The House of Representatives on Wednesday gave a second reading to a bill for the transposition into Maltese law of an EU directive to centralise passenger records across European airports.
It also started to debate a Bill to repeal and replace Malta’s current data protection law with a new act, in line with the European Union’s new General Data Protection Regulation.
Home Affairs Minister Michael Farrugia explained how the Passenger Name Record (Data) Act would be transposing an EU directive introduced in the wake of heightened security within the European Union. The new law would provide for the transfer by air carriers of passenger data from flights originating within and outside the EU, in a broad set of cases related to the aims of the EU directive.
A National Passenger Information Unit (NPIU) would be established under the remit of the Police Commissioner, and would be tasked with processing PNR data “for the prevention, detection, investigation or prosecution of terrorist offences and of serious crime.
The NPIU would be responsible for collecting this data from air carriers at least 24 hours before the scheduled flight departure time and immediately after the completion of boarding, which it would then transmit it to the PIUs established in other member states and with Europol according to each passenger’s respective flight itinerary. It would also be responsible for passing the passenger data to competent authorities where a risk was detected.
Dr Farrugia said that much preparatory work had already been carried out by air carriers to facilitate implementation of the Bill into law. Air carriers failing to comply would face penalties.
Under the directive, PIUs would be required to 'depersonalize' data after six months, deleting the data completely after a period of five years. PIUs would also be prohibited from retaining or in any way processing information relating to race or ethnic origin, political opinions, beliefs, health, trade union membership, or sexual life or orientation.
Opposition MP Karol Aquilina listed the 27 categories of offence which would authorise the processing of this data by competent authorities, including participation in criminal organisations, trafficking of various kinds, and corruption. He called upon the government to prioritise the implementation of such directives.
Dr Aquilina stated that he was satisfied by the measures taken by the directive to minimise data abuse, such as the expiration of data after five years and the requirement for its depersonalisation after six months.
Opposition MP Godfrey Farrugia (PD) however, was less certain, questioning whether the data gathered would be used towards political ends and calling for the supervisory authority which would be responsible for overseeing the NPIU to be established in a different Ministry than the NPIU itself.
Dr Aquilina said the law might lead to uncomfortable situations for Maltese persons like Tourism Minister Konrad Mizzi, who often made trips to destinations outside the EU for undeclared reasons. The inclusion of corruption under the list of offences with relation to which PNR data could be processed should worry such persons, he said.
Opposition MP Jason Azzopardi called the Bill under discussion was “indispensable to citizens’ safety” as it made it harder for organised criminals to fund their operations and to move around the European Union. However, he pointed out that such laws depended on reciprocal trust between member-states, trust which had been dented by corruption scandals publicised in recent weeks.
In light of fresh information concerning Enemalta’s deal with SOCAR, the Azerbaijani oil parastatal, he challenged the Prime Minister to order a public inquiry by a sitting judge or magistrate, in terms of the Inquiries Act, into whether any Maltese person was benefiting from the €40 million in profit earned by SOCAR during 2017.
During his winding up, Minister Farrugia said that processes to safeguard the custody of data had been implemented fully as per the EU directive which was being transposed. He had no interest to see who was flying back and forth from Brussels to throw dirt on Malta, he said, and suggested that it was the Opposition that was breaching data regulations by receiving illegally leaked data forming part of sensitive investigations.
New data protection law
Introducing the Data Protection Bill, Justice Minister Owen Bonnici said that the Government had a strong track record on civil rights and that the right to the protection of one’s data was one of the most important such rights.
The Bill before the House would implement the EU’s General Data Protection Regulation, strengthening concepts such as the right to be forgotten and establishing a minimum age of 13 for the use of social media, the minimum allowed under the GDPR.
The debate on the second reading of this Bill will continue in future sittings. sessions.