Advanced Search

On The Agreement Between The European Union And Australia On The Air Carriers Of The European Union-Sourced Passenger Name Record (Pnr) Data Processing And Transfer Of The Australian Customs Service

Original Language Title: Par Nolīgumu starp Eiropas Savienību un Austrāliju par gaisa pārvadātāju veikto Eiropas Savienības pasažieru datu reģistra (PDR) datu apstrādi un pārsūtīšanu Austrālijas muitas dienestam

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
The Saeima has adopted and the President promulgated the following laws: on the agreement between the European Union and Australia on the air carriers of the European Union-sourced passenger name record (PNR) data processing and transfer of the Australian Customs Service article 1. as at 30 June 2008, the agreement between the European Union and Australia on the air carriers of the European Union-sourced passenger name record (PNR) data processing and transfer of the Australian Customs Service (hereinafter referred to as the agreement) with this law is adopted and approved. 2. article. The agreement shall enter into force on a provisional basis and apply it for the period specified in article 15 and in order, and the Ministry of Foreign Affairs shall notify the newspaper "journal". 3. article. The law shall enter into force on the day following its promulgation. With the law put the agreement in English and Latvian languages. The law adopted by the Parliament in March 19, 2009. President Valdis Zatlers in Riga V 2009 April 1 agreement BETWEEN the EUROPEAN UNION AND Australia ON the PROCESSING AND TRANSFER OF EUROPEAN UNION-SOURCED PASSENGER name RECORD (PNR) data BY AIR CARRIER TO the AUSTRALIAN customs service the EUROPEAN UNION, of the one part, and of the others about Australia, effectively prevent it (MENU RNGTON LINE4) and combat terrorism and related crimes and other serious crimes , including organised crime, that are transnational in nature as a means of protecting their respectiv in democratic societies and common values, RECOGNISING that information sharing is an essential component of the fight against terrorism and related crimes and other serious crimes, including organised crime, that are transnational in nature, and that in this context, the use of passenger name record (PNR) data is an important tool , RECOGNISING that, in order to safeguard public security and for law enforcement purpose, the rules should be put down to govern the transfer of European Union-sourced PNR data by the air carrier to the Australian Customs Service, RECOGNISING the importanc of preventing and combating terrorism and related crimes and other serious crimes, including organised crime, that are transnational in nature, while respecting fundamental rights and freedom of in particular, the privacy and data protection, RECOGNISING that the European Union and Australian data-protection law, policy and share common principles (a) the basis and that any difference in the implementation of these principles should not present the cooperation between the UN removes the European Union and Australia pursuan to this agreement, HAVING REGARD to article 17 of the International Covenant on Civil and Political Rights on the right to privacy , HAVING REGARD to article 6 (2) of the Treaty on European Union on respect for fundamental rights, and in particular to the fundamental rights to privacy and the protection of personal data, HAVING REGARD to the relevant provision of the Customs Act 1901 of the Commonwealth (Cth), and in particular section 64AF thereof whereby, if requested, all international passenger air service operator flying to, from, or through Australia, with required it to provide the Australian Customs Services with PNR data, to the exten to that ut300r2u collected and led in the air carrier's reservation and departure control systems, in a particular manner and form; and to the Customs Administration Act 1985 (Cth), the Migration Act 1958 (Cth), the Crimes Act 1914 (Cth), the Privacy Act 1988 (Cth) and the Freedom of Information Act 1982 (Cth), NOTING the European Union's commitment to ensuring that the air carrier with reservation systems, departure control systems and/or PNR data processed within the EU are not prevented from complying with Australian law regarding the transfer of European Union-sourced PNR data to the Australian Customs Service pursuan to this agreement , AFFIRMING that this agreement does not constitut a preceden for any future discussion or negotiation between the European Union and Australia, or between either of the parties and any State regarding the processing and transfer of European Union-sourced PNR data or any other form of data, SEEKING to enhance the cooperation between the Andean encourag parties in the spirit of EU-Australian partnership , Have AGREED AS follows: article 1 Definition For the purpose of this agreement: (a) "parties" shall mean the European Union (EU) and Australia; (b) "agreement" shall mean this agreement and its Annex, including the amendments thereof as from time to time agreed by the parties. This agreement shall be referred to as the EU-Australia PNR agreement; (c) "air carrier" shall mean an air carrier that have reservation systems and/or PNR data processed in the territory of the Member States of the EU and operate the passenger flights in international air