Background

Passenger name record (PNR) data is personal information collected by airlines on passengers travelling by air.  The information is used by the Australian Customs Service to identify possible persons of interest in the context of counterterrorism, drug trafficking, identity fraud, people smuggling, and other serious crimes.¹

The Australian Customs Service described the use of PNR data in the following terms:

…On the one hand, we are able to identify persons of interest and conduct associated analysis before that person arrives into the country. Those people are then subject to intervention on arrival for questioning and examination. On the other hand, our ability to undertake that work in turn facilitates a freer flow of legitimate travellers through the entry and exit regulatory processes.

Assessment, in this sense, is made on the basis of advance passenger data, information and intelligence. The essential pieces of data I am referring to are known as ‘advance passenger information’, or API, data, which is provided to Customs by the Department of Immigration and Citizenship, and ‘passenger name record’, or PNR, data, which Customs obtains directly from airlines. API data contains information about identity, passport details, visa details and flight details. Passenger name record, or PNR, data includes information about, for example, name and address, ticketing, check-in, seating, form of payment, travel itinerary, requested preferences or other requests and baggage.²

The Australian Customs Service started using PNR data in 1998, with airlines providing PNR data to Customs on a voluntary basis.

In 2002, the Customs Act 1901 was amended to require airlines to provide PNR data to the Australian Customs Service.³

The Australian Customs Service advised the Committee that PNR data had, in the twelve months preceding the hearing, resulted in:

• the identification of 21 terrorism related matters;
• the identification of 78 drug traffickers;
• the identification of 25 people in possession of objectionable material; and
• 37 people being denied entry to Australia because they were persons of interest in relation to serious crime.⁴

Prior to the negotiation of the Agreement between Australia and the European Union on the Processing and Transfer of European Union Sourced Passenger Name Record Data (the EU Passenger Name Record Data Agreement) the Australian Customs Service had access to the passenger information systems of 31 airlines, representing 91% of passengers travelling to Australia.⁵

The EU Passenger Name Record Data Agreement will permit the transfer to the Australian Customs Service of PNR data from airlines that process their PNR data in the European Union.⁶

While the EU Passenger Name Record Data Agreement has not been notified by Australia or the European Union to date, it has been provisionally implemented since it was signed on 30 June 2008.⁷ In other words, airlines that process their PNR data in the European Union are already providing that data to the Australian Customs Service.

Reasons for Australia to take treaty action

The EU Passenger Name Record Data Agreement is necessary to overcome a conflict between the Customs Act 1901 and European Union data protection laws.

The Customs Act 1901 requires airlines to provide PNR data for all passengers before their arrival, while European Union data protection laws prevent the transfer of personal information from the European Union to other countries without a formal agreement that adequately protects that personal information.⁸

Airlines that process PNR data in the European Union for passengers travelling to Australia are therefore in breach of either Australian or European Union law regardless of what they do.

Nine per cent of travellers to Australia arrive on airlines that process PNR data in the European Union.  However this is expected to increase to 30% of travellers following a decision by Qantas Airways to transfer its PNR data processing to Europe.⁹

The EU Passenger Name Record Data Agreement will require some changes to PNR data administration.  PNR data that is not sourced in the European Union is accessed by interrogating airline databases.  This is colloquially known as ‘pulling’ the data.  European Union sourced PNR data will need to be provided by the airlines to the Australian Customs Service, or ‘pushed’.¹⁰

Obligations

The EU Passenger Name Record Data Agreement obliges Australia to impose certain restrictions on the use and storage of European Union sourced PNR data.  The key obligations as highlighted by the NIA and treaty text are:

• restrictions on the purposes for which European Union sourced PNR data and personal information derived from it can be used;
• applying Australian privacy and freedom of information laws to European Union sourced PNR data;
• restrictions on the disclosure of European Union sourced PNR data amongst Australian Government agencies;
• a requirement to filter out sensitive European Union sourced PNR data such as racial or ethnic origin;
• a requirement to provide information to the public on Customs’ processing of PNR data;
• a limit of three years on the retention of person records obtained through European Union sourced PNR data, with a further two years’ limit on European Union sourced PNR data that has had the personal identification removed;
• a comprehensive range of physical and electronic security measures on European Union sourced PNR data; and
• an obligation to advise the European Union of the passage of any legislation that directly affects the safeguards application to European Union sourced PNR data.¹¹

Privacy matters

Because the European Union is the only jurisdiction with data protection laws that prevent the transfer of PNR data, this is the only agreement Australia has had to negotiate of this sort.¹²

The Privacy Commissioner advised the Committee that she was involved in the negotiation of the EU Passenger Name Record Data Agreement.  From her perspective:

…I am quite happy with the outcome that is being negotiated. I really do think people’s personal information is going to be accorded the appropriate privacy protections, and, most importantly, there are many mechanisms in place to ensure that people are told about it, they have access to that information and there are opportunities to have the processes reviewed. My office is going to be undertaking two privacy audits a year of the way Customs handles the passenger name records, and we think that is a really good outcome because that will go to identifying any possible problems—we do not see any at the moment—and helping improve outcomes for individuals within Australia.¹³

Costs

The EU Passenger Name Record Data Agreement will require the Australian Customs Service to reconfigure its PNR system to ensure it can accept and process ‘pushed’ PNR data from airlines that process their PNR data in the European Union.

Consultation

The NIA indicates that the States and Territories have been notified of the proposed Agreement through the Standing Committee on Treaties' (SCOT) Schedule of Treaty Action and no comment has been received to date.  The Agreement does not require State or Territory cooperation for its domestic implementation.¹⁴

The Departments of Prime Minister and Cabinet; Foreign Affairs and Trade; Immigration and Citizenship; and Infrastructure, Transport Regional Development and Local Government; the Attorney General’s Department; the Office of the Privacy Commissioner; and the Australian Security and Intelligence Organisation were consulted in the negotiation of the Agreement.  All agencies cleared the text of the Agreement.¹⁵

Ms Jan Dorrington, Transcript of Evidence, 22 September 2008, pp. 2-3. Back