Passenger Name Record

from Wikipedia, the free encyclopedia

In a Passenger Name Record ( PNR ) to German PNR , all data and processes are some recorded electronically to a flight booking (even hotel or car booking) and over a certain period after the end of the flight still in the computer reservation systems stored.

General

After the initial data entry has been completed, the respective computer reservation system issues a unique reservation code, the record locator . Under this reservation code, every processor connected to the relevant reservation system can open and process this flight reservation again.

As a passenger , you can use this reservation code to view and print out your personal flight booking (see booking a hotel or rental car) on specially configured pages on the Internet . However, not all data is visible to the passenger with these options.

Different data is saved depending on the reservation system. Since the attacks of September 11th, many states have also increasingly asked for personal data to be stored in a PNR, especially the United States of America , but also the United Kingdom. In September 2010, the European Commission presented a proposal for the EU's external strategy on the transfer of Passenger Name Information (PNR). This defines the principles for the exchange of PNR data with third countries.

According to a report by the FTD, the legal service of the Council of Member States warned in an opinion that the Directive as proposed was open to challenge because it would restrict the right to privacy and the protection of personal data too much.

Data in a PNR

In general, the following data can be found in a PNR history (recording):

  • Date on which the PNR was first created and subsequent changes
  • Flight specific data:
    • Flight day (s) and route (s), so-called segments
    • Flight number (s)
    • Flight times (information in local times)
    • Flight duration
    • Aircraft (type designation of the aircraft used)
    • Booking class (the airline assigns a name to each flight tariff in order to be able to calculate the correct tariff later)
  • First and last name of the passenger (s) (several people can be saved on a PNR, provided they fly the same flight days and routes)
  • Home address and telephone number of one or more passengers
  • Address and telephone number at the destination in order to be able to reach a passenger if the flight plan changes
  • Payment method, e.g. B. a credit card number and expiration date of the credit card
  • bill address
  • Frequent flyer entry (limited to miles flown and address (es))
  • Name of the booking agency ( travel agency , IATA issuing office, commercial register office, etc.)
  • Booking clerk
  • Codeshare information: if an airline other than the one specified by the flight number operates the flight
  • The passenger's travel status: which routes have already flown and which are still ahead of him
  • Information about the splitting / sharing of a booking: If one or more passengers are separated again after the initial conclusion of a PNR, for example because they now want to fly a different route, all the data does not have to be re-entered, but rather you "split" (share) the PNR into an original PNR and a split PNR
  • E-mail address
  • general remarks
  • Information about ticket issuance (ticketing)
  • Data about the air fare
  • Ticket issuance dates
  • Seat information: which status (on request, confirmed, etc.) and then the seat number
  • Baggage tags numbers
  • History of missed flights ( no show )
  • Passengers with a ticket but without a reservation ( go show )
  • special service requirements e.g. B. with regard to food (kosher, vegetarian etc.), so-called OSI and SSI / SSR ( Sensitive Security Information / Special Service Requests ) elements
  • Information about the client ( received from )
  • all changes to the PNR with date, time and action ( PNR history )
  • Number of travelers in the PNR
  • any APIS information ( Advance Passenger Information System )
  • ATFQ fields (automatic tariff query)
  • possibly all data belonging to a rental car or hotel booking (bonus accounts of individual hotel or rental car chains, etc.)

Passenger name data storage in Germany

With the law on the processing of passenger data to implement Directive (EU) 2016/681 (Passenger Data Act - FlugDaG), passenger data has also been stored in a database by the Federal Criminal Police Office since 2018 . The airlines transmit the passenger data for all scheduled, charter and taxi flights that are not used for military purposes and which

  • take off from the Federal Republic of Germany and land in another country or
  • start from another country and land in the Federal Republic of Germany or stop over.

Background and criticism

It is completely open to what extent the USA will use and store the collected data. According to EU parliamentarians, EU data protectionists recently criticized the PNR agreement as a step backwards. In principle, it is to be criticized that the guarantees for the protection of personal data are "considerably lower than those of the previous agreement and that important questions and deficits are not addressed".

