MEPs at the Civil Liberties Committee approved the agreement on the transfer of EU air passenger's personal data to the Australian Customs Service. The data will be used to prevent terrorist offences and serious transnational crime. Under the new agreement, the Australian Customs Service would retain the passenger's data for a maximum period of 5 and a half years.

The agreement on the transfer of EU air passengers' personal data to the Australian Customs Service has been approved by the Civil Liberties Committee. It aims to bring data transfers into in line with EU data protection rules. Under Australian law, air companies are obliged to send PNR data collected to the Australian Customs Service prior to passenger departure. Passenger Name Record (PNR) data collected by air carriers includes, inter alia, names, addresses, passport numbers and credit card details. The data transfers are ruled by some general principles set by the European Commission in September 2010 regarding the agreements on PNR.

The new agreement would prohibit any processing of sensitive data (such as the racial or ethnic origin, religious beliefs, physical or mental health or sexual orientation). To prevent any accidental loss or unauthorised disclosure of data, PNR would be held in a secure environment, with high-level systems and physical intrusion controls. In addition, it is foreseen that EU citizens would have the right to administrative and judicial redress in Australia if their data is misused. They would also have the right to access their own PNR data and seek rectification if the information is inaccurate. Rectification of data may require erasure.

The Australian Customs Service would retain the passenger's data for a maximum period of 5 and a half years under the new agreement. During this period PNR data would be kept in the system for the purpose of preventing, detecting, investigating and prosecuting terrorist offences or serious transnational crime. After the first 3 years, all information which could be used to identify a passenger would be "depersonalized", meaning that data such as the passenger's name or her/his contact information would be masked out. After the 5 and a half year period, data would be permanently deleted.