Tag Archives: Data protection

EGovernment

eGovernment

Outline of the Community (European Union) legislation about eGovernment

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Information society > Digital Strategy i2010 Strategy eEurope Action Plan Digital Strategy Programmes

eGovernment

eEurope 2005 To harness the full potential of eGovernment, it is necessary to identify the obstacles which are slowing down the rate at which on-line public services are being made available in the Member States and to propose action to speed up the deployment of eGovernment. This is the objective of the Commission Communication described below.

Communication of 26 September 2003 from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions “The Role of eGovernment for Europe’s future” [COM(2003) 567 final – Not published in the Official Journal].

Summary

“eGovernment” * means the use of information and communication technologies * (ICT) in public administrations combined with organisational changes and new skills. The objective is to improve public services, democratic processes and public policies.

STATE OF PLAY

Progress has been made in every Member State in bringing public services online, with average online availability growing from 45% to 65% between October 2001 and October 2002.

In terms of services to citizens, eGovernment has already shown the advantages which it can bring in citizens’ everyday lives. It not only makes it easier to obtain information from public administrations but also greatly facilitates formalities for members of the public and cuts waiting times. Beyond that, eGovernment fosters direct communication between citizens and policy-makers. Through online forums, virtual discussion rooms and electronic voting, citizens can directly question decision-makers and express their views on public policy. Today public internet access points * are gradually becoming the norm for services to citizens.

As regards services to businesses, provision of higher quality electronic services by public administrations leads to increased productivity and competitiveness, by reducing the cost of the public service itself as well as transaction costs to businesses (time and effort). For example, electronic customs and VAT handling and electronic tax declarations offer the advantage of speeding up procedures at the same time as improving quality of service. The sophistication of online services, in terms of supporting interactivity and transactions, has advanced more in the business sector than in services to citizens.

In the case of services between administrations, eGovernment can provide ways to strengthen cooperation between national, regional and local government and Community institutions. Regional and local administrations are often at the forefront of the delivery of on-line public services. Development of eGovernment at regional and local level has also become a priority of the Structural Funds, representing about 30% of Information Society expenditure in Objective 1 regions and 20% in Objective 2 regions.

OBSTACLES TO GENERAL AVAILABILITY OF eGOVERNMENT: PRIORITY ISSUES

The Commission has identified a number of priority issues which have to be addressed in order to remove the obstacles to general availability of eGovernment.

Inclusive access

Access for all to online public services is a sine qua non for wide use of eGovernment. This point is all the more important considering the very real risk of a “digital divide” – due to unequal access to information and computer technologies. In this context, education and training are essential to acquire the digital literacy necessary in order to reap the full benefit of the services offered by eGovernment. Digital literacy is one of the priorities of the eLearning programme. Greater access to services also implies stepping up the multi-platform approach (allowing access to services through a range of devices, from PCs and digital TV to mobile terminals or public internet access points).

User confidence

Public services can be offered on line only in an environment guaranteeing fully secure access for citizens. With this in view, maximum protection of personal data and security of digital transactions and communications are primary issues. To this end, the use of privacy enhancing technologies in eGovernment should be promoted, inter alia through the relevant Community programmes. More generally, network and information security, the fight against cybercrime and dependability are prerequisites for a properly-functioning Information Society and, consequently, are core policy issues within the European Union.

Public procurement

Public procurement is one area where use of ICT can be particularly advantageous. Traditional public procurement operations are complex, time-consuming and resource-intensive. Use of ICT in public procurement can therefore improve efficiency, quality and value for money in public purchases. Until now the absence of clear Community rules has been an obstacle to the take-up of electronic public procurement in Europe. The adoption of the new package of legislation on public procurement, which includes specific rules on electronic public procurement, should be a turning point for the spread of electronic public procurement in Europe.

Pan-European services

Pan-European services are important means of supporting mobility in the internal market and European citizenship. Various types of pan-European service are already in place. Examples include EURES, the European employment services portal, and PLOTEUS the portal on learning opportunities in Europe. However, the provision of common pan-European services can be a sensitive issue. For example, when services have been developed from the Member State’s national perspective and tradition (e.g. language) alone, access to them for citizens and enterprises from other Member States may be difficult. It is therefore important to make sure that pan-European services take account of the needs of citizens from other Member States and also to establish true cooperation between Member States’ administrations and interoperable infrastructure.

Interoperability

Interoperability means the capacity to inter-link systems, information and ways of working. This kind of interoperability of information systems allows integrated provision of services in a one-stop portal *, no matter how many different administrative systems or bodies are involved. But interoperability is not just a question of linking up computer networks: it also concerns organisational issues, such as interworking with partner organisations which may well have different internal organisation and operating methods. Introduction of pan-European eGovernment services will also inevitably require agreements on common standards and specifications. Most Member States are already addressing this challenge by adopting national “eGovernment interoperability frameworks”, which are being complemented at European level by the development of the European interoperability framework.

Roadmap

The Commission regards the priorities set out above as the roadmap for eGovernment. However, these measures must be backed up by more horizontal action.

HORIZONTAL ACTION

Reinforcing exchanges of good practice

Best practices encompass technological, organisational and training components. They require a long-term commitment on the part of all key players involved. Exchanges of experience and replication of best practices can bring significant cost-savings in moving to broad take-up. They also prepare the ground for future interoperability and interworking between administrations.

Leveraging investment

A range of Community initiatives and programmes are addressing eGovernment. In particular, these include parts of the Sixth Framework RTD Programme, the eTEN and IDA programmes and investment in regional priorities through the Structural Funds. The Commission reports that investment is low compared to the total investment that should be made at European Union level.

Annual spending on ICT in public administration is about EUR 30 billion, of which a growing proportion, currently some EUR 5 billion, is related to eGovernment. The Commission adds that this spending should be accompanied by much larger investment in organisation and human resources. As a result, the total investment needed is likely to run into tens of billions of euros each year. Community support should therefore aim at achieving maximum leverage for the much larger investment at Member State level.

Key terms used in the Act
eGovernment: eGovernment seeks to use information and communications technologies to improve the quality and accessibility of public services. It can reduce costs for businesses and administrations alike, and facilitate transactions between administrators and citizens. It also helps to make the public sector more open and transparent and governments more understandable and accountable to citizens. Information and communication technologies (ICT): the term ITC covers a wide range of services, applications, technologies, devices and software, i.e. tools such as telephony and the Internet, distance learning, television, computers, and the networks and software needed to use these technologies, which are revolutionising social, cultural and economic structures by creating new attitudes towards information, knowledge, working life, etc. One-stop portal: a single entry point to the Internet for a specific topic which can be used without any knowledge of how the administrative departments involved in providing the public service are organised.

