THE COMMISSION OF THE EUROPEAN COMMUNITIES,

Having regard to the Treaty establishing the European Community,

Having regard to Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data(1), and in particular Article 25(6) thereof,

Whereas:

(1) Pursuant to Directive 95/46/EC, Member States are required to provide that the transfer of personal data to a third country may take place only if the third country in question ensures an adequate level of protection and if the Member States’ laws implementing other provisions of the Directive are complied with prior to the transfer.

(2) The Commission may find that a third country ensures an adequate level of protection. In that case, personal data may be transferred from the Member States without additional guarantees being necessary.

(3) Pursuant to Directive 95/46/EC the level of data protection should be assessed in the light of all the circumstances surrounding a data transfer operation or a set of data transfer operations, particular consideration being given to a number of elements relevant for the transfer and listed in Article 25(2) thereof.

(4) In the framework of air transport, the ‘Passenger Name Record’ (PNR) is a record of each passenger’s travel requirements which contains all information necessary to enable reservations to be processed and controlled by the booking and participating airlines(2). For the purposes of this Decision, the terms ‘passenger’ and ‘passengers’ include crew members. ‘Booking airline’ means an airline with which the passenger made his original reservations or with which additional reservations were made after commencement of the journey. ‘Participating airlines’ means any airline on which the booking airline has requested space, on one or more of its flights, to be held for a passenger.

(5) The Canada Border Services Agency (the CBSA) requires each carrier operating passenger flights bound for Canada to provide it with electronic access to PNR to the extent that PNR is collected and contained in the air carrier's automated reservation systems and departure control systems.

(6) The requirements for personal data contained in the PNR of air passengers to be transferred to the CBSA, are based on section 107.1 of the Customs Act and paragraph 148(d) of the Immigration and Refugee Protection Act and upon implementing regulations adopted under those statutes(3).

(7) The Canadian legislation in question concerns the enhancement of security and the conditions under which persons may enter the country, matters on which Canada has the sovereign power to decide within its jurisdiction. The requirements laid down are not, moreover, inconsistent with any international commitments which Canada has undertaken. Canada is a democratic country, governed by the rule of law and with a strong civil liberties tradition. The legitimacy of its law-making process and strength and independence of its judiciary are not in question. Press freedom is a further strong guarantee against the abuse of civil liberties.

(8) The Community is fully committed to supporting Canada in the fight against terrorism within the limits imposed by Community law. Community law provides for striking the necessary balances between security concerns and privacy concerns. For example, Article 13 of Directive 95/46/EC provides that Member States may legislate to restrict the scope of certain requirements of that Directive, where it is necessary to do so for reasons of national security, defence, public security and the prevention, investigation, detection and prosecution of criminal offences.

(9) The data transfers concerned involve specific controllers, namely airlines operating flights from the Community to Canada, and only one recipient in Canada, namely the CBSA.

(10) Any arrangement to provide a legal framework for PNR transfers to Canada, in particular through this Decision should be time-limited. A period of three and a half years has been agreed. During this period, the context may change significantly and the Community and Canada agree that a review of the arrangements will be necessary.

(11) The processing by CBSA of personal data contained in the PNR of air passengers transferred to it is governed by conditions set out in the Commitments by the Canadian Border Services Agency in relation to the application of its PNR program (henceforth referred to as the ‘Commitments’) and in Canadian domestic legislation to the extent indicated in the Commitments.

(12) As regards domestic law in Canada, the Privacy Act, the Access to Information Act and Section 107 of the Customs Act are relevant in the present context in so far as they control the conditions under which the CBSA may resist requests for disclosure and thus keep PNR confidential. The Privacy Act governs the disclosure of PNR to the person whom it concerns, closely linked to the data subject's right of access. The Privacy Act only applies to anyone present in Canada. However, in addition, the CBSA grants access to PNR information held on a foreign national if he or she is not present in Canada.

(13) As regards the Commitments, and as provided in section 43 thereof, the statements in the Commitments either have been incorporated in existing Canadian law, or are enshrined in domestic regulations formulated specifically for that purpose and thus will have legal effect. The Commitments will be published in full in the Canada Gazette. As such, they represent a serious and well-considered commitment on the part of the CBSA and their compliance will be subject to joint review by Canada and the Community. Non-compliance could be challenged as appropriate through legal, administrative and political channels and if persistent, would give rise to the suspension of the effects of this Decision.

