To sort a three-year old data dispute on PNR data collection, Mexican authorities communicated April 1^st that an accord was reached in order to postpone the deadline, initially fixed for the 1^st of April 2015, until the 1^st of July, leaving the European Union four more months time to solve the dispute and avoid European air carriers risk 30,000$ fine for every flight to Mexico.

It was during the month of March that Spain expressed concerns about the Mexican ultimatum, wanting European airlines to hand over the personal detail of their passengers, also known as passenger name records (PNR), to Mexican government authorities, asking that this subject would be threated during the JHA Council of March the 12^th, in order to focus the attention on this thorny issue.

In Mexico, an adoption of a legislation concerning and requiring the companies operating on Mexican ground to provide the national government with PNR data, in order to fight and prevent terrorism, was already reached in 2012, but the lack of a bilateral framework at the EU level and the outstanding issue over privacy has forced Mexico to derogate its laws on three separate occasions.

During the last period, after several contacts between the parts, an accord was reached during the last week of March, foreseeing Mexican authorities abandoning the current deadline, fixed for April 1^st, in return for a public commitment where the EU promises to involve in the preparation of a new legislative accord, similar to the ones currently discussed between EU and USA, Canada or Australia.

So far, the European commission has signed off on PNR agreements with Australia, Canada, and the United States. « It should come as no surprise to the EU that having put three PNR agreements in place that other countries now want the same,” said Tony Bunyan, director of London-based civil liberties group Statewatch, in a statement. « Reaching agreement on new PNR deals, which meet EU data protection standards, is on past evidence going to take years especially for countries whose democratic standards and privacy laws may be questionable, » he added.

With the new legislative accord, the European companies won’t just be obliged to provide the classical API data, common practice since 2004, but the PNR data, a different “kettle of fish”. The questions rising on the issue are numerous, starting from the very short time left to the European legislator in order to finalize a legal basis.

On the one hand, in order to solve this dispute, the Commission focuses its hopes and attentions on the JHA Council of June, looking forward for the ministers to adopt the negotiating mandate for this future accord. Once adopted by the Council, the EP as a consequence will have to give its consent to this international accord speeding up the times.

On the other hand, as it is still unclear if PNR systems warrant or lack the adequate safeguards needed to ensure governments don’t abuse the data collected, EU Commissioner Dimitris Avramopoulos promised the MEPs, no more accords on PNR will be reached until the ECJ evaluated and reached a conclusion on the previous accord reached with Canada.

According to the procedure, it’s only after the Council’s adoption of the negotiating mandate, hoped for June therefore, that the Commission might initiate the discussions with Mexico.

The disposal of time is limited, if an agreement has to be reached before July 1^st, there are only four months left for the European institutions to play their game, and still many question left to solve.

Patrick Zingerle

To know more: