New EU Data Sharing and Collection Law Threatens Passenger Privacy
Last week, the EU passed a privacy-invasive data sharing plan for travelers coming in and out of the EU by plane. The new law not only calls for the collection of information on all travelers flying in and out of Europe; it also permit easier sharing of information by security services.
The plan was approved 461 to 179, with 9 abstaining from the vote. The law will share passenger name records (PNR), in an aim to fight terrorism in Europe.
“The law requires airlines to give European security services basic information about all travellers flying into and out of the EU, including names, email addresses and phone numbers, itinerary, baggage, how they paid for their tickets and passport data.”
This information will be anonymized after 6 months, although security can request personal details on specific travelers if needed. The data will be retained for five years.
This plan has been in the works for several years. While there is a two-year grace period to get this system working, some predict it will go into effect much faster.
This law was enacted at the same time two landmark digital privacy laws were passed in the EU last week, and on the heels of recent updates to Google’s right to be forgotten law. This new PNR law is bad news for privacy for those both in and outside the EU.