The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission


Press Release
Communiqué de presse
Mitteilung f? Presse

Brussels, 26 March 2007


Any future PNR deal with the US must respect fundamental rights and provide for adequate safeguards. These are the main conclusions of the  follow-up PNR workshop held in Brussels on 26th March 2007 in the premises of the European Parliament.

The Article 29 Data Protection Working Party stressing its constructive role in the ongoing discussions on a the future PNR Agreement with the US organised a workshop in Brussels with experts in the field of passenger data to examine the privacy issues of the current Interim Agreement and a future deal. Negotiations on a new long-term agreement covering the flow of data of millions of passengers annually have already started. Participants of the workshop included representatives from the European Commission, the airline industry, researchers and members of the European Parliament. The sessions were chaired by Mr. Stavros Lambrinidis, Vice chairman of the European Parliament' s LIBE committee.

The workshop consisted of three panel sessions dealing with various legal and technical aspects of the transfer of passenger data to the US Department of Homeland Security (DHS).  The workshop aimed to come to a common approach which strikes the right balance between security demands, fundamental rights and economic concerns. Given that more and more countries are considering the use of passenger data for law enforcement and immigration purposes the development of global standards respecting the rights of the travelling public would be considered a major achievement by all stakeholders. When looking for future solutions, economic aspects have to be taken into account as well.

All panellists agreed that any future agreement on the transfer of passenger data must guarantee fundamental rights and should provide for technical and organisational safeguards including a joint review. Bilateral agreements between the US and Member States are no viable solution and a legal gap after the termination of the present deal must be avoided. Legal security is of paramount importance for all stakeholders alike. The issues addressed focused in particular on how personal data should be transferred to US law enforcement agencies in the future. The current Interim Agreement foresees to change from a pull system to a push system as soon as a satisfactory solution has been found. The participants stressed that there are no technical obstacles impeding a push system and that the contracting parties are called upon to find ways to remedy the present situation.

The representatives of the European data protection authorities highlighted also the need for a better information policy by travel agents and air carriers as not all transatlantic passengers are adequately informed about their rights and how their data are processed by the US authorities. Much more can be done to provide the travelling public with more details about the collection and the processing of  passenger data.

There was unanimous consent on the importance and the usefulness of a joint review foreseen in the current Interim Agreement. Such a joint review would help assure the travelling public, could clarify remaining questions prior to the conclusion of the follow-up agreement and would give a signal that the US is taking privacy concerns seriously. Complaints by passengers that they are held at US airports for unjustified reasons must be addressed during such a joint review.

One debate concentrated on the impact a future automated targeting system (ATS), under discussion now in the US and designed to screen passengers, would have on a future deal. Such an analytical tool should not be used in a way which could be incompatible with the current PNR Agreement and questions related to the ATS should be addressed during the ongoing negotiations.  

The panellists discussed also the transfer of passenger data from a technical point of view which is as important as the legal aspect. A privacy enhancing solution where anonymised data are matched with data related to persons on so called watch lists is feasible and should be considered a mid-term goal. 

The results of the workshop, the second following a workshop held in Rome in July 2004, were reported to the European Parliament at their public afternoon hearing which dealt with PNR issues as well as with questions related to the transfer of bank clients' data to US authorities by SWIFT.
Further information on this hearing can be found: http://www.europarl.europa.eu/committees/libe_home_en.htm       

Background Information

The Article 29 Working Party on the Protection of Individuals with regard to the Processing of Personal Data is an independent advisory body on data protection and privacy, set up under Article 29 of the Data Protection Directive 95/46/EC. It is composed of representatives from the national data protection authorities of the EU Member States, the European Data Protection Supervisor and the European Commission.  Its tasks are described in Article 30 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC. The WP is competent to examine questions covering the application of the national measures adopted under the data protection directives in order to contribute to the uniform application of the directives. It carries out this task by issuing recommendations, opinions and working documents.