Secondary Access to European Passenger Name Records

Research output: Chapter in Book/Report/Conference proceedingConference paper


This article intends to demonstrate that access to the EU PNR data for further use, as defined by Directive 2016/681, is not limited to Member States’ competent authorities for the prevention, detection, investigation or prosecution of terrorist offences and of serious crime, Europol and third countries competent authorities, as was probably the legislators’ intention. Through other legal instruments, based on a duty of information exchange and sincere collaboration, several Union bodies, agencies and even international organisations may have access to EU PNR data, although limited by their mandate and to the extent necessary for the accomplishment of their tasks. The paper further examines the safeguards and data protection guarantees established in the PNR Directive and, where relevant, compares them to the Law Enforcement Data Protection Directive (LE Directive), the General Data Protection Regulation (GDPR) and the Europol Regulation, focusing on the data subject rights. Depending on the entity that processes EU PNR data, the legal regime of data protection will change. In the area of law enforcement, striking the right balance between the right to privacy and protection of personal data vis-à-vis public security is the cornerstone. The increasing systematic mass collection and processing of personal data by public authorities is cause for concern and sufficient substantive and procedural structures need to be put in place to scrutinise those activities in detail.
Original languageEnglish
Title of host publicationInternet of Things- Proceedings of the 22nd International Legal Infomatics Symposium IRIS 2019
EditorsErich Schweighofer, Franz Kummer, Ahti Saarenpää
Place of PublicationBern
PublisherEditions Weblaw
Number of pages10
ISBN (Print)978-3-96443-724-2
Publication statusPublished - 1 Jan 2019
Event22. Internationales Rechtsinformatik Symposion 2019 : Internet of Things - Universität Salzburg, Salzburg, Austria
Duration: 21 Feb 201923 Feb 2019
Conference number: 22

Publication series

NameJusletter IT


Conference22. Internationales Rechtsinformatik Symposion 2019
Abbreviated titleIRIS
Internet address


  • Directive 2016/681
  • PNR
  • law enforcement
  • GDPR
  • data protection


Dive into the research topics of 'Secondary Access to European Passenger Name Records'. Together they form a unique fingerprint.

Cite this