EU calls EU Passenger Name Record 'unreasonable'
The plans to track passenger details is also unjustified, even though it's designed to combat terrorism


The EU has called plans to track passenger details of anyone taking a flight in or out of Europe "unreasonable and unjustified."
The EU Passenger Name Record (EU PNR) would involve personal information being handed over to security officials to help combat crime and terrorism, but the EU says the plans goes against civil liberties.
The data provided to authorities, including Interpol, would include travel dates, ticket information, contact details, means of payment, seat numbers and luggage details. It would be stored for up to five years, although names would be hidden after 30 days, but could be revealed upon request. After five years, the data would be deleted from the system.
Europe's data protection supervisor Giovanni Buttarelli said the EU PNR is not fair for UK's citizens, claiming legislation is overly broad and security forces have not provided any information about why it's necessary.
He described it as a "massive, non-targeted and indiscriminate collection of passengers' personal information" and suggested that other less-intrusive legislation should be considered.
"We encourage the legislators, in assessing the necessity of such a measure, to further explore the effectiveness of new investigative approaches as well as of more selective and less intrusive surveillance measures based on targeted categories of flights, passengers or countries," Buttarelli said.
The EU already has a similar arrangement with the US and Australia, with information provided to authorities about European citizens entering or leaving the countries. However, in the case of the agreement with the US, the data is available for up to 10 years.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives

Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.
Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.
As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.
-
RSAC Conference 2025: The front line of cyber innovation
ITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job losses
News With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
Forcing Apple to allow alternative app stores might cause major security risks
Analysis Apple will be forced to allow third-party marketplaces on its devices, but some experts have raised serious security concerns
-
Why bolstering your security capabilities is critical ahead of NIS2
NIS2 regulations will bolster cyber resilience in key industries as well as improving multi-agency responses to data breaches
-
New EU vulnerability disclosure rules deemed an "unnecessary risk"
News The vulnerability disclosure rules in the Cyber Resilience Act could also cause a “chilling effect” on security researchers
-
Are you ready for NIS2?
WEBINAR Find out what you should be doing to prepare for the EU’s latest data protection regulation and UK equivalent with our free webinar
-
EU regulators are digging their heels in despite big tech’s Data Act pushback
Analysis EU regulators are no strangers to big tech regulatory push back, so why do companies still persist?
-
Microsoft's EU Data Boundary will begin staggered rollout in January 2023
News Public sector and commercial customers will be the first to benefit when the rollout begins on 1 January across all of Microsoft's core services
-
EU watchdog fights against rules permitting Europol's ‘unlawful’ data practices
News The pushback follows allegations that Europol was allowed to write its own rules when it came to handling sensitive data
-
EU to introduce strict IoT security regulation
News Manufacturers will be required to assess all risks, and notify the EU of issues within 24hrs