Effective PNR systems must integrate privacy by design

Building intelligence into borders will be key to the effective use of PNR data, says Ray Batt.

By Ray Batt

10 Jun 2016

The use of passenger name record (PNR) data for risk assessment is nothing new. Customs have used it for decades, and some EU member states already use PNR in a non-systematic way to fight serious crime and terrorism. With the adoption of the EU-PNR directive, however, the question is now how to transition to a more systematic approach for the collection and use of PNR data within the Union.

The first concern is to get information in a way that respects two essential principles: privacy and proportionality.

Member states and airline travellers have to be confident of the integrity and confidentiality of the information - and that this information is only being used for its intended purpose. This means we need systems that integrate privacy by design.


In other words, systems that comply with data anonymisation and purging requirements, and that offer secure, role-based access to authorised end-users only.

However, while the level of access to data may vary by department, collaboration between agencies is the cornerstone of effective risk management, as it provides a much richer view of potential threats. A big challenge in this area is integrating multiple systems used by different government agencies.

Federated systems with partitioned access could facilitate interoperation between departments while ensuring that the information is available to the right users for the right purpose.

Cooperation between member states will also be key to detecting increasingly sophisticated security threats. As patterns of suspicious behaviours are no longer confined within one territory, so, effective information sharing between states will be vital to delivering a rapid and effective response. Deploying systems that can interoperate with multiple data sources is critical to achieving this goal.

In order for the risk assessment process to be effective, another prerequisite is to assure the reliability of the information through improved data capture and data quality checks. The challenge is correctly identifying threats from incomplete or sometimes conflicting information. Techniques such as advanced pattern matching and fuzzy logic can help overcome the challenges of partial or incorrectly entered information.

But collecting and processing PNR data is only the foundation for effective risk management. Building intelligence into borders is part of a much larger picture. In this regard, profiling is key. It involves incorporating and analysing data from multiple sources to detect suspicious behaviours and trends - rather than searching for individuals. 

One of the outcomes of successful profiling is that it supports experts in exploiting vast amounts of data and allows agencies to harness human intelligence to target previously unknown persons of interest. What is vital is to have systems that provide agents with the information they need to make timely and confident decisions on what action to take, or not to take.


Share this page