Key terms used in the Act

eGovernment: eGovernment seeks to use information and communications technologies to improve the quality and accessibility of public services. It can reduce costs for businesses and administrations alike, and facilitate transactions between administrators and citizens. It also helps to make the public sector more open and transparent and governments more understandable and accountable to citizens.
Information and communication technologies (ICT): the term ITC covers a wide range of services, applications, technologies, devices and software, i.e. tools such as telephony and the Internet, distance learning, television, computers, and the networks and software needed to use these technologies, which are revolutionising social, cultural and economic structures by creating new attitudes towards information, knowledge, working life, etc.
One-stop portal: a single entry point to the Internet for a specific topic which can be used without any knowledge of how the administrative departments involved in providing the public service are organised.

Related Acts

Communication from the Commission, of 25 April 2006, “i2010 eGovernment Action Plan: Accelerating eGovernment in Europe for the Benefit of All” [COM(2006) 173 final – Not published in the Official Journal].
This Action Plan, adopted in 2006, is designed to make public services more modern and efficient and to target the needs of the population more precisely. It proposes a series of priorities and a roadmap to speed up the deployment of eGovernment in Europe. Five priority areas are identified:

Access for all;
Increased efficiency;
High-impact eGovernment services;
Putting key enablers in place;
Increased participation in democratic decision-making.

Independent Report of 27 June 2005: “eGovernment in the Member States of the European Union” (GOPA-Cartermill).

The report is a compilation of the factsheets produced by the eGovernment Observatory. These factsheets provide a picture of the situation and progress of eGovernment in each Member State.

Fifth annual study of e-Government

According to a 2005 survey carried out for the Commission, more than 90% of public service providers now have a website, and 40% of basic public services are totally interactive. The survey highlights the considerable progress made in developing and providing on-line public services throughout the EU. The gap between the new Member States and the EU-15 States in terms of service provision has narrowed significantly, and could close very quickly. The challenge now is to ensure that on-line public services are used as widely and as often as possible so as to simplify the administrative procedures for businesses and citizens alike.

Fourth annual study of e-Government

According to the results of an extensive survey published in January 2004 [PDF ], public administrations which combine the use of ICT to deliver new services with reorganisation of the way they work obtain higher approval ratings from businesses and citizens.
This large-scale survey, funded as part of the evaluation of the eEurope action plan, was conducted in every EU Member State, looking at a common list of 20 basic public services which should be available on line under the action plan. The survey included 29 in-depth case studies of “best practice”, for example substantial savings in enrolment in higher education in Finland and the United Kingdom.

The Commission concluded that the better results are due to the fact that reorganisation plus use of ICT in public administrations reduces costs, increases productivity and provides flexibility and simpler organisational structures. The practical results for the public and for businesses are fewer visits to administrations, together with faster, cheaper, more accessible and more efficient services, but also fewer errors, easier to use systems and greater user control.

Another Normative about eGovernment

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic

Internal market > Businesses in the internal market > Public procurement

eGovernment

Summary

STATE OF PLAY

Progress has been made in every Member State in bringing public services online, with average online availability growing from 45% to 65% between October 2001 and October 2002.

OBSTACLES TO GENERAL AVAILABILITY OF eGOVERNMENT: PRIORITY ISSUES

The Commission has identified a number of priority issues which have to be addressed in order to remove the obstacles to general availability of eGovernment.

Inclusive access

User confidence

Public procurement

Pan-European services

Interoperability

Roadmap

The Commission regards the priorities set out above as the roadmap for eGovernment. However, these measures must be backed up by more horizontal action.

HORIZONTAL ACTION

Reinforcing exchanges of good practice

Leveraging investment

Key terms used in the Act
eGovernment: eGovernment seeks to use information and communications technologies to improve the quality and accessibility of public services. It can reduce costs for businesses and administrations alike, and facilitate transactions between administrators and citizens. It also helps to make the public sector more open and transparent and governments more understandable and accountable to citizens. Information and communication technologies (ICT): the term ITC covers a wide range of services, applications, technologies, devices and software, i.e. tools such as telephony and the Internet, distance learning, television, computers, and the networks and software needed to use these technologies, which are revolutionising social, cultural and economic structures by creating new attitudes towards information, knowledge, working life, etc. One-stop portal: a single entry point to the Internet for a specific topic which can be used without any knowledge of how the administrative departments involved in providing the public service are organised.

Key terms used in the Act

eGovernment: eGovernment seeks to use information and communications technologies to improve the quality and accessibility of public services. It can reduce costs for businesses and administrations alike, and facilitate transactions between administrators and citizens. It also helps to make the public sector more open and transparent and governments more understandable and accountable to citizens.
Information and communication technologies (ICT): the term ITC covers a wide range of services, applications, technologies, devices and software, i.e. tools such as telephony and the Internet, distance learning, television, computers, and the networks and software needed to use these technologies, which are revolutionising social, cultural and economic structures by creating new attitudes towards information, knowledge, working life, etc.
One-stop portal: a single entry point to the Internet for a specific topic which can be used without any knowledge of how the administrative departments involved in providing the public service are organised.

Related Acts

Access for all;
Increased efficiency;
High-impact eGovernment services;
Putting key enablers in place;
Increased participation in democratic decision-making.

Independent Report of 27 June 2005: “eGovernment in the Member States of the European Union” (GOPA-Cartermill).

The report is a compilation of the factsheets produced by the eGovernment Observatory. These factsheets provide a picture of the situation and progress of eGovernment in each Member State.

Fifth annual study of e-Government

Fourth annual study of e-Government

Radio Frequency Identification in Europe: steps towards a policy framework

Leave a reply

Radio Frequency Identification in Europe: steps towards a policy framework

Outline of the Community (European Union) legislation about Radio Frequency Identification in Europe: steps towards a policy framework

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Information society > Radiofrequencies

Radio Frequency Identification (RFID) in Europe: steps towards a policy framework

Document or Iniciative

Communication from the Commission to the Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions of 15 March 2007 – “Radio Frequency Identification (RFID) in Europe: steps towards a policy framework” [COM(2007) 96 – Not published in the Official Journal].

Summary

RFID is a method for exchanging information between a marker (radio tag) *, which can be incorporated into any object, and a reader, a wireless device that identifies the information using radiofrequencies. The technology is more powerful when the reader is linked to communication networks such as the internet, which makes the information available over the world-wide web.

The widespread deployment of RFID technology is an important stage in the development of many sectors, including transport, health and retail trade. Its applications range from the traceability of food, to automated payments, and the mobility and observation of patients suffering from Alzheimer’s disease. It can therefore have a significant contribution to improving the lives of citizens.

However, the technology also raises concerns about the protection of privacy, health and the environment.