Until 2007, airlines in the EU countries released 34 detailed pieces of information per passenger to the US authorities, which are officially allowed to be stored for three and a half years. The information contained not only names, dates of birth and flight, but also credit card information, special catering requests, further bookings for hotels or rental cars as well as e-mail addresses and telephone numbers. The former Federal Data Protection Officer Peter Schaar criticized the ARD Morgenmagazin on the occasion of the Berlin Round : “These 34 data fields are too many”. He referred to efforts in the USA to save the data for up to 30 years instead of three and a half years. The biometric data, which are collected with a fingerprint and a face photo directly upon entry as part of the US VISIT program, would already be archived for 99 years. Schaar also complained that the US authorities had direct access to the airlines' booking systems. This has to change. Schaar also criticized the fact that a review of the data collected by the USA should actually take place every year, but so far this has only been successful. The parliamentary manager of the FDP Ernst Burgbacher commented on the subject as follows: "The current situation without a clear legal regulation can no longer be accepted"; in an agreement, the European data protection standards would have to apply.

The European Court of Justice had already ruled in 2006 that there was no suitable legal basis for the transfer of air passenger data by EU member states to the USA and that the transfer of data violated EU law. The European Parliament had previously in 2004 against a closed on 28 May 2004 agreement to share data between the EU Commission gone and the United States to court.

For this reason, the EU Commission and the USA agreed on an interim agreement on passenger data transfer. This interim agreement builds on the agreement repealed by the ECJ and essentially only contains the change that in future passenger data will not be requested automatically ("pull procedure"), but will only be released after request ("push procedure").

The EU Parliament also feared that the passenger data could be misused for industrial espionage under the guise of combating terrorism . In the Bundestag, too, opposition politicians recently called for the information transmission to be strictly earmarked and for storage periods to be kept to a minimum. All parliamentary groups in parliament called on the government to ensure an adequate level of data protection in a new agreement, "especially when it comes to limiting data transfer and earmarking".

In 2007, a new agreement was created that reduces the number of data records transferred to 19 instead of the previous 34, but extends their storage period from 3 to 15 years. The USA will still not have to make do with less data: "It's a little mummery," admitted an EU diplomat. "The reduction from 34 to 19 data fields comes about because various data elements such as identification data are merged without changing the scope of the data," complained Peter Schaar . According to Schaar, the agreements on the PNR as well as the agreements on the access of US authorities to transfer data of the SWIFT network are "inadequate compared to the requirements of European data protection law". In many cases, they would also lag behind the previous regulations. Beyond the extension of the storage period with partial online access, it should be critically examined whether the derivation of any legal claims is guaranteed in the event of use of the data contrary to the contract. It is also regrettable that no independent data protection supervision has been agreed. Alexander Alvaro , internal political spokesman for the Liberals in the EU Parliament, criticized the fact that the negotiations had completely bypassed the representatives of the people and that the US had put the gun on the chest with threatened landing bans for European airlines. US diplomats repeatedly urged their EU negotiating partners to point out that if terrorists were to travel through Europe, the transatlantic partner would be partly to blame. The green member of the Bundestag Omid Nouripour appealed to the member states to stop the present agreement on passing on the PNR. Otherwise the European Court of Justice would have to be brought in again.

