European airlines could soon be forced to break citizens’ right to privacy if they want to fly to Mexico.
Mexican authorities have decided to implement a "passenger name record" (PNR) scheme from 1 April. PNR data encompasses all the information airlines hold on their passengers – from credit card details, phone numbers and emails to dietary requirements – and from April, Mexico wants all that handed over when someone flies into the country.
Dutch MEP Sophie In ’t Veld this week urged the European Commission to negotiate a postponement of the data handover, saying it will put airlines in the difficult position of either risking a fine from Mexican authorities or acting in breach of European Data protection legislation. “The latter case would also be a breach of citizens’ fundamental rights,” added In’t Veld.
Last year, the European Court of Justice ruled that blanket data retention was illegal, calling into question plans for an EU-wide PNR scheme. A new proposal was put forward that attempts to avoid breaching the EU rules.
In November the European Parliament voted to refer the EU-Canada PNR agreement to the European Court of Justice (ECJ) for an opinion on whether it is in line with EU law and the Charter of Fundamental Rights.
"We want legal certainty for EU citizens and air carriers,” explained In't Veld. She added it was especially important to get this right now with respect to Canada and Mexico because Russia, South Korea and the United Arab Emirates – all countries with notoriously weak data protection rules – are considering asking for EU data, too.
“Any PNR agreement, present or future, must be compatible with EU treaties and fundamental rights and must not be used as a means to lower European data protection standards via the back door,” she said.
Blighty's Civil Aviation Authority told El Reg: "Airlines based within the EU clearly have an obligation to abide by all EU laws and regulations, not those of a non-EU state." ®