transportation to, from or through Australia; (d) "customs" shall mean the Australian Customs Service; (e) "the data contained in the passenger name record" (PNR) shall mean the record of each passenger's travel requirements which contains all information for the processing of cessary not reservations and their control by the booking and participating airlines sharp led in the air carrier ' reservation systems; (f) "the Australian PNR system" shall mean the PNR system to be used by Customs after the expiry of the transition period referred to in article 4 (1) the EU-sourced PNR data process is transferred by an air carrier to the Custom under the agreement as specified in paragraph 11 of the Annex; (g) "reservation system" shall mean an air carrier's reservation and departure control systems; (h) "processing" shall mean any operation or set of operations which is performed upon personal data, whethers or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction; (i) "EU-sourced PNR data" shall mean PNR data transferred to customs pursuan to this agreement; (j) "serious crime" shall mean conduct constituting an offenc is punishabl by a maximum deprivation of liberty of at least four years or a more serious penalty. Article 2 scope 1. Australia shall ensur that Customs processes EU-sourced PNR data in accordanc with this agreement. 2. The EU shall ensur that the air carrier is not prevented from complying with Australian law regarding the transfer of EU-sourced PNR data to customs to this pursuan agreement. Article 3 Adequacy compliance with this agreement by Customs shall, within the meaning of the relevant EU data-protection law, constitut an adequat level of protection for EU-sourced PNR data transferred to customs for the purpose of this agreement. Article 4 Method of access 1. Customs shall make the transition to the Australian PNR system, as defined in article 1 (f), for EU-sourced PNR data, within two years of the date of the signing of this agree men. During the transitional period, a reference in this agreement to the transfer of PNR data shall be deemed to include access to PNR data by customs in accordanc with the existing system described in paragraph 2. During the transitional period Customs shall use its existing PNR system, which does not store PNR data other than in the related to on-arrival circumstanc examination at airports or where an offenc has been committed. The existing system will permit real-time, online electronic access to the data fields specified in paragraph 9 of the Annex, sharp led in the air carrier ' reservation systems. Article 5 purpose limitations for EU-sourced PNR data 1. Customs shall process EU-sourced PNR data and others personal information derived therefrom strictly for the purpose of preventing and combating: (i) terrorism and related crimes; (ii) serious crimes, including organised crime, that are transnational in nature; (iii) flight from warrants or custody for crimes described above. 2. EU-sourced PNR data may also be processed on a case-by-case basis where no cessary for the protection of the vital interests of the data subject or other persons, in particular as regards the risk of death or serious injury to the data subjects or others, or a significant public health risk, in particular as required by internationally recognised standards, such as the World Health Organisation's International Health Regulations (2005). 3. In addition, the EU-sourced PNR data may also be processed on a case-by-case basis where such processing is specifically required by court order or Australian law for the purpose of supervision and accountability of public administration, including requirements under the Freedom of Information Act 1982 (Cth), the Human rights and Equal Opportunity Commission Act 1986 (Cth), the Privacy Act 1988 (Cth), the Auditor-General Act 1997 (Cth) or employment policy Act 1976 (Cth). If future amendments to Australian law, as communicated by Australia under article 6, expand the scope of EU-sourced PNR data that must be processed in accordanc with article 5 (3), the EU may invoke the provision of articles 10 and 13 of the article 6 Information on legislation concerning the agreement Customs shall advise the EU regarding the passage of any Australian legislation which directly relate to the protection of EU-sourced PNR data as set out in this agreement. Article 7 Protection of personal data of individual 1. Australia shall provide a system, accessible by individual regardless_of of their nationality or country of residence, for seeking access to, and correction of, their own personal information. The protection afforded by the EU-sourced PNR data stored by Australian Government agencies under the Privacy Act 1988 (Cth) shall apply regardless_of of the nationality or country of residence of the individual. 