European airlines are facing a growing dilemma over demands from an increasing number of governments to hand over sensitive passenger data - a step that would breach European Union data-protection rules unless there are dedicated legal agreements to permit it.
Only two other countries have such PNR agreements with the EU: Australia and Canada.
Now more governments are demanding the same. Mexico has threatened to impose fines of up to $30,000 per flight if airlines don't pass on PNR data, including the name, address, credit-card information and meal preference of every passenger on a flight.
The fines were supposed to be introduced from April 1, but the Mexican government said on Tuesday that it will delay their enforcement until July 1 after it secured a promise from the European Commission of a future EU-Mexico agreement on the transfer of PNR data.
This may encourage other countries to use the threat of fines in securing such agreements, says Viktoria Vajnai from the Association of European Airlines, representing 29 major airlines based in Europe.
"There are numerous non-EU countries knocking on our doors asking for PNR, for instance South Korea since 2007. South Korea has threatened the EU carriers many times as they are the only airlines in the world who are not transferring the data to them. So far they understood our concern but indeed Mexico would create a precedent," Ms. Vajnai said.
Argentina, like Mexico, has also adopted its own PNR system, as have Brazil, New Zealand, Japan, the United Arab Emirates, Saudi Arabia and Russia. They have all approached European airlines requesting PNR data and are likely to follow the Mexican precedent.
Negotiating accords to share data takes time, however. The Canadian and Australian agreements took three years of negotiations.
The EU meanwhile, in the aftermath of the terrorist attacks in France and Denmark this year, has revived a dormant plan of setting up a PNR system for intra-EU flights.
However, data privacy remains the main stumbling block in all these efforts. The European Parliament is stalling the intra-EU PNR project and has challenged the EU-Canada PNR agreement in court, citing data-privacy concerns. If that agreement is struck down, it will likely affect future agreements.
The European Court of Justice, EU's top court, struck down the initial EU-U.S. accord on PNR transfers in 2006 as it lacked an "appropriate legal basis."
The Bush administration kept the data flows going under an interim agreement introduced in 2007, which was replaced by a new agreement approved by the European Parliament in 2012. In an attempt to solve the cumbersome country-by-country approach, the European Commission meanwhile has said that it will revive plans for a more "horizontal approach" over the use of PNR data with countries outside the EU. Details will be made public in late-April, as part of an overhauled EU security strategy.
Original article