From a technical and commercial point of view, RFID is ready for mass deployment. However, there are some outstanding issues relating to the legal and policy framework for the technology.

Confidentiality and Security

RFID technology raises confidentiality issues and security concerns as it can be used to gather and distribute personal data. As a result, it is difficult to achieve wide public acceptance of the technology, as the public wants to see measures taken to protect its rights. For this reason, the social, political, ethical and legal implications of the deployment of RFID should be taken into account.

Under the current legislation, the national public authorities are responsible for ensuring the application of national legislation as regards data processing procedures, including for RFID applications. As regards the security of the RFID system, the Member States, the Commission and businesses should take concerted action concerning technical and organisational aspects and business procedures. To this end, the Commission encourages the consolidation of good practice and the drawing up of design criteria for RFID technology so risks are restricted from the start.

Reducing the threat to security and privacy requires permanent scrutiny of all implications of RFID. To that end, an approach that focuses on each individual RFID application may prove more effective than a more general approach, because each application has its own risks and advantages.

Awareness and information campaigns can play a key role here. The Commission’s public consultation indicated that the general public is often poorly informed about the possibilities and challenges of RFID technology.

The European Union has put in place a vast array of legal instruments to protect personal data. The importance of protecting personal data is recognised in the EC Treaty (Article 16) and in the Charter of Fundamental Rights (Article 8). Moreover, the European legislative framework in this field is defined by the general Data Protection Directive and the ePrivacy Directive. These Directives guarantee the protection of personal data, while taking account of innovations in data processing procedures.

Database management

Data storage and access also constitute problems for the drawing up of policy on the deployment of RFID. Given this new phase in the development of the internet, account should be taken of possible breakdowns in or accidental damage to the technology, as well as of individuals who might seek to exploit the technology for their own ends. The World Summit on the Information Society provides a framework for the emerging policy debate on this subject.

Radio spectrum*

The availability of radio frequencies and the harmonisation of conditions for their use are key issues in the functioning of RFID applications in Europe. The Commission’s streamlining of the use of the radio spectrum within the EU has since 2002 provided a new basis for the deployment of RFID technology.

Standards

The standards governing RFID must facilitate the harmonious distribution of services, while taking account of the rapid development of the technology. Participants in the consultation have expressed the view that the Commission should play a more active role in promoting interoperability and the streamlining of international standards.

Environmental and health issues

Environmental concerns relate to the processing of waste and the use of dangerous substances. These issues are dealt with in the Community legislation on electrical and electronic equipment. As regards health concerns, even though the effects of exposing the population and workers to the electromagnetic fields (EMFs) * of RFIDs are thought to be low, they continue to cause a range of concerns. Moreover, the Community legal framework limits exposure to EMFs.

Background

The deployment of RFID solutions goes hand in hand with enhancing the role of information and communications technology (ICT) in developing the European economy. ICT must become one of the leading sectors of our economy.

Key terms used in the act
Electronic chip (or integrated circuit): electronic component whose size can now be reduced to that of a dot. Silicon is the basic raw material used to manufacture it. ag (or marker): small object composed of a chip attached to an antenna. These two components are enclosed in a container that can be incorporated into some objects. The device sends information via radio waves that can be captured by an appropriate reader and potentially placed on the Internet. Radio spectrum: the entirety of radio frequencies available for the transmission of information. magnetic fields: area in which electromagnetic forces are exerted. The intensity of the field varies, as the forces intensify as they approach the antenna. Prolonged exposure to electromagnetic fields may have negative effects on human health. However, according to the World Health Organisation, the level of exposure to the radio frequencies from base stations and wireless networks is so low that there is no reason to be concerned about its effect on human health.

Key terms used in the act

Electronic chip (or integrated circuit): electronic component whose size can now be reduced to that of a dot. Silicon is the basic raw material used to manufacture it.
ag (or marker): small object composed of a chip attached to an antenna. These two components are enclosed in a container that can be incorporated into some objects. The device sends information via radio waves that can be captured by an appropriate reader and potentially placed on the Internet.
Radio spectrum: the entirety of radio frequencies available for the transmission of information.
magnetic fields: area in which electromagnetic forces are exerted. The intensity of the field varies, as the forces intensify as they approach the antenna. Prolonged exposure to electromagnetic fields may have negative effects on human health. However, according to the World Health Organisation, the level of exposure to the radio frequencies from base stations and wireless networks is so low that there is no reason to be concerned about its effect on human health.

Stepping up cross-border cooperation

Leave a reply

Stepping up cross-border cooperation

Outline of the Community (European Union) legislation about Stepping up cross-border cooperation

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Justice freedom and security > Police and customs cooperation

Stepping up cross-border cooperation (Prüm Decision)

Document or Iniciative

Council Decision 2008/615/JHA of 23 June 2008 on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime.

Summary

The purpose of this decision is to step up cross-border police and judicial cooperation between European Union (EU) countries in criminal matters. In particular, it aims to improve the exchanges of information between the authorities responsible for the prevention and investigation of criminal offences. The decision sets out provisions with regard to:

the automated access to DNA profiles *, dactyloscopic data * and certain national vehicle registration data;
supply of data in relation to major events;
supply of information in order to prevent terrorist offences;
other measures for stepping up cross-border police cooperation.

Establishment of national databases and automated access to data

EU countries are to establish national DNA analysis files for the purpose of investigating criminal offences. Reference data, consisting of the non-coding part of the DNA * and of a reference number that does not enable an individual to be identified, must be made available to other EU countries to carry out automated searches *. These searches are performed via national contact points by comparing DNA profiles, but only on the basis of individual cases and in a hit/no-hit * manner. If the search provides a match, the national contact point carrying out the search receives the reference data in an automated manner. If no profile is found for a particular individual who is under investigation or against whom criminal proceedings have been brought, the requested EU country may be obliged to establish a DNA profile for that individual.

EU countries must also make available reference data from the national automated fingerprint identification systems (AFIS). For this purpose, the reference data will consist only of dactyloscopic data and a reference number. The searches are carried out by comparing dactyloscopic data and, similarly to DNA searches, only in individual cases on a hit/no-hit basis. Confirmation of the match is conducted by the national contact point of the requesting EU country. Supply of further available personal data for matching DNA or dactyloscopic data and other information relating to the reference data is governed by national law, including the mutual legal assistance (MLA) in the requested EU country.

The national contact points shall also be given access to certain national vehicle registration data via automated online searches. These searches may only be conducted with a full chassis or registration number.

Supply of data in relation to major events

In relation to any major events that have a cross-border dimension, EU countries must provide each other non-personal data via their national contact points, as required for the purpose of preventing criminal offences and maintaining public order and security. Personal data may be supplied only if the data subjects are considered a threat to public order and security or if it is believed that they will commit criminal offences at the events. However, this data may only be used in relation to the event it was provided for and must be deleted once it has served its purpose, but no later than a year after it was supplied.

