Giovanni Buttarelli, an EU data watchdog, has criticised the approval of a bill by the European Parliament's civil liberties committee's (LIBE) allowing governments to collect and store private data of individuals entering or leaving the EU on a commercial flight.
In a statement given on Friday, the watchdog said, "in a democratic society, the European Data Protection Supervisor (EDPS) questions the necessity of collecting and storing excessive amounts of the personal information of all passengers in the EU."
Under the new passenger name record (PNR) rules, security services can access passengers contact information, travel routes, computer IP-addresses and credit card information.
The most "sensitive" personal data can be stored for up to thirty days, while other data would be stored for up to four years in the case of suspects involved in crimes such as human or drug trafficking, or five years in terrorism cases.
The controversial bill, rejected in 2013 over concerns about the impact it could have on fundamental rights and data protection, was revived following the Paris terror attacks in January. Later that month, the European Parliament adopted a resolution committed to finalising an EU PNR directive by the end of 2015.
Buttarelli acknowledged that Europe faced "serious terrorist threats" and that there was a "need for appropriate action."
However, he warned, "according to the available information, no elements reasonably substantiate the need for the default collection of massive amounts of the personal information of millions of travellers."
He also highlighted the need for "proportionality" encouraging EU legislators to "explore the effectiveness of new approaches as well as of more selective and less intrusive surveillance measures."
At present, some EU member states are already using a PNR type system for the prevention, detection and investigation of cross-border crime and terror offences.
Supporters of PNR believe analysis of the data will allow security services to better identify and investigate serious crime and terrorism. The PNR proposals would regulate and harmonise methods of collecting and data throughout the EU.
Timothy Kirkhope, parliament's rapporteur on the bill, has previously defended the measures highlighting the importance of having "one EU-wide system" opposing a "patchwork approach to data protection."
He further justified the bill saying, "we live in a very dangerous world, a world where there have to be certain compromises."
The initial bill presented to LIBE was more extensive than the one eventually passed. Kirkhope, an ECR MEP, had previously tried to require PNR to be stored for all passengers' flights in the EU. These proposals were rejected by the committee.
Trialogue talks between Parliament, the Commission and the European Council began earlier this month with an aim to completion by the end of 2015.