2. the Customs shall process EU-sourced PNR data received and treat the individual concerned by such processing strictly in accordanc with the data-protection standards set out in this agreement and the applicable Australian laws, without discrimination, in particular on the basis of nationality or country of residence. Article 8 Notification in their individual and public Customs shall make publicly available, including to members of the travelling public, information regarding the processing of PNR data, including general information regarding the authority under which the data will be collected, the purpose of the data's collection, the protection that will be afforded to the data, the manner and exten it to which the data may be disclosed , the procedures available for redres and contact information for persons with questions or concerns. Article 9 joint review of Australia and the EU implementation shall periodically undertak a joint review of the implementation of this agreement, including the data-protection and data-security guarantee, with a view to mutually assuring the effective implementation of the agreement. In the review, the EU shall be represented by the European Commission's Directorate-General for Justice, Freedom and Security, including representatives of data-protection and law-enforcement authorities, and shall be represented by Australia such senior Australian Government official or officeholder as may be appropriate, or by such official as each may mutually to determin designat. The EU and Australia will mutually to determin the modalit of the detailed review. Article 10 dispute settlement Any dispute arising between the parties under this agreement with respect to its interpretation, application or implementation shall be settled by consultation or negotiation between the parties; It shall not be referred to any third party or tribunal for resolution. Article 11 Amendments and review of the agreement 1. The parties may agree, in writing, to amend this agreement. An amendment shall enter into force only after the parties have completed any internal requirements and thereafter cessary not on such date as the parties may agree. 2. The parties may undertak a review of the terms of the agreement after its four year signing. Notwithstanding that period, if a PNR system is implemented in the European Union, this Agreement shall be reviewed if and when such a review would facilitat the functioning of the European Union's PNR system or the implementation of this agreement. 3. Australia shall use its best endeavour to facilitat the functioning of the European Union's PNR system in the event of review. Article 12 Suspension of data flow 1. The competent authorities in the EU Member States may exercise their existing powers to suspend data flow to customs in order to protect individual with regards to the processing of their personal data where there is a substantial likelihood that the standards of protection set out in this agreement are being infringed, there are reasonable grounds for believing that Customs is not taking or will not take timely steps to adequat and settle the case at issue, the continuing transfer and the would create an imminen the risk of grave harm to data subjects. 2. The competent authorities in the EU Member States shall make reasonable efforts in the it provide Custom circumstanc with notice and an opportunity it responds as follows: any suspension shall be preceded by notification which allow a sufficient period of time during which time customs and the relevant competent authorities in the EU the Member States shall endeavour to achieve resolution; the EU shall notify Australia of any such resolution. Any decision to invoke powers under this article shall be communicated to Australia by the EU. 3. Any suspension shall cease as soon as the standards of protection are assured to the satisfaction of Australia and of the relevant competent authorities in the EU to the Member States and Australia to the notifu EU accordingly. Article 13 Termination of the agreement Either party may terminate 1 this agreement at any time by notification through diplomatic channels. Termination shall take effect ninety (90) days from the date of the other party being notified thereof. 2. Notwithstanding the termination of this agreement, all EU-sourced PNR data held by competent Australian authorities to the pursuan this Agreement shall continue to be processed in accordanc with the data protection standards laid down herein. 3. This agreement and any obligations thereunder, other than by the obligation under article 13 (2), shall cease and it expires have effect seven years after the date of signing, unless the parties mutually agree to replace this agreement. Article 14 Non-derogation from laws this Agreement shall not derogat from the law of Australia or of the EU or its Member States. This agreement shall not create or confer any right or benefit on any other person or entity, private or public, or any remedy other than as expressly stated in this agreement. Article 15 Entry into force; provisional application languages 1. This agreement shall enter into force on the first day of the month after the date on which the parties have exchanged notifications indicating that they have completed their internal procedures for this purpose. 2. This agreement shall apply provisionally as of the date of signature. 3. Done at Brussels this thirtieth day of June, 2008 in two originals, in the English language. The agreement shall also be drawn up in the Bulgarian, Czech, Danish, Dutch, Estonian, Finnish, French, German, Greek, Hungarian, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovak, Slovenian, Spanish and Swedish languages, and the Parties shall approve of those language versions by an exchange of diplomatic notes. Once approved, the versions in those languages shall be equally authentic.

