BRUSSELS (Reuters) – An EU law on gathering airline passenger information conforms with the bloc’s rights and data protection laws, but such data should only be retained if it is linked to a security threat and then only for five years, an adviser to Europe’s top court said on Thursday.
Adopted in 2016, the Passenger Name Record Directive (PNR) allows police and justice officials to access passenger data on flights to and from the EU to prevent serious crimes.
It has drawn criticism from rights groups including Belgium’s LDH, which in 2017 asked a domestic court to annul it for infringing privacy and data protection norms.
The court sought advice from the EU Court of Justice (CJEU), and that court’s advocate general, Giovanni Pitruzzella, said on Thursday that the PNR complied with the bloc’s data protection law.
He said there were sufficient safeguards to ensure the data’s security and confidentiality, but added that authorities should only be allowed to retain that information if a link to the fight against terrorism or other serious crimes could be established, and then only for five years.
The CJEU, which follows four out of five such non-binding opinions, will give its ruling sometime in the coming months.
(Reporting by Foo Yun Chee)