On 14 April 2016, the European Parliament approved the new directive regulating the use of Passenger Name Record (PNR) data in the EU, for the prevention, detection, investigation and prosecution of terrorist offences and serious crime. Pursuant to the new directive, airline companies will be obliged to provide national authorities with some information concerning non–EU passengers, such as travel dates and itineraries, their addresses and personal information, method of payment etc.

In order to manage the PNR data collected by air carriers, Member states will have to set up “Passenger Information Units” (PIUs), which will be responsible for collecting, storing and processing PNR data, for transferring them to the competent authorities, and for exchanging them with the PIUs of other Member states and with Europol.

The directive will also provide guarantees on privacy by “masking out” passengers’ names, addresses and contact details after six months, and by retaining the data no longer than five years. Furthermore, the directive does not require the airlines to collect additional data or passengers to provide more information.