For the EUROPEAN UNION Igor Sencar Slovenian Permanent Representative to the European Union Brussels, 30 June 2008 FOR Australia Alan Thomas Australian Ambassador to the European Union Brussels, 30 June 2008 Annex Australian processing of EU-sourced passenger name record (PNR) data 1. Customs shall require EU-sourced PNR data only for those travelling to, from or by the passenger through Australia. That includes passenger who transit through Australia with or without all. EU-sourced PNR data accessed by customs includes all PNR data where the travel itinerary of the passenger or the normal routing for particular flights indicates an Australian of the destination or stopover. Disclosure of EU-sourced PNR data disclosure within the Australian Government 2. Customs shall only EU-sourced PNR data disclos for the purpose stated in article 5 (1) of the agreement within Australia to the Australian Government departments and agencies listed in the schedule to this Annex, the functions of which are directly related to article 5 of this agreement. 3. The schedule may be amended, by Exchange of diplomatic notes between the parties, to include: (i) any department or successors agencies of those already listed in the schedule; and (ii) any new departments and agencies established after the of this agreement commencemen; the functions of which are directly related to article 5 (1) of this agreement. 4. the EU-sourced PNR data shall be disclosed to authorities listed in the schedule, where not only in response to specific cessary written requests and on a case-by-case basis. In accordanc with paragraphs 7 and 8, Customs shall release EU-sourced PNR information only after assessing the relevance of the specific request within the purpose of this agreement. Customs shall maintain a log of such disclosures. 5. the Customs shall not in any bulk disclos EU-sourced PNR data to authorities listed in the schedule, other than EU-sourced PNR data which has been a way that anonymised in such a data subject is no longer identifiabl. Such anonymised data shall be processed by the authorities listed in the schedule only for the purpose of establishing statistics, in-depth and trend analysis, longitudinal studies and profile building related to the purpose stated in article 5 (1) of this agreement. In any case, the Customs shall not in any of the bulk disclos following EU-sourced PNR data to authorities listed in the schedule: (iv) the name (s); (vi) other names on PNR, including number of travellers on PNR; (VII) all available contact information (including originator information); (XVII) general remarks including other supplementary information (OSI), special service information (SSI) and special service request (SSR) information, to the exten the that it contains any information capable of identifying a natural person; and (XVIII) any collected advance passenger processing (APP) or advance passenger information (API) data. Disclosure to third country Governments 6. Customs shall EU-sourced PNR data disclos only their specific third country Government authorities the functions of which are directly related to the purpose stated in article 5 (1) of the agreement. Any such disclosure must be on a case-by-case basis and when not cessary for the purpose of preventing or combating the offenc's listed in article 5 (1) of the agreement. Customs shall maintain a log of such disclosures. Disclosure — the Customs Administration Act 1985 (Cth) 7. Any disclosure under paragraphs 2 to 6 shall also be in accordanc with section 16 of the Customs Administration Act 1985 (Cth) and the Privacy Act 1988 (Cth) which, taken together, provide that a person, body or agency to whom personal information is disclosed, shall not use or the information for any disclos purpose other than the purpose for which the information was given to the person , body or agency. 8. In disclosing EU-sourced PNR data to Australian Government authorities or third country Government authorities pursuan to section 16 of the Customs Administration Act 1985 (Cth), the Customs shall as a condition of disclosure, stipulat to the recipient: (i) that the EU-sourced PNR data must not be further disclosed without the permission of Custom, which permission shall not be granted by Customs except for the purpose stated in article 5 (1) of the agreement or in the case of the Australian Government authorities to article 5 pursuan (2) or (3) of the agreement; (ii) that the recipient must treat such EU-sourced PNR data as law-enforcement sensitive, confidential personal information of the data subject; (iii) other than in an emergency where the life of circumstanc or physical safety of a data subject or of others is under threat, that the recipient must apply to the EU-sourced PNR data data-protection standards equivalent to the data-protection standards set out in the agreement, including those relating to the retention period of the data-. Types of information collected 9. Types of EU-sourced PNR data collected by: (i) the PNR