Despite privacy concerns and doubts over its usefulness, a plan to track passengers entering or leaving the European Union in a series of national databases is likely to become reality by the end of the year.
The call to build national databases of so-called passenger name records (PNRs) has become louder since the recent terror attacks in Paris in which 17 people were killed. EU countries have argued that storing data about who has flown where, and when, would help law enforcement with the prevention, detection, investigation and prosecution of terrorist offenses and serious transnational crime.
The plan is for airlines to send data collected during reservation and check-in procedures, including travel itineraries, ticket information and contact details, to an authority of the relevant country. That authority would be responsible for analyzing the data and sharing its analysis with other competent authorities, including those in other countries.
While some countries, such as the U.K., already have a PNR database, others don't, and there is no system in place to share that information. EU heads of state and government agreed during an informal meeting on terrorism on Thursday to go ahead with the plans for an EU wide system.
"We have agreed on new priorities in the fight against terrorism. What is needed most is agreement on the exchange of passenger records within the European Union. We need this soon," said Donald Tusk, president of the European Council, the institution that is composed of EU heads of state and governments, in a news release.
The heads of states urged EU legislators to urgently adopt a strong and effective European PNR directive with solid data protection safeguards.
Data protection is a key issue here. An earlier proposal to introduce a system to exchange passenger data between EU countries was rejected by the European Parliament, one of the EU legislative bodies, in 2013 out of concern that it would violate fundamental rights. But since the attacks, the European Commission has been working on a compromise to convince the Parliament to go ahead with the plan, promising better privacy protection.
This seems to be working. Ahead of the Council meeting the Parliament adopted a resolution on Wednesday in which it pledged to work "towards the finalization of an EU PNR directive by the end of the year." The Parliament wants to ensure though that data collection and sharing is based on a coherent data protection framework offering legally binding personal data protection standards across the EU.
Opponents of the flight database plan have questioned its legality since it has a similar law enforcement goal to an EU directive invalidated by the EU Court of Justice (CJEU). The court invalidated the Data Retention Directive, which required communications providers to retain information about the destination and duration of communications, because it interfered with fundamental privacy rights.
Sign up for CIO Asia eNewsletters.