• Data Economy

    Why solving the PNR dilemma could help find a new balance between privacy and security

    In the overflow of ongoing debates about security and privacy in Europe, the discussion over an EU wide passenger name record system (PNR) is most telling of Europeans’ data-schizophrenia. But interestingly enough, going beyond the PNR controversy, coul [read more]
    byGuillaume Xavier-Bender | 20/Apr/20156 min read
    FacebookTwitterGoogle+WhatsAppEvernotePocketKindle ItBufferLinkedIn

    In the overflow of ongoing debates about security and privacy in Europe, the discussion over an EU wide passenger name record system (PNR) is most telling of Europeans’ data-schizophrenia. But interestingly enough, going beyond the PNR controversy, could also propel Europe into a new era of security, prosperity and privacy.

    It’s always a strange feeling, and it happens more often than not within the EU. From the moment you walk into the airport to the moment you exit your arrival terminal, it may happen that no one has asked you at a single time during your journey to show an ID.

    You scanned your QR code to access the departure gates, you scanned it again to go through security and then to board, you flew and crossed one or multiple borders, you exited the plane, walked through baggage claim without stopping, and then customs, and you are in another country.No one ever asked you for an ID, and when flying, it is always a strange thought to have that the passenger sitting next to you might not be the person whose name is on the ticket.

    Reality, though, is much different. Passenger information collected by airlines is accessible to law enforcement authorities who can ‘pull’ names of suspected terrorists or criminals. But suspects need to already be on a list for the system to work impermeably.

    With rising concerns throughout Europe that terror attacks may be the act of EU citizens radicalized and trained abroad, many argue for a system that would allow drawing patterns and pre-empting the worse from happening.

    It was in this spirit that an EU-U.S. PNR agreement was adopted as soon as 2007, providing a framework for the transfer of EU air passengers’ personal data to the US authorities. With such a system, airlines ‘push’ passenger information to law enforcement authorities, who are then able to identify ‘unknown’ suspects.

    Put bluntly: after analysis of their data (travel dates, itinerary, baggage and payment information, etc.) passengers can become suspects; they get on the list.

    Understandably, for security purposes, such a tool can be very useful. It makes sense between allies, and the EU has signed such agreements with Canada and Australia too. It makes even more sense between EU countries; something that has yet to be achieved.

    But understandably as well, such tool raises a number of questions when it comes to the type of data collected, the authorities who will have access to it, the duration of retention of the data, and the risks such profiling could present to individual fundamental rights.

    In the aftermaths of the Paris terror attacks of January 2015, it made renewed sense in Europe to push for a single EU wide PNR. While member states can perfectly design their own systems – and some already have – such fragmentation defeats the purpose of ensuring the same high level of security and privacy to all EU citizens in all EU countries.

    In a resolution that put an end to a long standing stalemate between EU institutions, members of the European Parliament called in February for progress to be made by the Commission and member states on issues related to data retention and data protection, with a view to adopt an EU PNR legislation by the end of the year.

    Reform of data protection rules and adoption of a necessary and proportionate PNR system should therefore be done in parallel. Such conditionality is risky on many levels. But it could also give a much awaited boost to discussions in Europe on data retention and data privacy.

    In addition, finding the right balance in the EU PNR legislation could prove valuable for negotiations with partner countries. On April 1st, Mexico could have started imposing fines of up to $30,000 per flight to European airlines if it was not given sufficient guarantees that an EU-Mexico PNR agreement would soon see the light of day.

    The EU agreed to do so, and the deadline was pushed back to July 1st. Mexico’s muscle flex is not surprising in the current global security context. Other countries, such as Japan and Korea, have asked for the same in past, and could potentially resort to the Mexican precedent.

    As it now stands, the debate over PNR in Europe reaches far beyond the borders of the EU. It reaches to the core fundamentals of both individuals and nations: liberty and security. “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety”, cautioned Benjamin Franklin.

    Perhaps, but when it comes to personal information, the assumption of an inevitable trade-off between security and privacy should not be the norm.

    The mere idea of such a trade-off makes it virtually impossible for policymakers or citizens to move forward constructively.The EU should on the contrary work towards increasing collective security by raising the standards in the protection of privacy. And the parallel discussions over PNR provide an ideal framework to do so before the end of the year.

    We still may not know who is really sitting next to us on the plane after that, but someone definitely will.


    photo credits: Jessica Keating Photography
    FacebookTwitterGoogle+WhatsAppEvernotePocketKindle ItBufferLinkedIn