Short notice for travel between the European Union and the United States 

United States law requires airlines operating flights to, from, or through the United States (US) to provide the US Department of Homeland Security (DHS) with certain passenger data to facilitate safe travel and to guarantee US security by carrying out advance risk assessments of passengers. The passenger data falls into two categories. 

• Passenger Name Record (PNR) : This includes a variety of information provided during the booking process or held by airlines or travel agents, such as the passenger’s name, contact details, details of the travel itinerary (such as date of travel, origin and destination, seat number, and number of bags) and details of the reservation (such as travel agency and payment information, and meal or wheelchair requests) or other information (such as affiliation with a frequent flier program); 
• Advanced Passenger Information (API): this includes mainly information contained on a passenger’s passport and is often collected at check-in. This information is provided prior to arrival to frontier control authorities. This is also used to screen passengers against lists of persons believed to pose a threat to aviation security. 

These FAQs relate primarily to PNR data as this is regulated in accordance with the International Agreement signed on 26 July 2007 between the European Union and the United States. The European Union will make sure that air carriers comply with these obligations. Brussels Airlines has to comply with these requirements. 

For a more detailed explanation of the way DHS handles PNR collected from flights between the European Union (EU) and the US, please refer to the international agreement and the accompanying letter of DHS, which are published in the Official Journal of the European Communities L 204 of 4 August 2007, ​​available here.

DHS uses passenger name records (PNR) for flights between the EU and the US for the purposes of preventing and combating: 

• terrorism and related crimes; 
• other serious crimes, including organised crime, that are transnational in nature; and 
• flight from warrants or custody for crimes described above. 

PNR may be used where necessary for the protection of the vital interests of an individual, or in any criminal judicial proceedings, or as otherwise required by law. 

By legal statute (title 49, United States Code, section 44909(c)(3)) and its implementing (interim) regulations (title 19, Code of Federal Regulations, section 122.49b), each air carrier operating passenger flights in foreign air transportation to or from the US must provide DHS with PNR data collected and contained in the air carrier’s reservation and/or departure control systems.

These conditions concern, in particular: 

• the purposes for which PNR is used; 
• sharing the PNR with other parties; 
• the types of information collected; 
• how you can access your data and make a complaint; 
• enforcement; 
• official notice to the travelling public; 
• storage time; 
• transmission of PNR; 
• reciprocity; and 
• review of the agreement. 

On the basis of these assurances by DHS, the European Union and the United States concluded an international agreement signed in July 2007, and the European Union will now make sure that air carriers make available PNR data as required by DHS. 

Certain PNR data identified as “sensitive” may be included in the PNR when it is transferred to DHS. Such sensitive PNR data would include certain information revealing the passenger's racial or ethnic origin, political opinion, religion, health status or sexual preference. DHS has undertaken that it will not use any sensitive PNR data that it receives and has put in place an automated filtering programme so that sensitive PNR data is not used in principle. 

However, sensitive PNR data may be used in exceptional cases, such as where the life of an individual could be imperilled or is in serious danger. 

DHS may share PNR data with other US government authorities that have counterterrorism, law enforcement or public security functions, for the purposes of preventing and combating terrorism, transnational crime and public security (including threats, flights, individuals and routes of concern). 

DHS may share PNR data with government authorities in third countries, but only after they have considered the intended use of the information and the ability to protect it. Unless it is an emergency, any exchanges of data require data protection measures to be incorporated that are comparable to those set out in the international agreement between the EU and the US. 

DHS will keep PNR data for fifteen years. Information related to a specific case or investigation can be kept longer until the case or investigation is archived. 

DHS will keep a log of access to any sensitive PNR data and will delete the data within 30 days once the purpose for which it has been accessed is accomplished, and it is not required by law to keep it for longer. DHS will provide notice, normally within 48 hours, to the European Commission (DG JLS) that sensitive data has been accessed. 

Any passenger, regardless of their nationality or country of residence, may request information about their PNR and have inaccuracies corrected. 

You can find information on DHS policies on access to records and personal information at ​http://www.dhs.gov/xfoia/editorial_0579.shtm. For more information, please contact the DHS Privacy Office's FOIA Program: 

FOIA 
The Privacy Office 
U.S. Department of Homeland Security 
245 Murray Drive SW 
STOP-0550 
Washington, DC 20528-0550 
Toll-free: +1-866-431-0486 
Phone: +1-703-235-0790 
Fax: +1-703-235-0443 
Email: foia@dhs.gov 

DHS policies on redress can be found at ​https://www.dhs.gov/dhs-trip.​

If you need any help with making your request, you can contact your national data protection authority. For contact details of the DPA in your country, please ​click here. 

You can get more information about how your personal data is handled by contacting our ​Service Centre.