|Statewatch article: RefNo# 27978
|Statewatch News Online, July 2007
|- why have we heard so little about the EU's API system?
- what is the difference between API, APP and PNR?
- new US PNR list the same as the old one
After the EU concluded a controversial new agreement with the USA giving its agencies access to PNR (passenger name record) personal data on everyone flying to and from that country the European Commissioner for justice and home affairs, Mr Frattini, said that he would present a Framework Decision for a EU PNR system in October.
Mr Frattini is reported as saying that, in the wake of the attempted attacks in London and Glasgow: "I suggest that all member states should equip themselves with a PNR system and share information with others when relevant".
Mr Frattini's proposal is all the more confusing as there appears to have been no reference to the implementation of the April 2004 EU Directive on the obligation of carriers to communicate passenger data which had to be implemented in all member states by 5 September 2006.
The 2004 Directive
The 2004 EU Directive was adopted in the wake of the dreadful train bombings in March that year: 2004 Directive
The Directive is aimed at "improving border controls and combating illegal immigration" and places an obligation on airlines to send by the "end of check-in" details on the passengers they will bring into the EU to the "authorities" in the receiving member state - this covers all passengers both EU citizens and visitors.
The data to be sent comprises (Article 3):
- personal data on each passenger: type of travel document (eg: passport/visa), nationality, full name and date of birth, that is, the data held on the "machine readable zone" (MRZ) of passports (just four items of data). This is known as Advance Passenger Information or "API".
- second, details of the flight: place on entry into EU, plane code, departure and arrival time, number of passengers and point of embarkation.
Sanctions are to be in place to fine airlines which fails to transmit the data or provide incomplete or false data (Article 4).
If the data is not needed later for "statutory functions" of national border agencies then it should be deleted 24 hours after transmission. The data can also be processed for law enforcement purposes (Article 6.1). In short, most data will be deleted but this will not prevent border, security and law enforcement agencies from retaining data they think is needed.
It appears that Spain is the first EU country to start collecting API (Advance Passenger Information) from incoming travellers as from 13 June 2007 - the UK requires API from targeted countries.
Article 3.1 refer to transferring data "by the end of check-in". However, airlines are likely to collect API data when the ticket is booked days or weeks before the flight, see for example, Advance Passenger Information (link) This data could be passed to the national agencies well prior to check-in and be followed by a final passenger manifest after check-in.
So the question has to be asked: If the collection of API at the flight booking stage becomes the norm why is PNR needed?
What is the difference between API, APP and PNR?
The transmission of API is an ICAO (International Civil Aviation Organisation) standard and contains only the personal data currently available in the MRZ of EU passports. This data can be, and is, used to carry out checks against security and intelligence "watch-lists" through what is called "Advance Passenger Processing" (APP).
APP also known as a "Board/No Board" and "Red Light/Green Light System" whereby a directive for each passenger, is transmitted back to the airline permitting or denying boarding (ICAO-FAL/12-WP/60, 10.3.04). US Customs and Border Protection call this process AQQ (Apis Quick Query) leading to a "cleared" or "not cleared" message being sent back for each passenger.
API is thus the collection of data to<
© Statewatch ISSN 1756-851X. Personal usage as private individuals/"fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions oof that licence and to local copyright law. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement.