PURPOSE: to conclude an Agreement between the European Union and Australia on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the Australian Customs and Border Protection Service.
PROPOSED ACT: Council Decision.
BACKGROUND: Australian legislation empowers the Australian Customs Service to require each air carrier operating passenger flight to and from Australia to provide it with electronic access to Passenger Name Record (PNR) data prior to the passenger arriving or leaving Australia. The requirements of the Australian authorities are based on the Customs Act 1901, the Customs Administration Act 1985, the Migration Act 1958, the Crimes Act 1914, the Privacy Act 1988 and the Freedom of Information Act 1982. This legislation aims at obtaining PNR data electronically in advance of a flight's arrival and therefore significantly enhances the Australian Customs Service’s ability to conduct efficient and effective advance risk assessment of passenger and to facilitate bona fide travel, thereby enhancing the security of Australia.
The European Union in cooperating with Australia in the fight against terrorism and other serious transnational crime views the transfer of data to Australia as fostering international police and judicial cooperation which will be achieved though the transfer of analytical information flowing from PNR data by Australia to the competent Member States authorities as well as Europol and Eurojust within their respective competences.
The European Union signed an agreement in 2008 with Australia on the transfer and processing of PNR data based on a set of commitments by the Australian Customs Service in relation to the application of its PNR programme.
Following the entry into force of the Lisbon Treaty and pending the conclusion of the agreement, the Council sent the 2008 Australia Agreement to the European Parliament for its consent for the conclusion. The European Parliament adopted a resolution in which it decided to postpone its vote on the requested consent and requesting a renegotiation of the Agreement on the basis of certain criteria (see RSP/2010/2657). Pending such renegotiation, the 2008 Agreement would remain provisionally applicable.
On 23 September 2010, the Council received three recommendations from the Commission to authorise the opening of negotiations for an Agreement between the European Union and Australia for the transfer and use of Passenger Name Record (PNR) data to prevent and combat terrorism and other serious transnational crime. On 11 November 2010, the European Parliament adopted a resolution on the Recommendation from the Commission to the Council to authorise the opening of the negotiations. On 2 December 2010, the Council adopted a Decision, together with a negotiation directive, authorising the Commission to open negotiations on behalf of the European Union. It is now proposed to conclude the Agreement.
IMPACT ASSESSMENT: no impact assessment was undertaken.
LEGAL BASIS: Articles 82(1)(d) and 87(2)(a), in conjunction with Article 218 (6)(a) of the TFEU.
CONTENT: the proposal aims to conclude the Agreement between the European Union and Australia on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the Australian Customs and Border Protection Service.
PNR and basic principles of the Agreement: to recall, PNR is a record of each passenger' travel requirements which contains all information necessary to enable reservations to be processed and controlled by air carriers.Air carriers are under an obligation to provide the Australian Customs Service with access to certain PNR data to the extent it is collected and contained in the air carrier's automated reservation and departure control systems. However, the data protection laws of the EU do not allow European and other carriers operating flight from the EU to transmit the PNR data of their passengers to third countries which do not ensure an adequate level of protection of personal data without adducing appropriate safeguards. Accordingly, a solution is required that will provide the legal basis for the transfer of PNR data from the EU to Australia as a recognition of the necessity and importance of the use of PNR data in the fight against terrorism and other serious transnational crime, whilst avoiding legal uncertainty for air carriers. In addition, this solution should be applied homogenously throughout the European Union in order to ensure a legal certainty for air carriers and respect of individuals' rights to the protection of personal data as well as their physical security.
Safeguards: the Agreement has secured several important safeguards for those whose data will be transferred and processed. In particular, the purpose of processing of PNR data is strictly limited to preventing, detecting, investigating and prosecuting terrorist offences and serious transnational crime. Individuals are provided with the right to access, correction, redress and information. The data will be transferred using exclusively the 'push' method and the use of sensitive data is prohibited.
Retention period: the retention period of the PNR data is limited and the data will be depersonalised after a certain period.
Compliance: compliance with these rules shall be subject to independent oversight by the Australian Information Commissioner.
Fundamental rights: the Agreement respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union, notably the right to private and family life, the right to the protection of personal data, and the right to effective remedy and fair trial.
The United Kingdom and Ireland take part in the adoption of the Decision.
BUDGETARY IMPLICATIONS: the proposal has no implications for the EU budget.