Supply of information to fight terrorism

For the purpose of preventing terrorist offences, but only in individual cases and to the extent required by the conditions leading to the supposition that criminal offences will be committed, EU countries may provide the following data to each other via the national contact points:

surname and first names;
date and place of birth;
description of the conditions leading to the supposition that criminal offences will be committed.

The country providing this data may impose certain binding conditions on the receiving country for the data usage.

Other measures for enhancing cross-border police cooperation

EU countries may effectuate joint patrols and other joint operations to prevent criminal offences and to maintain public order and security on a given EU country’s territory. In such cases, designated officers and officials from the seconding country participate in the hosting country’s operations. The seconding officers may be conferred executive powers, or they may be allowed to exercise their executive powers, but only under the guidance and in the presence of the host officers. The competent authority of the host country is responsible for the command and actions of the seconding officers.

With regard to mass gatherings and other comparable major events, disasters and serious accidents, EU countries are to provide mutual assistance to each other. This assistance should consist of information exchanges, coordination of police measures and contribution of material and physical resources.

An EU country must provide assistance and protection to the other country’s officers on duty, which is equivalent to that provided for its own officers.

Provisions on data protection

EU countries must guarantee that personal data processed according to this decision is protected by their national laws. Only the relevant competent authorities may process personal data. They must ensure the accuracy and current relevance of the data. Steps must be taken to rectify or delete incorrect data or data that was supplied when it should not have been. Personal data must be deleted if no longer needed for the purpose it was made available or if the storage time, as provided by national law, has expired.

The relevant authorities must take technical and organisational measures to protect personal data against destruction, loss, unauthorised access, alteration or disclosure. For the purpose of verifying the permissibility of the non-automated processing of personal data, this processing must be logged. Similarly, the automated processing of personal data must be recorded. The independent data protection authorities in EU countries are responsible for the legal examinations of the processing of personal data.

Any individual has the right to information on the data that has been processed in relation to his/her person, including information on the origin of the data, the recipients of the data and the purpose and legal basis for the processing of the data. The individual may request corrections to or the deletion of inaccurate or unlawfully processed data. If the individual’s rights with regard to data protection have been violated, he/she may lodge a complaint with an independent court or a tribunal and claim for damages or other legal compensation.

Background

The conclusions of the Tampere European Council of October 1999 asserted the need to enhance the exchange of law enforcement information between EU countries, which was further confirmed by the Hague Programme of November 2004.

The Prüm Treaty of 27 May 2005 on the stepping up of cross-border cooperation, particularly on combating terrorism, cross-border crime and illegal migration, signed between Belgium, Germany, Spain, France, Luxembourg, the Netherlands and Austria, lays down procedures for more efficient exchanges of information in the framework of criminal investigations. This decision aims to incorporate the provisions of that Treaty into the EU legal framework.

Key terms used in the act
Dactyloscopic data: fingerprint images, images of fingerprint latents, palm prints, palm print latents and templates of such images that are stored and dealt with in an automated database. Non-coding part of DNA: chromosome regions that are not expressed genetically. DNA profile: a letter or number code that represents a set of identification characteristics of the non-coding part of an analysed human DNA sample. Automated searching: an online access procedure for consulting the databases of one, several, or all of the EU countries. Hit/no-hit procedure: in this procedure the parties grant each other limited access to the reference data in their national DNA and fingerprint databases and the right to use these data to conduct automated checks of fingerprints and DNA profiles. The personal information related to the reference data is not available to the requesting party.

Key terms used in the act

Dactyloscopic data: fingerprint images, images of fingerprint latents, palm prints, palm print latents and templates of such images that are stored and dealt with in an automated database.
Non-coding part of DNA: chromosome regions that are not expressed genetically.
DNA profile: a letter or number code that represents a set of identification characteristics of the non-coding part of an analysed human DNA sample.
Automated searching: an online access procedure for consulting the databases of one, several, or all of the EU countries.
Hit/no-hit procedure: in this procedure the parties grant each other limited access to the reference data in their national DNA and fingerprint databases and the right to use these data to conduct automated checks of fingerprints and DNA profiles. The personal information related to the reference data is not available to the requesting party.

References

Act	Entry into force	Deadline for transposition in the Member States	Official Journal
Decision 2008/615/JHA	26.8.2008	26.8.2009 (26.8.2011 for Chapter 2 provisions)	OJ L 210 of 6.8.2008

Related Acts

Council Decision 2008/616/JHA of 23 June 2008 on the implementation of Decision 2008/615/JHA on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime [Official Journal L 210 of 6.8.2008].

This decision provides the administrative and technical provisions that are indispensable for implementing Decision 2008/615/JHA. The focus is especially on the automated exchanges of DNA, dactyloscopic and vehicle registration data, as well as on other forms of cooperation. The technical provisions are set out in the annex to the decision.

Council Decision 2010/482/EU of 26 July 2010 on the conclusion of the Agreement between the European Union and Iceland and Norway on the application of certain provisions of Council Decision 2008/516/JHA on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime and Council Decision 2008/616/JHA on the implementation of Decision 2008/615/JHA on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime, and the Annex thereto [Official Journal L 238 of 9.9.2010].

Computerised reservation systems

Leave a reply

Computerised reservation systems

Outline of the Community (European Union) legislation about Computerised reservation systems

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Transport > Mobility and passenger rights

Computerised reservation systems

Document or Iniciative

Regulation (EC) No 80/2009 of the European Parliament and of the Council of 14 January 2009 on a Code of Conduct for computerised reservation systems and repealing Council Regulation (EEC) No 2299/89.

Summary

This Regulation aims to establish a harmonised code of conduct regarding the use of computerised reservation systems in order to ensure fair competition and to protect consumers’ rights.

Scope

This Regulation shall apply to:?

any computerised reservation system (CRS) * used or offered for use in the Community for air transport services;
rail-transport products * used or offered for use in the Community and which are incorporated alongside air-transport products into the principal display of a CRS.

RULES OF CONDUCT FOR SYSTEM VENDORS

Relationship with transport providers

A system vendor * may not:

impose unfair or discriminatory conditions in contracts concluded with participating carriers or their subscribers;
prevent a participating carrier from using other reservation systems.

Distribution facilities

All system vendors shall apply the same treatment to all participating carriers with regard to distributing their transport products and shall inform them of changes to their distribution facilities or loading procedures. Furthermore, a system vendor shall ensure that its distribution facilities * are clearly separated from the management and marketing facilities of participating carriers.

Displays

The presentation of data related to the transport products offered shall not mislead the consumer.