(14) The standards by which the CBSA will process passengers' PNR data on the basis of Canadian legislation and the Commitments cover the basic principles necessary for an adequate level of protection for natural persons.

(15) As regards the purpose limitation principle, air passengers' personal data contained in the PNR transferred to the CBSA will be processed for a specific purpose and subsequently used or further communicated only insofar as this is compatible with the purpose of the transfer. In particular, PNR data will be used strictly for purposes of preventing and combating: terrorism and related crimes; other serious crimes, including organised crime, that are transnational in nature.

(16) As regards the data quality and proportionality principle, which needs to be considered in relation to the important public interest grounds for which PNR data are transferred, PNR data provided to the CBSA will not subsequently be changed by it. A maximum of 25 PNR data categories will be transferred and the CBSA will consult and agree with the European Commission regarding revision of the 25 required PNR data elements set out in Attachment A, prior to effecting any such revision. Additional personal information sought as a direct result of PNR data will be obtained from sources outside the government only through lawful channels. As a general rule, PNR will be deleted after a maximum of three years and six months.

(17) As regards the transparency principle, the CBSA will provide information to travellers as to the purpose of the transfer and processing, and the identity of the data controller, as well as other information.

(18) As regards the security principle, technical and organisational security measures are taken by the CBSA, which are appropriate to the risks presented by the processing.

(19) The rights of access, correction and notation are recognized in the Privacy Act to those individuals present in Canada. The CBSA will extend these rights in respect of PNR information in its possession to foreign nationals who are not present in Canada. The exceptions foreseen are broadly comparable with the restrictions which may be imposed by Member States under Article 13 of Directive 95/46/EC.

(20) Onward transfers will be made to other government authorities, including foreign government authorities on a case-by-case basis, for purposes that are identical to or consistent with those set out in the statement of purpose limitation concerning a minimum amount of data. Transfers may also be made for the protection of the vital interest of the data subject or of other persons, in particular as regards significant health risks or in any judicial proceedings or as otherwise required by law. Receiving agencies are obligated by the express terms of disclosure to use the data only for those purposes and may not transfer the data onwards without the agreement of the CBSA. No other foreign, federal, provincial or local authority has direct electronic access to PNR data through the CBSA databases. The CBSA will deny public disclosure of PNR on the basis of exemptions from the relevant provisions of the Access to Information Act and the Privacy Act.

(21) The CBSA does not receive sensitive data in the sense of Article 8 of Directive 95/46/EC.

(22) As regards the enforcement mechanisms to ensure compliance by the CBSA with these principles, the training and information of the CBSA staff is provided for, as well as sanctions with regard to individual staff members. The CBSA’s respect for privacy in general will be under the scrutiny of the independent Office of the Canadian Privacy Commissioner under the conditions set out in the Canadian Charter of Rights and Freedoms and the Privacy Act. The Privacy Commissioner may address complaints referred to it by the data protection authorities in Members States on behalf of residents of the Community, if the resident believes his or her complaint has not been satisfactorily dealt with by the CBSA. Compliance with the Commitments will be the subject of annual joint review to be conducted by the CBSA and a Commission-led team.

(23) In the interest of transparency and in order to safeguard the ability of the competent authorities in the Member States to ensure the protection of individuals as regards the processing of their personal data, it is necessary to specify the exceptional circumstances in which the suspension of specific data flows may be justified, notwithstanding the finding of adequate protection.

(24) The Working Party on Protection of Individuals with regard to the Processing of Personal Data established under Article 29 of Directive 95/46/EC has delivered opinions on the level of protection provided by the Canadian authorities for passengers' data, which has guided the Commission throughout its negotiations with the CBSA. The Commission has taken note of these opinions in the preparation of this Decision(4).

(25) The measures provided for in this Decision are in accordance with the opinion of the Committee established under Article 31(1) of Directive 95/46/EC,

HAS ADOPTED THIS DECISION: