On 14 April 2016, the European Parliament finally approved the much debated proposal on the storage and analysis of data from flight passengers entering and leaving Europe, the so called PNR data. New Europe reports:
“Travel arrangements recorded as PNR data are used to identify specific behavioral patterns and make associations between known and unknown people.”
For now, the directive only concerns external flight passengers, but the proposal includes an option to extend it to internal passengers as well, to be revised in two years time. According to New Europe, the vote was preceded by intense lobbying from (among others) the French prime minister. The history of this proposal provides an interesting insight into how we let external events and fear influence the policies we make.
The EU PNR proposal was presented to the Commission in February 2011 and was rejected by the Civil Liberties Committee in Apr 2013, on the grounds of questionable proportionality between the scope as regards offenses and as regards privacy and impact on society. After this, the debate around the proposal was low key. but in 2014, it was referred back to the Civil Liberties Committee. Shortly after, the political arena of Europe changed. On January 7-9 2015 5 terrorist attacks took place in the Ile the France region starting with the the Charlie Hebdo shooting and ending in the hostage situation on an industrial estate in Dammartin-en-Goële and in the kosher supermarket in Porte de Vincennes.
When debating the issue again on November 11 2014, the Civil Liberties Committee were still divided, but
“most stressed the need to assess the EU Court of Justice (ECJ) ruling annulling the data retention directive, to assess whether existing measures suffice before taking new ones and to put in place adequate data protection safeguards.”
Two days later, on November 13, terrorists attacked the Bataclan theatre and a number of other targets in Paris. Not even a month later, the proposal was endorsed by the Civil Liberties, Justice and Home Affairs Committee on 10 December 2015 by 38 votes to 19, with 2 abstentions. Not surprisingly, the final proposal was approved on April 14 2016. In between, terrorists struck Brussels on March 22.
Anyone with a tendency for conspiracy theories would point out the almost perfect timing between these external events and the scheduling of politically sensitive votes. Of course, The Fire Window is not prone to such accusations, but from an introspective perspective it is of interest to note the change in tone between the issues released from the Article 29 Working Project over the same time.
The Article 29 Data Protection Working Project (WP29) is an independent group under Directive 95/46/EC of the European Parliament. It has an advisory capacity with regard to the protection of individuals and the processing of personal data. In a press release following the Charlie Hebdo shootings, the WP29 state that
“Today more than ever, European citizens need to show that our societies will stand
strong on their common values. These values are fundamental democratic assets, which have developed and matured over centuries and must not be surrendered, whatever the circumstances”
“The current situation obviously makes it more necessary than ever to ensure that an appropriate balance is struck between these different, but not contradictory objectives.” [“The objectives” referring to the “freedom of speech or freedom of movement vs public security requirements and the need to foster innovation”]
In the aftermath of the Snowden scandal in 2014, the contents of The Opinion 04/2014 on surveillance of electronic communications for intelligence and national security purposes (p.2) the tone is even stronger:
“From its analysis, the Working Party concludes that secret, massive and indiscriminate surveillance programs are incompatible with our fundamental laws and cannot be justified by the fight against terrorism or other important threats to national security”
The above two examples chimes well with the concerns raised against the original PNR proposal in 2011, whereas the most resent press release, on the April 2016 vote, carries a very different tone when it states:
“The WP29 welcomes this major decision for European credibility and has already started
working to ensure a smooth and constructive transitional period for all stakeholders,
especially to be ready to act as the European Data Protection Board on Day 1.”