Passenger Name Record (PNR) - review of regulations

Konieczna-Drzewiecka, Beata

doi:10.57599/gisoj.2021.1.2.71

Artykuł - szczegóły

Tytuł artykułu

Passenger Name Record (PNR) - review of regulations

Autorzy

Konieczna-Drzewiecka Beata

Treść / Zawartość

Pełne teksty:

Pobierz

Identyfikatory

DOI

10.57599/gisoj.2021.1.2.71

Warianty tytułu

Języki publikacji

Abstrakty

The flows of personal data to and from countries outside the Union are essential to the development of international trade and cooperation. The increase in such flows has raised new challenges and concerns with respect to the protection of personal data, which the EU Data Protection Reform was intended to counteract. Since May 2018, the transfer of data to third countries can only take place in full compliance with the General Data Protection Regulation. However, in addition to this EU regulation, a number of regulations relating to the processing of passenger name record have been developed in the European Union. The aim of this article is to present these regulations and to show the impact of GDPR on them.

Słowa kluczowe

General Data Protection Regulation Safe Harbor Privacy Shield Advance Passenger Information binding corporate rules

rozporządzenie o ochronie danych osobowych Safe Harbor Tarcza Prywatności Zaawansowane Informacje o Pasażerach wiążące reguły korporacyjne

Wydawca

SILGIS Association
Croatian-Polish Scientific Network

Czasopismo

GIS Odyssey Journal

Rocznik

2021

Tom

Vol. 1, no. 2

Strony

71--82

Opis fizyczny

Bibliogr. 34 poz.

Twórcy

autor

Konieczna-Drzewiecka Beata

b.konieczna@uksw.edu.pl

Cardinal Stefan Wyszyński University, Faculty of Law and Administration, Warsaw, Poland

https://orcid.org/0000-0002-9616-4055

Bibliografia

1. Agreement between the European Union and Australia on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the Australian Customs and Border Protection Service, OJ L 186, 14.7.2012, pp. 4–16.
2. Agreement between the United States of America and the European Union on the use and transfer of passenger name records to the United States Department of Homeland Security, OJ L 2015, 11.8.2012, pp. 5–14.
3. Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce, OJ L 2015, 25.8.2000, pp. 7–47.
4. Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland, notified under document number C(2000) 2304, OJ L 215, 25.8.2000, pp. 1–3.
5. Commission Decision of 20 December 2001 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act, notified under document number C(2001) 4539, OJ L 2, 4.1.2002, pp. 13–16.
6. Commission Decision of 30 June 2003 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Argentina, OJ L 168, 5.7.2003, pp. 19–22.
7. Commission Decision of 21 November 2003 on the adequate protection of personal data in Guernsey, notified under document number C(2003) 4309, OJ L 308, 25.11.2003, pp. 27–28.
8. Commission Decision of 28 April 2004 on the adequate protection of personal data in the Isle of Man, OJ L 151, 30.4.2004, pp. 48–51.
9. Commission Decision of 8 May 2008 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Jersey, notified under document number C(2008) 1746, OJ L 138, 28.5.2008, pp. 21–23.
10. Commission Decision of 5 March 2010 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection provided by the Faeroese Act on processing of personal data, notified under document C(2010) 1130, OJ L 58, 9.3.2010, pp. 17–19.
11. Commission Decision of 19 October 2010 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Andorra (notified under document C(2010) 7084, OJ L 277, 21.10.2010, pp. 27–29.
12. Commission Decision 2010/87/EU of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council, notified under document C(2010) 593, OJ L 39, 12.2.2010, pp. 5–18.
13. Commission Decision of 31 January 2011 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the State of Israel with regard to automated processing of personal data, notified under document C(2011) 332, OJ L 27, 1.2.2011, pp. 39–42.
14. Commission Implementing Decision of 21 August 2012 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the Eastern Republic of Uruguay with regard to automated processing of personal data, notified under document C(2012) 5704, OJ L 227, 23.08.2012, pp. 11–15.
15. Commission Implementing Decision of 19 December 2012 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by New Zealand, notified under document C(2012) 9557, OJ L 28, 30.1.2013, pp. 12–14.
16. Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield, notified under document C(2016) 4176, OJ L 207, 1.8.2016, pp. 1–112.
17. Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, OJ L 199, 7.6.2021, pp. 31–61.
18. Communication from the Commission on the global approach to transfers of Passenger Name Record (PNR) data to third countries, COM/2010/0492.
19. Council Directive 2004/82/EC of 29 April 2004 on the obligation of carriers to communicate passenger data, OJ 216, 6.8.2004, p. 4.
20. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data , OJ L 281, 23.11.1995, pp. 31–50.
21. Directive (EU) 2016/681 of the European Parliament and of the Council of 27 April 2016 on the use of Passenger Name Record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime, (OJ UE L 132, 4.5.2016, p. 119.
22. Fischer B. (2018). Art 46 Transfers subject to appropriate safeguards. In: M. Sakowska- Baryła (ed.), General Data Protection Regulation. Commentary, Warszawa, C.H. Beck, p. 472.
23. Grusza M. (2020). New rules for transferring personal data from the European Union to third countries (selected issues). Legal Review, no. 2, p. 15.
24. Judgment of the Court in case C-362,14, 6.10.2015, ECLI: EU:C:2015:650, no. 82
25. Karwala D. (2018). Commercial transfers of personal data to third countries. Warsaw, p. 437.
26. Kuner C. (2014). Safe Harbor before the EU Court of Justice. Cambridge Journal of International and Comparative Law, 13.4.2014, Safe Harbor before the EU Court of Justice – Cambridge International Law Journal (cilj.co.uk) [access: 21.11.2021].
27. Opinion of the European Data Protection Supervisor on the Communication from the Commission on the global approach to transfers of Passenger Name Record (PNR) data to third countries, COM/2010/0492, https://eur- lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0492:FIN:EN:PDF [access: 21.11.2021].
28. Opinion 01/2016 on the EU – U.S. Privacy Shield draft adequacy decision, Article 29 Data Protection Working Party, https://ec.europa.eu/justice/article- 29/documentation/opinion-recommendation/files/2016/wp238_en.pdf [access: 21.11.2021].
29. Rojszczak M. (2019). Protecting privacy in cyberspace, taking into account the threats posed by new information processing techniques. Warsaw, Wolters Kluwer, p. 335.
30. Szpor G. (2012). Administrative and legal problems associated with the expansion of the Internet. In: G. Szpor, W. Wiewiórowski (ed.). Internet. Problems of Net, Portals and e-Services. Warsaw, C.H. Beck, pp. 71–80.
31. The Act of 3 July 2002 – Aviation Law, OJ 2017, item 959 and 1089.
32. The Act of 14 May 2018 on the Processing of Passenger Name Record Data, OJ 2018, item 894.
33. The Stockholm Programme – An open and secure Europe serving and protecting the citizens, 2010/C 115/01.
34. Treaty of Lisbon amending the Treaty on European Union and the Treaty establishing the European Community, done at Lisbon on 13 December 2007, OJ 2009, No. 203, item 1569.

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-cdae8fca-6d9e-408a-8e25-97789efd5cd1