13.—[F1(1) Paragraphs (1A) and (1B) apply to PNR data transferred to the PIU—

(a)by air carriers pursuant to a requirement imposed under—

(i)paragraph 27B(2) of Schedule 2 to the Immigration Act 1971, or

(ii)section 32(2) of the Immigration, Asylum and Nationality Act 2006, or

(b)by an EU PIU.]

for a period of five years beginning with the date of the transfer.

[F2(1A) In the case of EU PNR data, the PIU must permanently delete the data before the end of the period of five years beginning with the date of the transfer, subject to regulation 13B if the data is restricted EU PNR data within the meaning of that regulation.

(1B) In any other case, the PIU must—

(a)retain the PNR data for a period of five years beginning with the date of the transfer, and

(b)permanently delete that data upon expiry of that period.

(1C) Paragraphs (1A) and (1B) do not affect the power of the PIU to retain PNR data where it is used in the context of specific cases for a purpose described in regulation 6(3).]

(2) Upon expiry of a period of six months beginning with the date of transfer of the PNR data by an air carrier [F3or an EU PIU] the PIU must depersonalise the PNR data through masking out of the following data elements—

(a)names, including the names of other passengers on the PNR and number of travellers who are travelling together on the PNR;

(b)address and contact information;

(c)all forms of payment information, including billing address;

(d)frequent flyer information;

(e)general remarks, F4...

(f)any API data.

[F5(g)Other Service Information (OSI), and

(h)System Service Information (SSI) and System Service Request information (SSR).]

(3) Paragraph (2) applies to the extent that the data elements listed in that paragraph could serve to identify directly the [F6person] to whom the PNR data relates.

[F7(3A) The PIU must ensure that unmasked PNR data is only accessible by persons specifically authorised by the PIU to access such data and must limit the number of persons authorised to the minimum number practicable.]

(4) Upon expiry of the period referred to in paragraph (2) the PIU must not disclose the unmasked PNR data except where—

(a)the PIU is satisfied that the disclosure is necessary for [F8a purpose described in regulation 6(3)], and

(b)the disclosure is approved by the most senior officer within the PIU who has been charged with verifying whether the conditions for disclosure of the full PNR are met.

(5) In circumstances where the PIU discloses the unmasked PNR data—

(a)the officer referred to in paragraph (4)(b) must inform the data protection officer, and

(b)the data protection officer must conduct a review of that disclosure.

(6) Any UK competent authority which is storing or otherwise processing PNR data must permanently delete that data [F9when that data is no longer required in the context of the specific case for which it was transferred to the UK competent authority].

F10(7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

F10(8) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

F10(9) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

F10(10) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .