The European Passenger Name Record system has been agreed by the European Parliament. Flights operating to and from Europe will be required to comply with the EU PNR regulations.
For some time, politicians have wrestled with the conflicting need for a smarter use of data to counter terrorist threats versus what some members of parliament perceived as an erosion of the individual’s right to privacy.
Now European lawmakers have agreed the roadmap for introducing the EU PNR framework.
According to a BBC article (link below), the French Interior Minister Bernard Cazeneuve said said the EU PNR initiative would be “indispensable in the fight against terrorism.”
Luxembourg Minister of Homeland Security Etienne Schneider added: “The compromise agreed today will enable the EU to set up an effective PNR system which fully respects fundamental rights and freedoms. After so many years of debate, we have finally reached a deal.”
The datasets captured by the EU PNR directive (they are listed in our blog post ‘How Ready Are You For Passenger Name Record EU Legislation?‘) will enable security forces to get smarter insights into passenger behavior.
The current API Advanced Passenger Information data is a blunt instrument that enables security services to track known individuals, and potentially put them on ‘no fly’ lists.
But sophisticated terrorist teams – and so called ‘lone wolf’ terrorists – can fly under the radar of API.
Capturing more data on passengers – gathered in what is called PIU ‘Passenger Information Units’ – will enable security teams to identify ‘at risk’ behaviors, and to create links and insights between known and unknown individuals.
These behavioral aspects of PNR were what had troubled some lawmakers with a concern for civil liberties, but the European Parliament has taken a considered stance on the tradeoff between individual rights and the protection of society.
So, PNR is finally scheduled to happen. But what is the impact for airlines traveling to and from the European Community?
“While API data may serve to identify known terrorists and criminals by using alert systems, PNR allows for a risk assessment of unknown individuals. Travel arrangements recorded as PNR data are used to identify specific behavioural patterns and make associations between known and unknown people.”
EU PNR briefing document.
Copy available on request. See below.
The EU PNR initiative will require airlines to push the required datasets to a designated security center (PIU) 48 hours before scheduled takeoff, and again within 30 minutes after the flight has closed.
For companies who have a PSS Passenger Service System, the majority of these datasets will be available from their current resources.
Airlines without a PSS will need to create the flows from various sources to populate the relevant PIUs.
Conztanz is a specialist in integrating PSS solutions. We have also worked on designing, implementing and certifying the French API-PNR system, so we have a wealth of relevant experience in the EU PNR requirements.
To help airlines prepare for EU PNR we offer a readiness audit. This audit investigates your current IT resources and delivers a roadmap for achieving PNR compliance. This roadmap can help your inhouse IT teams to plan their activity, or to consider outsourcing all or some of the implementation program to Conztanz.
As the data being pushed to security centers is standard (XML format), the PNR technical experts at Conztanz are evaluating the feasibility of developing a shared PNR platform.
If implemented, this platform would have the goals of reducing timescale and cost for airlines who fly to and from Europe. Obviously, this PNR shared platform will keep confidential the data for each airline.
The shared platform would be open to all airlines, but would be of particular interest to regional and low-cost carriers who do not have a full PSS system.
Reference used in this blog post:
European Parliament website : PNR page.
BBC : EU reaches PNR agreement.