Flights operated by air carriers banned from operating in the Community shall be displayed in a clear and distinctive manner. The system vendor shall enable users to clearly identify the operating air carrier.

System vendors from third countries have an obligation to treat Community carriers in a manner that is equivalent to their treatment of national carriers. The Commission shall ensure that in third countries, Community air carriers are not treated in a discriminatory manner by system vendors. Should this be the case, the Commission may require system vendors operating in the Community to treat air carriers from third countries in a similar manner.

RULES OF CONDUCT FOR TRANSPORT PROVIDERS

Participating carriers shall submit accurate data to a CRS in such as way as to enable it to comply with the rules on displaying data.

A parent carrier, subject to reciprocity, shall not discriminate against a competing CRS by refusing, for example, to provide the latter with the same information on its own transport products that it provides to its own CRS.

A parent carrier shall not directly or indirectly favour its own CRS by obliging a subscriber to use a particular CRS to sell its transport products.

PROTECTION OF PERSONAL DATA

All system vendors shall be responsible for processing personal data. Personal data shall only be processed for the purpose of making reservations or issuing tickets for transport products.

AUDIT

System vendors shall submit an independently audited report every four years or upon request from the Commission.

INFRINGEMENTS AND PENALTIES

Where the Commission finds that there is an infringement of this Regulation, it may require the undertakings or associations of undertakings concerned to bring such an infringement to an end and impose on the latter fines not exceeding 10 % of the total turnover. The Commission shall first issue to the undertakings or associations of undertakings concerned a statement of objections.

This Regulation repeals Regulation (EEC)n° 2299/89.

Key terms of the Act
Transport product: the carriage of a passenger between two airports or rail stations; Computerised reservation system or ‘CRS’: a computerised system containing information about, inter alia, schedules, availability and fares, of more than one air carrier, with or without facilities to make reservations or issue tickets, to the extent that some or all of these services are made available to subscribers; System vendor: any entity and its affiliates which is or are responsible for the operation or marketing of a CRS; Distribution facilities: facilities provided by a system vendor for the provision of information about air carriers’ and rail-transport operators’ schedules, availability, fares and related services and for making reservations and/or issuing tickets, and for any other related services.

Key terms of the Act

Transport product: the carriage of a passenger between two airports or rail stations;
Computerised reservation system or ‘CRS’: a computerised system containing information about, inter alia, schedules, availability and fares, of more than one air carrier, with or without facilities to make reservations or issue tickets, to the extent that some or all of these services are made available to subscribers;
System vendor: any entity and its affiliates which is or are responsible for the operation or marketing of a CRS;
Distribution facilities: facilities provided by a system vendor for the provision of information about air carriers’ and rail-transport operators’ schedules, availability, fares and related services and for making reservations and/or issuing tickets, and for any other related services.

References

Act	Entry into force	Deadline for transposition in the Member States	Official Journal
Regulation (EC) No 80/2009	29.3.2009	–	OJ L 35 of 4.2.2009

Data protection in the electronic communications sector

Leave a reply

Data protection in the electronic communications sector

Outline of the Community (European Union) legislation about Data protection in the electronic communications sector

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Internal market > Single market for services

Data protection in the electronic communications sector

Document or Iniciative

Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) [See amending acts].

Summary

Directive 2002/58/EC forms part of the “Telecoms Package”, a new legislative framework designed to regulate the electronic communications sector and amend the existing regulations governing the telecommunications sector. The “Telecoms Package” includes four other Directives on the general framework, access and interconnection, authorisation and licensing and the universal service. The “Telecoms Package” was amended in December 2009 by the two Directives “Better law-making” and “Citizens’ rights”, as well as by the establishment of a body of European regulators for electronic communications (BEREC).

This Directive principally concerns the processing of personal data relating to the delivery of communications services.

Processing security

The provider of an electronic communications service must protect the security of its services by:

ensuring personal data is accessed by authorised persons only;
protecting personal data from being destroyed, lost or accidentally altered;
ensuring the implementation of a security policy on the processing of personal data.

In the case of an infringement of personal data, the service provider must inform the person concerned, as well as the National Regulatory Authority (NRA).

Confidentiality of communications

The Directive reiterates the basic principle that Member States must, through national legislation, ensure the confidentiality of communications made over a public electronic communications network. They must in particular prohibit the listening into, tapping and storage of communications by persons other than users without the consent of the users concerned. The subscriber or user who stores their information must first be informed of the purposes of the processing of their data. They have the option to withdraw their consent on the processing of traffic data.

Data retention

The Directive determines that traffic data and location data must be erased or made anonymous when they are no longer required for the conveyance of a communication or for billing, except if the subscriber has given their consent for another use. On the sensitive issue of data retention, the Directive stipulates that Member States may withdraw the protection of data only to allow criminal investigations or to safeguard national security, defence and public security. Such action may be taken only where it constitutes a “necessary, appropriate and proportionate measure within a democratic society”.

In order to ensure the availability of communication data for the purpose of investigation, detection and prosecution of criminal offences, the Directive lays down provisions for the retention of data.

Unsolicited communications (“spamming”)

The Directive takes an “opt-in” approach to unsolicited commercial electronic communications, i.e. users must have given their prior consent before such communications are addressed to them. This opt-in system also covers SMS text messages and other electronic messages received on any fixed or mobile terminal. However, exceptions are provided.

Cookies

The Directive states that users must give their consent for information to be stored on their terminal equipment, or that access to such information may be obtained. In order to do this, users must receive clear and comprehensive information about the purpose of the storage or access. These provisions protect the private life of users from malicious software, such as viruses or spyware, but also apply to cookies.

Cookies are hidden information exchanged between an Internet user and a web server, and are stored in a file on the user’s hard disk. Their original purpose was to retain information between sessions. They are also a useful and much decried tool for monitoring a net surfer’s activity.

The Directive encourages the use of methods, which are as user-friendly as possible, see effective technical tools.

Public directories

European citizens must give prior consent in order for their telephone numbers (landline or mobile), e-mail addresses and postal addresses to appear in public directories.

Controls

Member States must implement a system of penalties, including legal sanctions in the case of infringements to the provisions of this Directive, and ensure that the national competent authorities have at their disposal the necessary powers and resources to monitor and control compliance with the national provisions adopted during the transposition of this Directive.

References

Act	Entry into force	Deadline for transposition in the Member States	Official Journal
Directive 2002/58/EC	30.07.2002	31.10.2003	OJ L 201 of 31.07.2002

Amending act(s)	Entry into force	Deadline for transposition in the Member States	Official Journal
Directive 2006/24/EC	3.5.2006	15.9.2007	OJ L 105 of 13.04.2006
Directive 2009/136/EC	19.12.2009	25.5.2011	OJ L 337 of 18.12.2009

Related Acts

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [Official Journal L 281/31 of 23.11.95].
This Directive is the reference text, at European level, on the protection of personal data. It sets up a regulatory framework which seeks to strike a balance between a high level of protection for the privacy of individuals and the free movement of personal data within the EU.

