange of their PNR data and have the right to effective administrative and judicial redress, and that a decision to deny a passenger the right to board an airplane must not be based solely on the automated processing of PNR data.

The Commission also proclaimed that the categories of PNR data exchanged should be as limited as possible and that PNR data should be retained no longer than absolutely necessary. In November 2010, the European Parliament welcomed the Commission's PNR strategy and endorsed the opening of new PNR negotiations with the United States. The EP emphasized, however, that the exchange of PNR data must be both "necessary" and "proportional," reiterated that PNR data must not be used for data mining or profiling, and called on the Commission to also explore less intrusive alternatives.[6]

Although many U.S. officials had been wary about reopening negotiations on the PNR accord, the Obama Administration assented to discussing at least some adjustments, largely in recognition of the fact that the EP was unlikely to approve the 2007 agreement. U.S.-EU negotiations on a revised PNR accord were launched in December 2010. U.S. officials continued to maintain that the 2007 accord sufficiently protected both the data collected and individual privacy rights; they noted that two joint reviews conducted by the U.S. Department of Homeland Security (DHS) and the European Commission since 2004 confirmed that the United States had not misused the PNR data.

U.S. policymakers asserted that any revised PNR agreement must not degrade the operational effectiveness of the current PNR program and should permit further enhancements. U.S. officials also cautioned that any new PNR agreement with the EU must not invalidate bilateral PNR deals that the United States had concluded with various EU member states.[7] In mid-May 2011, resolutions were introduced in the House (H. Res. 255) and passed in the Senate (S. Res. 174) essentially supporting the existing 2007 U.S.-EU PNR accord and urging DHS to reject any efforts by the EU to modify the agreement in a way that would degrade its usefulness in the fight against terrorism.

In late May 2011, the United States and the European Commission concluded negotiations on a revised PNR agreement, a draft of which was leaked to the press. According to U.S. officials, this draft PNR accord contained new innovations to enhance the protection of passengers' personal information. For example, regarding the retention of PNR data, the May 2011 agreement introduced a new provision whereby after six months, portions of a passenger's record would be depersonalized and "masked" (or hidden); it decreased the time that PNR data would be stored in an "active" database; and progressively restricted the number of authorized personnel with access to the data. U.S. officials contended that the draft accord provided greater legal certainty and clarity on a passenger's rights to redress, and affirmed that the United States would not make a decision to deny boarding based solely on the automated processing of PNR data. In addition, it recognized that should the EU in the future develop its own PNR system, the parties would consult to determine if it necessitated making any changes to the existing accord in order to ensure full reciprocity between the two systems.[8]

Despite these revisions to the U.S.-EU PNR agreement], press reports indicated that some MEPs remained unsatisfied. They pointed out that the May 2011 version of the accord still allowed the United States to retain passenger data ultimately for up to 15 years (albeit in a "dormant" state after five years), did not reduce the amount of data transferred (the 19 categories remained the same as in the 2007 agreement), and increased the requirement that airlines transmit the data to U.S. authorities from 72 hours before a flight departs to at least 96 hours. Furthermore, some MEPs worried that the new deal broadened the use of PNR data to more criminal offenses than contained in the 2007 iteration.[9]

In October 2011, the Homeland Security Committee's Subcommittee on Counterterrorism and Intelligence held a hearing on intelligence-sharing and terrorist travel, at which the negotiations on the U.S.-EU PNR agreement figured prominently. U.S. officials testifying at the hearing asserted that the May 2011 draft of the PNR accord was stronger than the 2007 version, preserving and in some cases improving its operational effectiveness. At the same time, they noted, it addressed all concerns raised by the EU, including those pertaining to data security and protection, the scope of offenses covered, and the right of passengers' to redress.[10]

Nevertheless, in an effort to further assuage European concerns, U.S. and EU negotiators continued to work on revising the PNR accord. In November 2011, the United States and the EU concluded a new draft PNR agreement, which the European Commission asserted contained "real improvements" over the version leaked in May. Although the November 2011 iteration was similar to the May 2011 version and retained many of its same provisions, two further changes were included that were aimed at meeting EU demands: limiting the use of PNR data specifically to terrorist or other serious transnational crimes that could result in three years or more in prison; and varying the retention time depending on the type of crime under investigation (data would still be retained ultimately for 15 years for terrorist investigations, but only 10 years for investigations into other types of crimes).[11]

