As international travel takes off following the COVID-19 pandemic, a rift over a agreement to track passenger name record (PNR) data threatens to derail US-EU travel.
The transfer of PNR—personal data of air travelers including names, addresses, telephone numbers, credit card information, even meal preferences and details that can indicate ethnicity, religious belief, or political affiliation—on international flights has become a common practice world-wide since the September 11th attacks. The United States and the European Union (EU) have been sharing PNR data in some form since 2004, and a current 2012 agreement outlines how US authorities may use PNR data from EU flights incorporating certain privacy protections.
However, a judgment by the Court of Justice of the EU on the adequacy of another similar agreement between the EU and Canada has thrown the future of the US-EU agreement into question, as the Court ruled the Canada agreement must adapt greater privacy safeguards. The Commission has signaled that the US-EU agreement is also “not fully in line” with the Court ruling either, but the US government signaled no willingness to revisit the 2012 agreement.
The uncertain future of the US-EU PNR agreement, itself a product of years of talks, litigation, and renegotiations, puts airlines in a tricky spot. They must comply with US PNR requirements, but without a deal they could be financially liable for breaking EU data privacy rules. The transatlantic market is also crucial for airlines. Europe was the most sought-after destination for US citizens’ overseas air travel in 2019, and millions of passengers depart from EU member states headed to the United States.
With the future of PNR in question, Europe Center nonresident senior fellow Kenneth Propp highlights the importance of the PNR issue for US and European policymakers and proposes concrete steps to a future agreement. Read the issue brief about the urgent need to settle this often-overlooked but key component of US-EU relations.
Issue Brief Jun 22, 2020
The European Union and the search for digital sovereignty: Building “Fortress Europe” or preparing for a new world?
By Frances Burwell, Kenneth Propp
However the EU redefines sovereignty post-COVID-19—including technological or digital sovereignty—the impact will not be limited to Europe and European companies.
New Atlanticist Apr 14, 2021
Do continued EU data flows to the United Kingdom offer hope for the United States?
By Kenneth Propp
As the Biden administration and the European Commission “intensify” negotiations to re-establish a stable transatlantic data-transfer framework, Brussels separately is moving ahead to enable unrestricted data flows with two other major trading partners: the United Kingdom and the Republic of Korea.
New Atlanticist Dec 15, 2020
Lessons from a Privacy Shield post-mortem on Capitol Hill
By Kenneth Propp
A hearing on the consequences of the European Court of Justice’s invalidation of the EU-US Privacy Shield illuminated the deepening transatlantic divide over data transfers, and it highlighted the early challenge the subject looks to pose for President-elect Joe Biden’s administration, which is eager to repair US-EU relations.