Germany backs plan to retain personal flight data across EU

Retaining flight data would violate fundamental rights, opponents said

The German government is calling for the EU-wide retention of personal flight data as an anti-terrorism measure, but is facing opponents who object to yet another database holding private information.

Jjihadists returning from battlegrounds in the Middle East threaten the security of the EU and urgent action is needed in the Federal Government's view, Germany said in a written response to questions asked by Andrej Hunko, a member of the Bundestag. One way to counter this threat is to detect suspicious travel movements via a database with personal flight data, the government said.

However, such a database would violate fundamental privacy rights and is not necessary because tracking down terrorists can be done with existing information systems, according to Hunko. This will be a "boundless retention of air traveler data to which police and intelligence agencies demand unlimited access," he said.

Such a database could be illegal. In May, the European Court of Justice (CJEU) invalidated EU laws requiring communications providers to retain metadata in much the same way as flight data would be retained because they interfered with fundamental privacy rights, Hunko added.

Nevertheless, the German support for a flight data retention means there is strong support for the EU Passenger Name Record (PNR) database that was proposed by the European Commission in 2011.

While the German government backed the plan, it did say that retaining data for five years is too long, and it would propose a shorter period.

PNR data comprises information provided by passengers when they book an airline ticket and check into flights as well as data as collected by airlines for their own commercial purposes. It contains about 60 different data sets including travel dates, itineraries, ticket information, contact details, travel agent, means of payment used, seat number and baggage information.

That data is stored in the airlines' reservation and departure control databases and the Commission proposed giving law enforcement access to that trove of personal data for the purpose of fighting serious crime and terrorism. If the plan is approved, airlines should transfer data on international flight passengers held in their reservation systems to a dedicated unit in the EU State. That PNR data could then also be shared with the U.S. Department of Homeland Security and other countries.

The proposal for such a database was put on ice in 2013, when the European Parliament rejected the plans because they found it would violate fundamental rights.

However, the topic has gained some traction since the European Council, which consists of the heads of EU member states or governments, called for the accelerated implementation of the EU PNR proposal to stem the flow of foreign fighters into Europe. They asked the Parliament and the Council of the EU, which is a different body composed of national ministers from each of the EU's 28 member states, to finalize work on the database before the end of the year.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to

Join the CSO newsletter!

Error: Please check your email address.

Tags securitydata protectionprivacy

More about EUEuropean CommissionEuropean ParliamentFederal GovernmentIDGNews

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place