On November 15, 2018, the draft law on “Responsibilities of airline companies regarding PNR data – adaptation of the legislation with Directive (EU) 2016/681” was submitted to the Greek Parliament.

Homo Digitalis submitted an open letter on November 27, addressed to all the Members of the Greek Parliament; this letter was meant to call their attention to this draft law, which does not provide for adequate protection, according to the requirements set by the Court of Justice of the European Union (CJEU) with its Opinion 1/15, dated 26 July 2017, on the EU-Canada agreement regarding PNR data.

It must be noted that this data may reveal the movement pattern of a person, such as travel time, departure location and destination, his/her email address and postal address, as well as the persons travelling with him/her, but also other relevant data, such as hotel reservations; all these reveal information for work or personal transportation, but also the social interactions of a person, including friends or partners.

Homo Digitalis underlined that:

1. The national “PNR data Unit” must be an authority responsible for the prevention and prosecution of terrorist and serious crimes or part of such an authority.
2. There is no provision for a system, which will record access to the PNR data
3. There is no provision for judicial control prior to the grant of access to investigation and other authorities
4. The time for which PNR data is maintained exceeds the absolutely necessary timeframe
5. The PNR data of underage persons, which are transmitted, must be described in a clear and precise manner
6. The PNR data transmitted must not reveal religious beliefs or health information of the passenger

You can read the whole letter in Greek here.