The German government is calling for the EU-wide retention of personal flight data as an anti-terrorism measure, but is facing opponents who object to yet another database holding private information.
Jjihadists returning from battlegrounds in the Middle East threaten the security of the EU and urgent action is needed in the Federal Government's view, Germany said in a written response to questions asked by Andrej Hunko, a member of the Bundestag. One way to counter this threat is to detect suspicious travel movements via a database with personal flight data, the government said.
However, such a database would violate fundamental privacy rights and is not necessary because tracking down terrorists can be done with existing information systems, according to Hunko. This will be a "boundless retention of air traveler data to which police and intelligence agencies demand unlimited access," he said.
Such a database could be illegal. In May, the European Court of Justice (CJEU) invalidated EU laws requiring communications providers to retain metadata in much the same way as flight data would be retained because they interfered with fundamental privacy rights, Hunko added.
Nevertheless, the German support for a flight data retention means there is strong support for the EU Passenger Name Record (PNR) database that was proposed by the European Commission in 2011.
While the German government backed the plan, it did say that retaining data for five years is too long, and it would propose a shorter period.
PNR data comprises information provided by passengers when they book an airline ticket and check into flights as well as data as collected by airlines for their own commercial purposes. It contains about 60 different data sets including travel dates, itineraries, ticket information, contact details, travel agent, means of payment used, seat number and baggage information.
That data is stored in the airlines' reservation and departure control databases and the Commission proposed giving law enforcement access to that trove of personal data for the purpose of fighting serious crime and terrorism. If the plan is approved, airlines should transfer data on international flight passengers held in their reservation systems to a dedicated unit in the EU State. That PNR data could then also be shared with the U.S. Department of Homeland Security and other countries.
The proposal for such a database was put on ice in 2013, when the European Parliament rejected the plans because they found it would violate fundamental rights.
However, the topic has gained some traction since the European Council, which consists of the heads of EU member states or governments, called for the accelerated implementation of the EU PNR proposal to stem the flow of foreign fighters into Europe. They asked the Parliament and the Council of the EU, which is a different body composed of national ministers from each of the EU's 28 member states, to finalize work on the database before the end of the year.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.