locator code; (ii) date of reservation/issue of ticket; (iii) date (s) of intended travel; (iv) the name (s); (v) available frequent flier and benefit information (i.e. any other. free tickets, upgrades, etc.); (vi) other names on PNR, including number of travellers on PNR; (VII) all available contact information (including originator information); (VIII) all available payment/billing information (not including other transaction details linked to a credit card or account and not connected to the travel transaction); (ix) travel itinerary for specific PNR; (x) travel agency/travel agent; (xi) code share information; (XII) split/divided information; (XIII) travel status of passenger (including confirmation and check-in status); (xiv) ticketing information, including ticket number, one way tickets and automated ticket fare quote; (xv) all baggag information; (XVI) seat information, including seat number; (XVII) general remarks including other supplementary information (OSI), special service information (SSI) and special service request (SSR) information; (XVIII) any collected advance passenger processing (APP) or advance passenger information (API) data; (xix) all historical changes to the PNR listed in the numbers (i) to (XVIII). 10. PNR data will at times contain certain sensitive data, namely data revealing racial or ethnic origin, political opinion, religious or philosophical belief, trade union membership, and data concerning health or sex life ("sensitive EU-sourced data"). Customs shall filter out all such sensitive EU-sourced data and shall delete all such data without any further processing. Transfer of EU-sourced PNR data 11. Customs shall work with individual air carrier to ensur that EU-sourced PNR data transfer requirements are the judicio and proportionat, consistent with the need to ensur the timelines, accuracy and completenes of EU-sourced PNR data to the. Under normal circumstanc, Customs shall require an initial transmission of EU-sourced PNR data at 72 hours before scheduled departure and shall require a maximum of only five routin is EU-sourced PNR transmission of data in respect of any particular flight. Irrespectiv of the 72-hour time-frame, the Customs may in addition require ad hoc push where the cessary to not assist in responding to specific threats to a flight, set of flights, route or others associated with the of circumstanc purpose defined in article 5 (1) of this agreement. In exercising this discretion, Customs will act judiciously and proportionately. Data retention 12. Customs shall retain EU-sourced PNR data for no more than three-and-a-half years after the date of receipt of the PNR data by customs, after which time the data may be archived for two further years. Archived PNR data may be accessed only on a case-by-case basis for the purpose of why. 13. Notwithstanding paragraph 12, of the EU-sourced PNR data anonymised by Customs need be archived, but in any event shall not be retained by customs or other agencies for more than five-and-a-half years after the date of receipt of the PNR data by customs. 14. Customs must delete EU-sourced PNR data at the end of that period, except as provided for in paragraph 15 15. Data that relate to ongoing judicial proceedings or a criminal investigation may be retained until the proceedings or investigations are concluded. The issue of data retention will be considered as part of the review conducted under article 11 of this agreement. Access and Privacy protection of redres 16. The Privacy Act 1988 (Cth) (Privacy Act) govern the collection, use, storage and disclosure, security and access and alteration of personal information held by most Australian Government departments and agencies. Customs is subject to the Privacy Act and is required to handle EU-sourced PNR data in accordanc with the Privacy Act. Disclosure of PNR data and information furnished by 17 of the PNR data or on behalf of an individual must be disclosed to the individual in accordanc with the Privacy Act and the Freedom of Information Act 1982 (Cth) (FOI Act) upon request. Custom must note in the PNR disclos the public, except to the data subjects or their agents in accordanc with Australian law. Requests for access to personal information in the PNR that led was provided by the requestor may be submitted to customs. Data protection measure — Privacy Act 1988 (Cth) 18. Any personal information retained by customs that is "personal information" within the meaning of, and for the purpose of the Privacy Act must meet the requirements of the Privacy Act regarding the protection of such information. Customs must handle PNR information in accordanc with the Privacy Act, in particular as regards the collection, use, storage, security, access and alteration and disclosure of any such data. 19. Complaints by individual Custom handling of it concerning the PNR data may be made directly to customs and then pursuan to the Privacy Act to the Privacy Commissioner. Data protection measure — Privacy audits 20. Australia's