PNR

Avis sur démarche globale en matière de transfert des données des dossiers passagers (PNR) aux pays tiers

Observations du CEPD concernant divers accords internationaux, notamment les accords PNR UE-US et UE-AUS, l'accord TFTP UE-US, ainsi que la nécessité d'une approche globale des accords internationaux relatifs à l'échange de données

Avis concernant le rapport final du Groupe de contact à haut niveau UE/Etats-Unis sur le partage d'informations et la protection de la vie privée et des données à caractère personnel, JO C 128, 06.06.2009, p. 1

• nature and scope of an instrument on information sharing: for the sake of legal certainty, the EDPS shares the report's preferred option for the adoption of a legally binding instrument. This general instrument would need to be combined with specific agreements on a case by case basis to reflect the many specificities of data processing in the field of security and justice. The scope of application should also be clearly circumscribed and provide for a clear and common definition of law enforcement purposes at stake;
• redress mechanisms: as one of the most prominent outstanding issues of the report, the availability of adequate means for redress needs to be properly addressed. Strong redress mechanisms, including administrative and judicial remedies, should be available to all individuals, irrespective of their nationality;
• measures guaranteeing the effective exercise of individuals' rights: further work is needed not only with regard to redress and oversight mechanisms, but also concerning the transparency of data processing and the conditions of access and rectification to personal data.

Avis sur la proposition de règlement instaurant un code de conduite pour l'utilisation de systèmes informatisés de réservation, JO C 233, 11.09.2008, p. 1

The EDPS issued an opinion on the proposal for a Regulation on a Code of conduct for computerised reservation systems (CRSs).

The objective of the proposal is to update the provisions of the Code of Conduct for Computerized Reservation Systems that was established in 1989 by Regulation 2299/89. The Code would need simplification in order to reinforce competition - while maintaining basic safeguards, and ensuring the provision of neutral information to consumers.
A specific article on data protection has been developed in the proposal with a view to complementing the provisions of Directive 95/46/EC which continues to apply as a lex generalis.

The EDPS welcomes the inclusion of such principles in the proposal. He stresses that these provisions could nevertheless be usefully complemented by additional safeguards on three points:

• ensuring the fully informed consent of data subjects for the processing of sensitive data;
• providing for security measures taking into account the different services offered by CRSs;
• protecting marketing information relating to individuals from access by third parties.

With regard to the scope of application of the proposal, the criteria that make the proposal applicable to CRSs established in third countries raise the question of its practical enforcement, taking into account the complexity of the CRS network.

It is deemed as essential to put the CRS question in this global context and to be aware of the implications of having a large amount of personal data, some of them sensitive, processed in a global network practically accessible to third state authorities.

The EDPS considers it as decisive that effective compliance is ensured by competent authorities for enforcement (i.e. the Commission), as foreseen in the proposal, as well as data protection authorities.