Passenger Data Storage: EU Plans Total Surveillance of Buses, Trains, Ships, and Cars

General
1

EU Proposes Passenger Data Storage Directive for Comprehensive Monitoring of Road, Rail, Inland Waterway, and Sea Transport

The European Commission has unveiled a draft directive aimed at establishing a mandatory passenger data storage regime across multiple modes of transport, extending surveillance measures previously limited to air travel. Titled the “Directive on the resilience of public transport through passenger data,” the proposal targets buses, trains, inland waterway vessels, and maritime ships operating within the European Union. This initiative mirrors the existing Passenger Name Record (PNR) system for flights but broadens its scope to ground and water-based passenger services, prompting significant concerns over privacy and data protection.

Scope and Coverage of the Directive

Under the proposed legislation, transport operators—including bus companies, railway undertakings, ferry services, and inland navigation providers—would be required to collect and retain detailed passenger information for all intra-EU journeys, as well as certain international routes entering or departing the bloc. The directive explicitly excludes air transport, which falls under the separate PNR Directive adopted in 2016.

Key journeys covered include:

  • All intra-EU bus, coach, train, inland waterway, and maritime passenger services, regardless of duration.
  • International services where the departure, arrival, or an intermediate stop occurs within the EU.

Operators must verify passenger identity using official documents such as passports, national ID cards, or residence permits. For groups or minors without individual documents, a responsible adult’s details suffice. Anonymous travel, such as single tickets without reservation, would necessitate on-the-spot data capture, potentially via digital check-in systems or manual logging.

Data Categories to Be Collected

The directive mandates the storage of a comprehensive dataset, comparable to airline PNR records. Essential elements include:

  • Personal identifiers: Full name, date of birth, nationality, gender, and document type/number.
  • Travel details: Departure and arrival points (with geolocation coordinates), service number, seat/birth assignment, and baggage information.
  • Contact data: Phone numbers and email addresses provided during booking.
  • Payment traces: Credit card numbers or other billing details.
  • Travel agency information: Name and contact of booking intermediaries.
  • IP addresses: Captured during online reservations.

For real-time bookings or no-shows, operators must still record available data. Advance Passenger Information (API) from travel documents would integrate with PNR-like records, forming a unified Advance Passenger Information and Passenger Name Record (API-PNR) system.

Storage, Access, and Retention Periods

Collected data must be stored in a standardized, machine-readable XML or JSON format within the EU, accessible via a secure IT infrastructure managed by national authorities. Retention periods vary:

  • General data: 6 months.
  • Sensitive categories (e.g., IP addresses, payment info): 48 hours maximum.

Law enforcement, border control, and Europol gain automated access for predefined purposes, including counter-terrorism, serious crime prevention, and migration control. The Commission emphasizes pseudonymization—replacing names with codes after initial analysis—to mitigate privacy risks, though full data remains available upon request.

National Passenger Information Units (PIUs), modeled on air transport equivalents, would oversee implementation, with operators transmitting data no later than boarding or check-in.

Technical and Operational Requirements

To facilitate compliance, the directive outlines stringent technical standards:

  • Data transmission via secure web services, ensuring end-to-end encryption.
  • Unique transaction references for each record.
  • Bulk transmission allowances for high-volume operators.

Smaller operators face exemptions for trips under 100 kilometers without stops, but most commercial services exceed this threshold. The Commission projects implementation costs at €120 million initially, with annual ongoing expenses of €35 million EU-wide, borne primarily by transport providers.

Privacy and Civil Liberties Concerns

Privacy advocates have swiftly condemned the proposal as a disproportionate expansion of mass surveillance. Organizations like European Digital Rights (EDRI) and NOYB (None of Your Business) argue it violates the EU Charter of Fundamental Rights and the General Data Protection Regulation (GDPR). Critics highlight:

  • Blanket data collection on all passengers, not limited to suspects.
  • Risk of function creep, where data is repurposed beyond stated aims.
  • Ineffectiveness, citing studies questioning PNR’s value in crime detection.
  • Impact on undocumented migrants and low-income travelers reliant on cash or anonymous tickets.

The draft acknowledges safeguards like data minimization and judicial oversight but lacks independent audits or sunset clauses. NOYB’s Max Schrems described it as “total surveillance without justification,” urging rejection during the legislative process.

Legislative Timeline and Stakeholder Input

Published on May 15, 2024, the proposal awaits review by the European Parliament and Council under the ordinary legislative procedure. Adoption could occur by late 2025, with a two-year transposition period for member states. Public consultations closed prior to publication, but amendments remain possible amid heated debate.

Transport associations express concerns over administrative burdens, particularly for small bus and ferry operators lacking advanced IT systems. The Commission positions the directive as essential for enhancing security amid rising threats, aligning with global trends like the U.S. API requirements.

This development underscores the EU’s pivot toward integrated transport surveillance, potentially reshaping travel privacy across the continent. As negotiations unfold, balancing security imperatives with fundamental rights will prove pivotal.

Gnoppix is the leading open-source AI Linux distribution and service provider. Since implementing AI in 2022, it has offered a fast, powerful, secure, and privacy-respecting open-source OS with both local and remote AI capabilities. The local AI operates offline, ensuring no data ever leaves your computer. Based on Debian Linux, Gnoppix is available with numerous privacy- and anonymity-enabled services free of charge.

What are your thoughts on this? I’d love to hear about your own experiences in the comments below.