TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | Working Party, Dutch DPA: European Commission Should Enter into PNR Negotiations with South Korea Related reading: Evolving privacy law 'exciting' for IAPP Westin Scholar

rss_feed

""

""

By Richard van Staden ten Brink

Working Party, Dutch DPA: European Commission Should Enter into PNR Negotiations with South Korea

As of April 1, South Korea requires European Union (EU) airlines to provide Passenger Name Record-data ("PNR data") of passengers flying from the EU to South Korea. However, EU airlines that comply with this requirement will inadvertently violate EU data protection law, because South Korean law does not provide an "adequate level" of data protection.

The U.S. government, which also requires EU airlines to provide PNR data, has resolved a similar issue by reaching an agreement with the EU. Pursuant to this agreement, the U.S. Department of Homeland Security is deemed to provide an adequate level of data protection for PNR data from the EU. Australia will soon enter into negotiations with the EC to reach a similar agreement.

However, the EC refuses to negotiate with South Korea. In a letter of 26 February 2008 to the South Korean government, the European Commission (EC) states: "the situation of the Republic of Korea should be resolved in accordance with national legislation of the Member States where the affected air carriers are established." Apparently, the EC is of the opinion that the South Korea PNR requirement should be dealt with by the individual Member States, because it is not a community concern. Only a few airlines in the EU, established in The Netherlands, Germany and France, operate direct flights to South Korea.

In a letter of March 19, the Chairman of the Article 29 Working Party urged the Presidency of the Council of Europe to give the European Commission a mandate to start negotiations with South Korea. According to the Working Party, any provision of PNR data to a third country without an adequate level of data protection is a community concern, and a diverging position towards South Korea will harm EU interests and the privacy of EU residents. On March 25, the Dutch DPA sent a letter to the Dutch Minister of Justice in which it supported the view of the Article 29 Working Party and requested the Minister to address the issue in the Council of Europe as soon as possible.

Richard van Staden ten Brink, CIPP, is advocaat at De Brauw Blackstone Westbroek in Amsterdam. He may be reached at richard.vanstadentenbrink@ debrauw.com.

Comments

If you want to comment on this post, you need to login.