Regulation 45/2001/EC of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data [Official Journal L 8 of 12.01.2001]
This Regulation aims to protect personal data within EU institutions and bodies. The text provides for rules to ensure a high level of protection for personal data processed by the Community institutions and bodies and the creation of an independent supervisory body to monitor the application of these rules.

Internet of Things

Leave a reply

Internet of Things

Outline of the Community (European Union) legislation about Internet of Things

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Information society > Internet Online activities and ICT standards

Internet of Things

2 emissions through the development in particular of health monitoring systems, connected trees and cars. The interconnection of physical objects will generate a genuine paradigm shift for society.

Document or Iniciative

Communication of 18 June 2009 from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions – Internet of Things: an action plan for Europe [COM(2009) 0278 final – Not published in the Official Journal].

Summary

This Communication presents the perspectives and challenges for the development of the Internet of Things (IoT).

Definition and existing applications of IoT

IoT is composed of a series of new independent systems operating with their own infrastructures which are partly based on existing Internet infrastructures. IoT can be implemented in symbiosis with new services. It covers three types of communication which can be established in restricted areas (‘intranet of things’) or made publicly accessible (‘Internet of things’):

things-to-person;
thing-to-thing;
Machine-to-Machine (M2M).

IoT currently covers several applications such as:

web-enabled mobile phones equipped with cameras;
unique serial numbers or bar-codes on pharmaceutical products;
smart electrical metering systems which provide a consumption report in real time;
‘intelligent objects’ in the logistics sector (eFreight), manufacturing or retail.

The challenges of public governance

According to the European Commission, policymakers should also participate in the development of IoT alongside the private sector. Some challenges are indeed policy-related, as highlighted by the World Summit on the Information Society, which encourages IoT governance designed and exercised in a coherent manner with all the public policy activities related to Internet Governance.

Many questions concerning the implementation of the connection of objects arise such as:

object naming;
the authority responsible for assigning the identifier;
ways to find information about the object;
how information security is ensured;
the ethical and legal framework of IoT;
control mechanisms.

Faced with these challenges, the Commission proposes to prepare a set of principles underlying the governance of IoT, as well as a decentralised management structure.

Principles underlying the governance of IoT

The development of IoT must not take place to the detriment of privacy and personal data protection. In this regard, the Commission intends to publish a Communication on privacy and trust in the information society, as well as launching a debate on the freedom for individuals to disconnect from a network at any time.

In order to safeguard information security, the Commission proposes to step up monitoring and protection of critical information infrastructure.

Regarding standardisation, the Commission considers it sensible to take advantage of the deployment of Ipv6, making it possible to directly address objects. The Commission also intends to assess existing standards mandates which may include some issues related to IoT, or create others if necessary.

In the field of research and development, IoT represents a considerable challenge, insofar as it is related to wide societal problems. In this regard, the Commission will fund research projects in the field of IoT under the Seventh Framework Programme. Furthermore, IoT may also have a role to play in the four public-private partnerships set up by the Commission in the following areas:

‘green cars’;
‘energy-efficient buildings’;
‘factories of the future’;
‘Future Internet’.

These research activities are to be supplemented by the launch of pilot projects under the Competitiveness and Innovation Framework Programme (CIP). These pilots should help to promote activities related to e-health, e-accessibility, climate change, or helping to bridge the digital divide.

The international aspect is also essential, insofar as the Commission intends to intensify dialogue with its international partners in order to establish benchmarks for common principles in the field of IoT.

Waste recycling should be facilitated by the implementation of IoT through tags which will make objects easier to distinguish during the process.

The Commission is currently concentrating its work more particularly on the availability of appropriate radio spectrum resources and on electromagnetic fields.

Context

The Internet has reached a turning point in its development. A network of interconnected computers is to evolve into a network of interconnected objects such as books, cars or electrical appliances. Although IoT is not yet actually implemented, this Communication gives an indication of the technology to come over the next 15 years.

This summary is for information only. It is not designed to interpret or replace the reference document, which remains the only binding legal text.

The open internet and net neutrality

Leave a reply

The open internet and net neutrality

Outline of the Community (European Union) legislation about The open internet and net neutrality

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Information society > Internet Online activities and ICT standards

The open internet and net neutrality

Document or Iniciative

Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions of 19 April 2011 – The open internet and net neutrality in Europe [COM(2011) 222 final – Not published in the Official Journal].

Summary

This Communication aims to promote the neutral and open character of the internet, in accordance with the Digital Agenda for Europe. The intention is to preserve the openness of the internet while enabling it to provide high-quality, innovative services, and to guarantee fundamental rights such as freedom of expression and freedom to conduct business.

The worldwide success of the internet may be explained in part by its openness and accessibility to all, individuals and companies alike. However, this Communication stresses that its full potential remains untapped.

Challenges to net neutrality

The concept of net neutrality is defined in part in the Framework Directive on electronic communications as the ability of end users to access and distribute information or run applications and services of their choice.

The current obstacles to net neutrality are:

the blocking or throttling of traffic by certain network operators, which takes the form of restricting access to internet services (online television, videoconferences, etc.) or to websites. The Body of European Regulators for Electronic Communications (BEREC) and the national regulatory authorities (NRAs) may receive users’ complaints;
traffic congestion, which requires reasonable management. There are three different traffic management techniques to alleviate congestion:
1. packet differentiation;
2. IP routing;
3. filtering, which makes it possible to distinguish between “safe” and “harmful” traffic.
lack of transparency, which prevents consumers from making informed choices in terms of services. NRAs are therefore obliged to set minimum quality of service requirements.

Regulatory framework concerning net neutrality

The provisions of the regulatory framework are structured around two principal elements:

the principles of competition: net neutrality is strongly correlated with market competition. It is therefore important that retail pricing of internet access is not regulated in the EU in order that consumers can benefit from a wide variety of services at different price points adapted to their needs.
the amended Telecommunications framework: this legislative framework was amended in 2009. It helps to preserve the open and neutral character of the internet by ensuring that consumers are informed about the:
1. conditions limiting access to and/or use of services and applications;
2. procedures put in place by the provider in order to measure and shape traffic so as to avoid filling all the network links.
This framework also enables consumers to switch operators while keeping their numbers, within one working day.

Net neutrality is also strongly dependent on the protection of personal data.

