For the third time in eight years, European politicians are moving to pass a PNR (passenger name record) law. Previously proposed in 2007, 2011, and 2013, the PNR would require all airlines servicing international flights to and from Europe to store all of the data that they collect on the passengers they transport. The data would then be available to security agencies “who [lawmakers] say need it to prevent, detect, investigate and prosecute serious crime”.
The main opposition to the PNR: The European Data Protection Supervisor, Giovanni Buttarelli states that: “The EU PNR Proposal entails an interference with the fundamental rights of a very large number of air passengers, without differentiation, limitation, or exception being made in the light of the objective of fighting against serious crime and terrorism.” “A massive, non-targeted and indiscriminate collection of data” needs to be justified.
Another thing to keep in mind, is that if airliners are required to store data on all of their passengers traveling to and from Europe, cyber-criminals (see fig 1.1) could target airliners to steal personal information (see fig 1.2). This could lead to a change in targeted data breaches; from retail in 2013, to possibly airlines in 2016.