According to an EU directive, air passengers must accept that their data is collected, screened with police databases and then stored. For the first time, the German Federal Ministry of the Interior writes which individual alerts lead to police measures at the airport.
Since the summer of 2018, the German Passenger Name Record Unit (PIU) at the Federal Criminal Police Office (BKA) has been processing passenger data collected under the EU PNR Directive. These “Passenger Name Records” are intended to help track and prevent terrorist offences and serious crime. Last year, the BKA identified 5,347 persons in this way who subsequently became the target of police measures. This is what the Federal Ministry of the Interior writes in its reply to a parlamentarian question. The year before, the figure was 1,960.
The implementation of the EU PNR Directive is regulated in the German Flight Data Act (FlugDaG). All passenger data collected during the booking process must be transmitted by the airlines and travel agencies to the PIU first at the time of booking and again at the time of boarding. There they will be stored for five years as part of the “Passenger Information System”. Before that, they are checked against the German INPOL police database. A further comparison is made with the Schengen Information System (SIS II).
Too many “technical hits”
First, the “Matching System” developed by the BKA itself outputs so-called “technical hits”, which are then examined a second time in a “complex search procedure”. The Federal Police and the Customs Criminal Investigation Office have also seconded staff to the central office for this purpose. They are to help sort out duplicates and “false hits”.
For example, hits are often made because of similar spellings of names and surnames. The system is also prone to errors because the passenger data often does not include a date of birth. In 2020, the number of “technical hits” (so-called “matches”) of 78,179 was therefore once again significantly higher than the number of “police specialised hits” (so-called “hits”) remaining at the end. In the previous year, this difference was even greater (111,588 to 1,960).
The “police specialised hits” are stored in the BKA’s case processing system. Depending on the type of alert in INPOL and SIS II, police or customs measures are then taken against the persons concerned. The “Control Centre for PNR Follow-up Measures” located in the Passenger Information Unit informs the Federal Police or the Customs Administration “for further processing”. In 3,593 cases, the passengers were then encountered at the airport. The officers of the Federal Police at Leipzig Airport now use the smartphone app “MobileResponder” to direct them to the relevant terminal.
Arrests and clandestine observation
The Ministry of the Interior also mentions the various occasions that led to police measures being taken against the persons found. According to the report, entry was refused in only three cases. In most incidents (2,352), the persons concerned were wanted for residence investigation. There was a request for arrest against 460 persons.
About the same number of persons (457) identified by the Passenger Information Unit were wanted for police observation. These are so-called “discreet checks”, in which the investigating authority is informed about the travel route and companions of the persons secretly wanted. In the German INPOL system, about 12,000 persons are currently stored for “discreet checks”.
About ten per cent (321) of the “hits” in the PNR regime subsequently led in 2020 to open checks or searches. A total of 7,640 persons are currently stored in INPOL with a request for such a “targeted check”.
Expansion with risk analysis
Under the EU PNR Directive, it is also possible to request information from other Passenger Information Units in EU Member States. Such requests for information serve, for example, to trace the travel history of individual persons. In 2019, the BKA received 164 such requests from abroad, and in almost 700 cases these requests were made by other authorities in Germany. General figures for 2020 are not known. In the course of the Corona pandemic, health authorities also used PNR data to trace chains of infection in at least 37 cases.
The UK also continues to participate in the EU PNR system. This is stated in the Trade and Cooperation Agreement negotiated by the EU Commission and the British government. According to this agreement, the border authorities of the UK may also process data on passengers if they only change planes at British airports. In this case, however, the information may not be retained for five years, as is usually the case.
The number of “hits” and persons subject to police measures will continue to increase in the future. For now, especially the small airlines are not yet technically connected to the PNR system. In a later expansion stage of the PNR data information system, it should then also be possible to carry out risk analyses in which the BKA searches for conspicuous features and similarities in the existing data records.