In March 2012 the European Parliament voted in favor of the transatlantic agreement on the transfer of air passenger data . The USA may continue to store PNRs for an initial 15 years. The airline information can be stored anonymously for an unlimited period of time. The rapporteur of the EU Home Affairs Committee Sophie in't Veld commented on this as follows: Not only has the storage duration of the data, which also includes credit card and telephone numbers, IP addresses or special meal requests, been increased to "infinite" in fact. In addition, this could Department of Homeland Security (DHS) continues to auto-sync and computer search perform and create personal profiles. Legal protection for EU citizens is also insufficient. Both the EU data protection officer Peter Hustinx and the " Article 29 group " of European data protection officers had made it clear that the outcome of the negotiations did not meet the basic rights here. In't Veld found the planned control by Brussels "a joke". US authorities are already pulling data from the airlines' reservation systems up to 82,000 times a day. Little will change in that with the agreement. In addition, many other countries including China and Saudi Arabia would ask for the same access rights in the future. Jan Philipp Albrecht , interior expert for the Greens , warned of an “open breach of the law”. The contract allows an automated data comparison with hazard profiles. The planned " data retention of up to 15 years" is not proportionate. Cornelia Ernst von den Linken sees the "elementary right to the protection of personal data being undermined". There is no serious legal remedy , rather it becomes a "legal obstruction".

At the same time it became known that the EU also wants to collect and save passenger data on intra-European flights in the future. Passenger data is to be stored in full for two years. They are then kept “anonymously” for a further three years and destroyed after a total of five years. However, anonymized data can also be reconstructed under certain conditions. Federal Data Protection Officer Peter Schaar said: "All of these initiatives are about registering travelers more and more seamlessly and comprehensively, storing and linking the resulting data for a longer period of time without the individual having any reason to do so."

With a motion for a resolution on November 25, 2014, the European Parliament launched an examination of the EU - Canada agreement by the ECJ for the compatibility of the agreement, in particular with Art 16 TFEU and Art 7, 8 and 52 para. 1 of the EU Charter of Fundamental Rights (law of Individuals on the protection of their personal data). On July 26, 2017, the European Court of Justice found violations of EU fundamental rights in the exchange of passenger data between the EU and Canada and thus ended the agreement.

See also

Web links

swell

Individual evidence

  1. Frequently Asked Questions Regarding Customs and Border Protection Receipt of Passenger Name Records Related to Flights between the European Union and the United States (PDF; 20 kB), Privacy Statement For PNR Data Received in Connection with Flights Between the US and the European Union ( PDF; 16 kB)
  2. ^ " Government to move slowly on e-Borders database " - ZDNet from Feb. 10, 2010
  3. "European Commission proposes EU external strategy for the transmission of passenger data (PNR)" press release of the European Commission
  4. Claus Hecking: EU data plans not compatible with the constitution ( memento of July 30, 2012 in the web archive archive.today ) - ftd May 24, 2011
  5. What data does the airline pass on to the American authorities? ( Memento from September 6, 2010 in the Internet Archive ) FAQ Federal Foreign Office.
  6. heise.de: USA want to keep details of passenger data arrangements secret , accessed on May 14, 2012
  7. heise.de: New agreement for the transfer of flight passenger data is taking shape
  8. heise.de: Judgment: No legal basis for forwarding passenger data to the USA , accessed on May 14, 2012
  9. Judgment of the Court of Justice (Grand Chamber) of May 30, 2006 on the protection of natural persons with regard to the processing of personal data, accessed on May 14, 2012
  10. heise.de: EU and USA agree on interim agreements on passenger data transfer , accessed on May 14, 2012
  11. heise.de: Bundestag advocates modern data protection law , accessed on May 14, 2012
  12. heise.de: EU diplomats approve flight data agreement with the USA , accessed on May 14, 2012
  13. heise.de: EU Parliament approves the transfer of passenger data to the USA , accessed on May 14, 2012
  14. sueddeutsche.de: EU wants to save passenger data , accessed on May 14, 2012
  15. Speech by the Federal Data Protection Commissioner Peter Schaar on January 30, 2009 on the occasion of the European Data Protection Day in Vienna , accessed on May 14, 2012
  16. Resolution of the European Parliament (2014/2966 (RSP)) to obtain an opinion from the Court of Justice on the compatibility of the Agreement between Canada and the European Union on the transfer and processing of Passenger Name Record (PNR) with the treaties.
  17. ^ Judges Stop Exchanging Passenger Information with Canada , Die Zeit, July 26, 2017; Data protection news , 2017, no. 3, p. 174