Passenger tracking in the EU will be as invasive as it is in the US

In this comment article, Professor Valsamis Mitsilegas - head of QMUL’s Department of Law - considers the implications of the increasingly heated debate around the collection and retention of information from air passengers.


A European scheme to collect and retain information from all air passengers has resurfaced in the wake of the Paris terrorist attacks, despite having been rejected by the European Parliament in 2013.

The system involves airlines collecting personal information - including payment details, addresses and meal preferences in addition to passport data - into passenger name records (PNR), which are then transferred to national authorities at each end of the flight.

While the debate over an EU-wide scheme continues, the same scheme has been operating for all flights between EU member states and the US since 2001.

This blanket mass surveillance was instigated by the US in the wake of the 9/11 terrorist attacks, but put airlines in a bind: the US Department of Homeland Security demands the information from them, but European data protection law bars the transfer of data outside the EU. Consequently the measure has followed a convoluted path through the European legislature in an effort to reach an agreement.

Despite objections to the scale of data gathering and the length of time it is retained, the European Parliament eventually approved the 2011 version of the EU-US agreement in 2012.

Mass surveillance beyond the law

This agreement legitimises an international system of generalised mass surveillance, posing challenges particularly to the EU Charter of Fundamental Rights. The perception that the agreement breaches rights and principles agreed in Europe has only worsened with the Snowden revelations detailing the scale of US spying through the NSA.

The same concerns are echoed, and the same rights upheld, in the ruling by the European Court of Justice in 2014 that the EU Data Retention Directive contravenes European law. The court found the system of generalised and unlimited mass surveillance based on the blanket retention of telecommunications data set out by the Directive disproportionate and in breach of the rights to private life and data protection.

But in the UK, the government simply ignored the ruling and continued to require companies such as ISPs and telecom firms to retain customer data. The ECJ reached similar conclusions in the earlier Marper case, brought over the retention of DNA data by the police.

Europe-wide laws rejected before

Now a European-wide PNR sharing scheme has surfaced again , despite the lengthy legal challenges to the EU-US measure and other similar surveillance and data retention schemes. While supported by member state governments at the European Commission level, MEPs have so far rejected it.

The attacks in Paris will inevitably be put forward as an indication of how it will help to secure Europe’s borders against "foreign fighters".

Any system of mass surveillance and monitoring of European citizens moving around the Schengen area stands in stark contrast to their right to free movement - perhaps even infringing that right. Generalised surveillance along the lines proposed by the EU PNR system is an attack on the right to privacy and has the effect of eroding the relationship of trust between the citizen and the state.

The state collects a wide range of personal data stemming from everyday, legitimate activities with the aim of using these data for the purposes of continuous risk assessment of citizens. This is not based on concrete suspicions, but in order to pre-empt future crimes.

This model of pre-emptive mass surveillance has a "chilling effect" for freedom of expression and creates a climate of constant suspicion and uncertainty. As the German Constitutional Court noted when ruling the domestic data retention law unconstitutional, this evokes:

A sense of being watched permanently... The individual does not know which state official knows what about him or her, but the individual does know that it is very possible that the official does know a lot, possibly also highly intimate matters.

The attacks in Paris will inevitably be put forward as an indication of how an EU PNR system can help to address the phenomenon of "foreign fighters". But there is little by way of concrete evidence to support such a claim and justify the proportionality of introducing an EU surveillance system of this scale. Its implementation would be fraught with risk, and heavy with the weight of its quiet consequence. In the absence of such evidence, the proposals amount to an unacceptable and deeply unpalatable treatment of the rights of EU citizens.

  • This article first appeared in the Conversation
  • The image is reproduced, with thanks, under creative commons [ credit: Alan Levine ]

About the author

Professor Valsamis Mitsilegas is head of the Department of Law, Professor of European Criminal Law and Director of the Criminal Justice Centre at Queen Mary University of London. From 2001 to 2005 he was legal adviser to the House of Lords European Union Committee.

Law at Queen Mary University of London

The School of Law has as its central focus the role of law and its institutions in contemporary international society and it is divided into two organisational units: the Department of Law and the Centre for Commercial Law Studies (CCLS). The School of Law at Queen Mary University of London has been ranked third in the UK and first in London in the Guardian University Guide 2015 subject league tables.