Effective PNR systems must integrate privacy by design
Building intelligence into borders will be key to the effective use of PNR data, says Ray Batt.
The use of passenger name record (PNR) data for risk assessment is nothing new. Customs have used it for decades, and some EU member states already use PNR in a non-systematic way to fight serious crime and terrorism. With the adoption of the EU-PNR directive, however, the question is now how to transition to a more systematic approach for the collection and use of PNR data within the Union.
The first concern is to get information in a way that respects two essential principles: privacy and proportionality.
Member states and airline travellers have to be confident of the integrity and confidentiality of the information - and that this information is only being used for its intended purpose. This means we need systems that integrate privacy by design.
- Timothy Kirkhope: EU PNR deal could provide future standard in balancing security and civil liberties
- EU PNR could be great tool in fight against major crime
- Jörg Leichtfried: EU PNR proposal is 'neither proportionate nor appropriate'
- Rapporteur won't let PNR become 'a political football'
- EU data protection watchdog labels anti-terror bill undemocratic
In other words, systems that comply with data anonymisation and purging requirements, and that offer secure, role-based access to authorised end-users only.
However, while the level of access to data may vary by department, collaboration between agencies is the cornerstone of effective risk management, as it provides a much richer view of potential threats. A big challenge in this area is integrating multiple systems used by different government agencies.
Federated systems with partitioned access could facilitate interoperation between departments while ensuring that the information is available to the right users for the right purpose.
Cooperation between member states will also be key to detecting increasingly sophisticated security threats. As patterns of suspicious behaviours are no longer confined within one territory, so, effective information sharing between states will be vital to delivering a rapid and effective response. Deploying systems that can interoperate with multiple data sources is critical to achieving this goal.
In order for the risk assessment process to be effective, another prerequisite is to assure the reliability of the information through improved data capture and data quality checks. The challenge is correctly identifying threats from incomplete or sometimes conflicting information. Techniques such as advanced pattern matching and fuzzy logic can help overcome the challenges of partial or incorrectly entered information.
But collecting and processing PNR data is only the foundation for effective risk management. Building intelligence into borders is part of a much larger picture. In this regard, profiling is key. It involves incorporating and analysing data from multiple sources to detect suspicious behaviours and trends - rather than searching for individuals.
One of the outcomes of successful profiling is that it supports experts in exploiting vast amounts of data and allows agencies to harness human intelligence to target previously unknown persons of interest. What is vital is to have systems that provide agents with the information they need to make timely and confident decisions on what action to take, or not to take.
This content is published by the Parliament Magazine on behalf of our partners.
The European Commission's Pillar of Social Rights initiative must include proposals to counter the negative impact EU economic governance rules, says Eduardo Chagas.
But policy incentives to take account of its environmental benefits are needed for the market to accelerate, argues Trevor Morgan.
The EU must help ‘anchor’ Western Balkan countries by supporting their Nato and EU integration prospects, argues Eli Hadzhieva.