In December 2011, EU member states approved the new Agreement Between the United States of America and the European Union on the Use and Transfer of Passenger Name Records to the United States Department of Homeland Security, although Germany and Austria abstained because they still viewed the data retention and redress provisions in the new accord as insufficient. Some MEPs shared these concerns, maintaining that the additional changes in the November 2011 PNR accord were largely cosmetic and that it should therefore be rejected. Other MEPs backed the new agreement, noting European Commission arguments that the accord contained stronger data protection guarantees than the 2007 version. A number of MEPs asserted they would vote for the 2011 accord despite some misgivings regarding the data privacy safeguards because in their view, it was better to have an agreement providing the airlines with legal certainty than no agreement at all (the Commission contended that should the Parliament reject this latest version of the PNR agreement, the United States had made clear there would be no further negotiations).[12]

On March 27, 2012, the European Parliament's Civil Liberties Committee endorsed the November 2011 U.S.-EU PNR agreement by a vote of 31 to 23. On April 19, 2012, the full Parliament approved the PNR accord by a vote of 409 to 226, with 33 abstentions.


  1. Aviation and Transportation Security Act of 2001, Pub. L. No. 107–71 (Nov. 19, 2001), codified at 49 U.S.C. §44909(c)(3)).
  2. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Off. J. of the EC of 23 November 1995, No L.281 at 31.
  3. Paul Lewis & Spencer Hsu, "Travelers Face Greater Use of Personal Data," Wash. Post (July 27, 2007).
  4. James Kanter, "Europe Acts on Privacy Front," Int'l Herald Tribune (Apr. 7, 2010); "EP Suspends Vote on PNR," Agence Europe (May 6, 2010).
  5. Communication from the Commission on the Global Approach to Transfers of Passenger Name Record (PNR) Data to Third Countries, COM/2010/0492 (Sept. 21, 2010).
  6. EP Resolution P7_TA-PROV(2010)0397 (Nov. 11, 2010).
  7. "Will Napolitano Change 2007 PNR Accord?," Europolitics Transport (Oct. 12, 2010); Edward Cody, "Armed with New Treaty, Europe Amplifies Objections to U.S. Data-sharing Demands," Wash. Post, (Oct. 26, 2010); "MEPs Assent to Talks on Airline Passenger Information-sharing," Agence Europe (Nov. 13, 2010).
  8. Although the European Commission first floated establishing an EU PNR system in November 2007, progress has been slow because of different member state sensitivities about privacy rights and counterterrorism practices. In February 2011, the Commission presented a new proposal for an EU-wide PNR system that would oblige airlines to transfer the PNR data of passengers on international flights into and out of EU territory to the member state of arrival or departure, but would not apply to intra-EU flights (viewed as more controversial for some EU members and the EP).
  9. Alan Travis, "U.S. To Store Passenger Data for 15 Years," The Guardian (May 25, 2011); Statement by U.S. Ambassador to the EU, William Kennard, on the U.S.-EU PNR Agreement (May 26, 2011).
  10. House Committee on Homeland Security, Subcommittee on Counterterrorism and Intelligence, "How DHS Addresses the Mission of Providing Security, Facilitating Commerce and Protecting Privacy for Passengers Engaged in International Travel" (Oct. 5, 2011).
  11. "EU-US PNR Agreement," Agence Europe (Nov. 11, 2011); Valentina Pop, "Unhappy MEPs To Approve Passenger Data Deal," (Nov. 11, 2011).
  12. "In’t Veld Says EU-US PNR Agreement Should Be Rejected," Agence Europe (Feb. 2, 2012); "PNR Agreement Will Not Be Renegotiated, Warns Malmstrom," Europolitics Transport (Feb. 20, 2012); "MEPs Divided Over EU-US PNR; S&D Very Cautious," Agence Europe (Feb. 29, 2012).

See also[]