Ways to preserve net neutrality and openness

The Commission is currently studying solutions to put in place to deal with obstacles caused by:

switching;
blocking practices;
throttling practices;
certain commercial practices at the root of blocking and throttling;
discriminatory practices by a dominant player.

However, the Commission must ensure that the measures taken do not hinder freedom of expression and freedom of information and continue to preserve private and family life as well as personal data.

Context

This Communication is based on the results of a public consultation on the open internet and net neutrality conducted between 30 June and 30 September 2010 with participants including network operators, content providers, Member States, consumer and civil society organisations and individuals.

The Commission intends to continue working with BEREC in order to adopt additional provisions on net neutrality.

Smart Grids

Leave a reply

Smart Grids

Outline of the Community (European Union) legislation about Smart Grids

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Energy > Internal energy market

Smart Grids

Document or Iniciative

Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions of 24 April 2011 – Smart Grids: from innovation to deployment [COM(2011) 202 final – Not published in the Official Journal].

Summary

This Communication proposes several actions which aim to develop Smart Grids * in order to contribute effectively to the European Union’s (EU) Europe 2020 Strategy for smart, sustainable and inclusive growth.

According to the European Bio Intelligence study , the use of these grids could:

reduce the annual primary energy consumption of the EU energy sector by almost 9 % by 2020;
create new jobs;
generate additional economic growth.

1^st objective: develop common European Smart Grid standards

Since March 2009, the European Standardisation Organisations (ESOs) such as the European Committee for Standardization (CEN), the European Committee for Electrotechnical Standardization (CENELEC) and the European Telecommunications Standards Institute (ETSI) have been responsible for establishing European standards for the interoperability of smart utility meters (for electricity, gas, water and heat) and smart grids. The results of this research are expected in 2012 and will be based in part on the Directive on measuring instruments.

The ESOs also have the task of developing new standards for the interoperability of chargers for electric vehicles with all types of electric vehicles and with all electricity supply points.

The Commission intends to supervise the development of these standards throughout 2011-12.

2^nd objective: guarantee data protection and security

In the EU, the protection of personal data is covered by Directive 95/46/EC which applies to the processing of data in any sector, including Smart Grids.

The challenge lies in distinguishing between personal and impersonal data. The Commission believes that it would be sensible to make adaptations in the national legal frameworks in order to accommodate the specific parameters of Smart Grids, whilst protecting the private life of European citizens.

The Commission proposes to guide the changes to national legislation which will accommodate the parameters of Smart Grids, while the ESOs will be responsible for developing the technical standards for these grids, taking the ‘privacy by design’ approach. An expert group shall assess the network and information security of Smart Grids.

3^rd objective: incentivise Smart Grid deployment

The deployment of Smart Grids is market-driven. This is the reason why households and companies should have simple access to consumption information so they can keep their energy costs down.

Furthermore, investment in Smart Grids should be incentivised. The Electricity Directive and the Energy Services Directive should enable the emergence of a regulatory framework which provides incentives for such investment.

The Commission plans to define a methodology using national smart meter implementation plans. In addition, it encourages Member States to design action plans for establishing Smart Grids. Specific coordinated action by all the actors involved will be made possible using national regulators and the European Network of Transmission System Operators for electricity (ENTSO-E).

4^th objective: develop Smart Grids in a competitive retail market in the interest of consumers

Member States must create transparent retail markets and facilitate competition between providers. Developing Smart Grids in a competitive retail market should encourage consumers to change their behaviour in terms of energy consumption, because they should have real-time access to their exact energy consumption.

To complete this market, the Commission plans to revise the Energy Services Directive in order to draw up minimum requirements for the format and content of information provision for customers. It will monitor the implementation of the Third Energy Package which, in particular, provides for time-of-use pricing and demand response.

5^th objective: support innovation

Smart Grids require significant investment in terms of research and development. For example, the European Electricity Grids Initiative (EEGI) was established under the Strategic Energy Technology Plan (SET-Plan) to accelerate the deployment of smart grid technologies by 2020. Two other initiatives have the same objectives: the Covenant of Mayors and the Smart Cities and Communities initiatives.

The Commission intends to propose new initiatives similar to those mentioned above, with the aim of promoting the deployment of Smart Grids.

Key terms of the Act
Smart Grids: an upgraded electricity network to which two-way digital communication between supplier and consumer, intelligent metering and monitoring systems have been added.

Deployment of Intelligent Transport Systems in Europe

Leave a reply

Deployment of Intelligent Transport Systems in Europe

Outline of the Community (European Union) legislation about Deployment of Intelligent Transport Systems in Europe

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Transport > Intelligent transport and navigation by satellite

Deployment of Intelligent Transport Systems in Europe

Document or Iniciative

Directive 2010/40/EU of the European Parliament and of the Council of 7 July 2010 on the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other modes of transport.

Summary

This directive is applicable to Intelligent Transport Systems (ITS) applications and services in the European Union (EU) road transport sector and to their interfaces with other modes of transport. ITS are systems in which information and communication technologies are applied in the field of road transport, including infrastructure, vehicles and users, and in traffic management and mobility management.

The following are identified as priority areas for the development and use of specifications and standards:

optimal use of road, traffic and travel data;
continuity of traffic and freight management ITS services;
ITS road safety and security applications;
linking the vehicle with the transport infrastructure.

Within these priority areas, there are six priority actions:

the provision of EU-wide multimodal travel information services;
the provision of EU-wide real-time traffic information services;
data and procedures for the provision, where possible, of road safety related minimum universal traffic information free of charge to users;
the harmonised provision for an interoperable EU eCall;
the provision of information services for safe and secure parking places for trucks and commercial vehicles;
the provision of reservation services for safe and secure parking places for trucks and commercial vehicles.

On deployment of ITS applications and services, EU countries must take the necessary action to ensure that the specifications adopted by the Commission are applied. Individual EU countries do, however, retain the right to decide on deployment of such applications and services on their own territory.

The Commission is responsible for first adopting the necessary specifications to ensure the compatibility, interoperability and continuity for the deployment and operational use of ITS for the above priority actions. Following this, the Commission shall then adopt specifications for the deployment and operational use of ITS for other actions in the priority areas. The specifications will, where appropriate, include the conditions under which EU countries may establish additional rules for the provision of ITS services on all or part of their territory, provided that these rules do not impede interoperability of the services. In addition to the specifications, the Commission may adopt guidelines and other non-binding measures to facilitate the cooperation of EU countries regarding the priority areas.

Rules on privacy, security and re-use of information

EU countries must ensure that the processing of personal data in the context of the operation of ITS applications and services is undertaken in accordance with EU rules on fundamental rights and freedoms of individuals, and that the provisions on consent are adhered to. In particular, personal data must be protected against misuse, including unlawful access, alteration or loss. To this end, personal data should only be processed where necessary and, where appropriate, the use of anonymous data should be encouraged for the performance of the ITS applications and services.

