The European Parliament has just approved by a large majority a measure – the Passenger Name Record Directive – that will require airlines to hand over to national authorities extensive passenger data for all flights into and out of the European Union.

The information, which is provided by passengers when booking a flight, checking in or boarding, includes such data as passport numbers and nationality, travel itineraries, payment details and even special service requests like meal preferences. The data will be retained for five years, though particulars such as name, address and contact details will be expunged after six months to protect people’s identities.

This is an anti-terrorism measure which has been strongly advanced in reaction to the attacks in Paris and Brussels. Its proponents say it will close gaps in countries’ intelligence systems that terrorists and criminals exploit. They consider it will help in the prevention and investigation of terrorist offences.

Its critics, on the other hand, regard it as an excessive infringement of individual privacy and civil liberties. They see it is a disproportionate response to the prevailing threat and think there is limited proof of its future effectiveness, which is dependent on the whole EU adopting a coordinated response.

The PNR is therefore a blow to those who strongly guard the EU’s civil liberties. But it inevitably reflects the security imperatives that drive it.

The European data protection supervisor has described PNR as “the first large-scale and indiscriminate collection of personal data in the history of the EU”. Data protection experts think that an indiscriminate collection of personal data, as envisaged by PNR, could well suffer the same fate as the Data Retention Directive, which was rejected by the European Court of Justice in 2014.

On security grounds, all other factors being equal, the case for a sharing of the personal information being gathered by the airlines with the intelligence community seems unanswerable. But in a democracy all factors are not equal. There has to be a trade-off between privacy and security.

The issues raised by PNR are twofold: first, whether, in its enthusiasm to protect the citizen, the EU has intruded needlessly and unjustifiably into their right to privacy; and, secondly, how effective it will be in practice.

In a democracy, intrusion into citizens’ right to privacy depends for its legitimacy on informed consent, not simply on blind trust. Intelligence agencies need access to information but not on everything, always and everywhere. The costs and intrusion on civil rights must be proportionate to the threat.

Most reasonable people would accept that some operational efficiency is surely worth sacrificing in the interests of keeping the Big Brother state at arm’s length. Even allowing for the need to keep some things under wraps, all citizens expect a clearer idea of what their security services are doing in their name.

On the other hand, constant vigilance is required by our security and intelligence services to guard against the threats of violent extremists. But this must be matched by constant vigilance to ensure this does not come at the cost of individual freedom and liberty. There is always a balance to be struck between liberty and security.

In the understandably nervous mood that prevails throughout Europe, national security has, quite rightly, been placed above personal privacy by legislators in the European Parliament. Whether the latest PNR directive will be an effective tool to foil terrorists attempting to get into Europe remains to be seen.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.