U.S. law requires airlines operating flights to, from, or through the United States to provide the Department of Homeland Security (DHS), U.S. Customs and Border Protection (CBP), with certain passenger reservation information, called Passenger Name Record (PNR) data, primarily for purposes of preventing, detecting, investigating, and prosecuting terrorist offenses and related crimes and certain other crimes that are transnational in nature. This information is collected from airline travel reservations and is transmitted to CBP prior to departure.
Collection of this information from air carriers is authorized by 49 U.S.C. § 44909(c)(3) and its implementing (interim) regulations at 19 CFR 122.49d. These statutory and regulatory authorities require each air carrier operating passenger flights in foreign air transportation to, from, or through the United States to provide CBP with electronic access to PNR data to the extent it is collected and contained in the air carrier’s reservation and/or departure control systems.
Further, in order to permit transfers of PNR data to the U.S., the European Union (E.U.) has determined that U.S. laws, in conjunction with CBP policies regarding the protection of personal data, provide an adequate basis upon which to permit transfers of PNR data to the U.S. consistent with applicable E.U. law. An updated U.S.-E.U. PNR Agreement was signed in December, 2011.1 Provision of this information is mandatory for all air carriers transporting people to, from, or through the United States.