Delegated acts

With regards to specifications, the Commission may also adopt separate delegated acts for each of the priority actions. The European Parliament and the Council have the right to either revoke this delegation of powers, or object to a delegated act. If there is an objection to a delegated act, the act will not enter into force.

European ITS Advisory Group

The Commission shall establish a European ITS Advisory Group to provide advice on business and technical aspects of the deployment and use of ITS in the EU. The group shall be composed of high level representatives from relevant ITS service providers, associations of users, transport and facilities operators, manufacturing industry, social partners, professional associations, local authorities and other relevant fora.

References

Act	Entry into force	Deadline for transposition in the Member States	Official Journal
Directive 2010/40/EU	26.8.2010	27.2.2012	OJ L 207 of 6.8.2010

Agreement on the processing and transfer of passenger name record data by air carriers to the United States Department of Homeland Security

Leave a reply

Agreement on the processing and transfer of passenger name record data by air carriers to the United States Department of Homeland Security

Outline of the Community (European Union) legislation about Agreement on the processing and transfer of passenger name record data by air carriers to the United States Department of Homeland Security

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

External relations > Industrialised countries

Agreement on the processing and transfer of passenger name record data by air carriers to the United States Department of Homeland Security (2007 PNR Agreement)

Document or Iniciative

Council Decision 2007/551/CFSP/JHA of 23 July 2007 on the signing, on behalf of the European Union, of an Agreement between the European Union and the United States of America on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the United States Department of Homeland Security (DHS) (2007 PNR Agreement)

Agreement between the European Union and the United States of America on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the United States Department of Homeland Security (DHS) (2007 PNR Agreement).

Summary

The purpose of sharing passenger name record (PNR) data is to combat terrorism and organised crime, protect people’s vital interests and prevent the flight of individuals from warrants or custody issued against them.

This Decision consists of the Agreement, the accompanying letter from the United States Department of Homeland Security (DHS) and the letter of the European Union (EU) in reply. Applicable for seven years, it requires airlines to transfer data to DHS concerning passengers transported to or from the United States. In return, DHS undertakes to guarantee a high level of protection. The Decision advocates the application of security measures on data transfers and calls on the parties to respect the fundamental rights and freedoms of passengers.

Type of passenger name record (PNR) data collected

DHS obtains PNR data from the air carriers, flight tickets and travel documents. The data collected concern:

APIS information (name, civil status, date of birth, nationality, country of residence, etc.);
the journey (date of reservation/issue of ticket, travel date, itinerary, baggage, seat number, travel status of passenger, travel agency used);
the flight ticket (free tickets, upgrades, ticket issue, price, number, form of payment used and billing);
PNR (record locator code, names on PNR, split/divided PNR information and all historical changes made to PNR);
all available contact information;
OSI (Other Service Information), SSI and SSR (Special Services) data.

“Sensitive” PNR data

Sensitive PNR data relate to ethnic origin, philosophical, political or religious beliefs, trade union membership and the health and sex life of the individual. Once this information has been received, DHS employs an automatic system to filter the sensitive codes and terms. DHS undertakes not to use this information and to delete it promptly.

However, where lives are in danger and the passenger has supplied such information, DHS is authorised to use it, provided that it maintains a log of access to these data and deletes them within thirty days. It is required to inform the European Commission (within 48 hours) that it has accessed these data.

PNR data protection and transmission

The letter from DHS accompanying the Agreement explains how the latter collects, uses and stores PNR data. It treats the information as sensitive and confidential. DHS may transmit it to the US authorities responsible for law enforcement, public security or counterterrorism and to countries capable of ensuring data protection, but only for the same purposes as those for which DHS received the data (mainly to combat terrorism and organised crime).

If the air carriers have a system complying with DHS technical requirements, they will transmit the data to DHS via a ‘push’ system. On the other hand, they will transmit the data via a ‘pull’ system if the carrier has not implemented such a system. It is for the carriers to initiate the transition to a ‘push’ system.

DHS receives PNR data 72 hours before the scheduled departure. It may ask to receive them earlier if necessary. It nevertheless undertakes to make this type of request judiciously and with proportionality.

DHS retains the data in an analytical database for 7 years, after which time the data are stored for a further 8 years, but in dormant, non-operational status. They may be accessed only with approval of a senior DHS official. The two parties will reach agreement to determine when PNR data must be destroyed. Only those related to a specific investigation in progress may be retained.

Right of access and right of inspection

DHS extends the American Privacy Act provisions to PNR in its possession. Administrative, civil and penal sanctions are therefore provided for in the event of failure to respect privacy and unauthorised disclosure.

The EU, US and the aviation industry cooperate so that passengers are informed about how the governments may use the information concerning them. DHS informs and replies to questions from the public on PNR data through publications in the Federal Register and standard notices made available and published on its website.

DHS undertakes not to disclose PNR data to the public (apart from the persons concerned).

Cooperation and reciprocity

DHS transmits analytical data flowing from PNR data to the European police and judicial authorities concerned, Europol and Eurojust. The European authorities do the same to the US authorities.

Both parties ensure that their systems work effectively. The Secretary of Homeland Security (DHS) and the Commissioner for Justice, Freedom and Security (EU) periodically review the application of this decision.

Background

The transfer to the US authorities of PNR data held by European airlines has been the subject of successive agreements. The most recent is dated 19 October 2006 and expired on 31 July 2007. For this reason, the Council decided (on 22 February 2007) to authorise the Presidency to open negotiations, which gave rise to the present Agreement.

This Agreement is applicable as of the date of signature. It enters into force on the first day of the month after the date on which the parties have notified one another that they have completed their internal procedures.

References

Act	Entry into force – Date of expiry	Deadline for transposition in the Member States	Official Journal
Decision 2007/551/CFSP/JHA	23.7.2007	–	OJ L 204 of 4.8.2007

Related Acts

Council Decision 2006/729/CFSP/JHA

of 16 October 2006 on the signing of an Agreement between the EU and the USA on the processing and transfer of passenger name record (PNR) data by air carriers to the DHS – Agreement between the European Union and the United States of America on the processing and transfer of passenger name record (PNR) data by air carriers to the DHS [Official Journal L 298 of 27.10.2006]

Council Decision 2004/496/EC

of 17 May 2004 on the conclusion of an Agreement between the European Community and the United States of America on the processing and transfer of PNR data by Air Carriers to the DHS, Bureau of Customs and Border Protection – Agreement between the European Community and the United States of America on the processing and transfer of PNR data by Air Carriers to the DHS, Bureau of Customs and Border Protection [Official Journal L 183 of 20.5.2004].