independent Privacy Commissioner can investigat the compliance by agencies with the Privacy Act, and monitor and investigat the exten to which customs compl to with the Privacy Act. 21. Under the Privacy Act, has put the subject in the Custom in place for the Office of the Privacy Commissioner the regular formal audits of undertak all aspects of EU-sourced PNR data to Customs use, handling and access policies and procedures. In addition, the Custom has its own internal audit program directed at ensuring the highest level of protection for passenger information and EU-sourced PNR data. Data protection measure — Freedom of Information Act 1982 (Cth) 22. Customs is subject to the FOI Act which requires Customs to release documents to any person who requests them, subject to the exception and exemption in the FOI Act. The FOI Act requires a decision on exemption to be made on a case-by-case basis. There are a range of exemption in the FOI Act to protect sensitive information from disclosure, including the exemption for documents national security regimes, defence, international relations, law enforcement, protection of public safety and personal privacy. Customs shall inform the EU of any decision regarding the public disclosure of EU-sourced PNR data under the FOI Act within one month of the decision having been taken. 23. Requests for rectification of PNR data the sub-categories in the customs database may be made directly to customs pursuan to the FOI Act or the Privacy Act. Other protection measure – employment policy Act 1976 (Cth) 24. Air passenger will have the right to complaint to the Commonwealth employment policy regarding their treatment by Customs during border processing on the basis of the employment policy Act 1976 (Cth). Customs PNR data security measure 25. Customs shall continue to have the following data-security measure in place of: (i) access to PNR data shall be restricted to a limited number of officers within Customs who is specifically authorised by the Chief Executive Officer of customs under the Customs Act 1901 (Cth) for the purpose of processing of PNR data; and (ii) a comprehensive physical and electronic security system for PNR data shall be in place, namely a computer system and network that: (a) the PNR data of isolat from the general customs environment and is separate to all other Customs IT systems and networks; (b) is located in a secure, limited access area of the Custom in Australia; and (c) requires a secure, level of login it layered access PNR data. Enforcement 26. Administrative, civil, and criminal enforcement measure, including the right of every data subject to have access to administrative or judicial remedy, available under Australian law for violation of Australian privacy laws and rules, and unauthorised disclosure of information. For example, the Crimes Act 1914 (Cth), the Public Service Act 1999 (Cth), the Customs Administration Act 1985 (Cth), the Australian Federal Police Act 1979 (Cth) and internal disciplinary codes of the agencies specified in the attached schedule, provide penalties in the case of violation of up to and including imprisonmen. Cooperation 27. In order to foster police and judicial cooperation, Customs shall encourag the transfer of analytical information flowing from PNR data by competent authorities the Australian Government to the police and judicial authorities in the EU Member States concerned and, where appropriate, to Europol and Eurojust is subject to Australian Government assessment of the adequacy of the data-protection measure available within the EU jurisdiction. Schedule to the Annex, the following is listed in alphabetical order with, for the purpose of paragraph 2 of this Annex: 1. the Australian Crime Commission; 2. the Australian Federal Police; 3. the Australian Security Intelligence Organisation; 4. the Commonwealth Director of Public Prosecution; 5. the Andean Department of Immigration and Citizenship.

Agreement between the European Union and Australia on the AIR carriers of the European Union-sourced passenger name record (PNR) data processing and transfer of the Australian Customs Service, the European Union, of the one part, and Australia, of the other part, desiring to efficiently preventing and combating terrorism and related crimes and other serious crimes, including organized crime having a cross-border nature, to protect their respective democratic societies and common values; Recognizing that the exchange of information is an essential element in combating terrorism and related crimes and other serious crimes, including organised crime, which are cross-border in nature, and that in this context, the passenger name record data is an essential tool; Recognizing that public safety and law enforcement should be made to regulate on a European PNR data transfer originating in the Australian Customs Service by air carriers; Recognising the importance of preventing and combating terrorism and related crimes and other serious crimes, including organized crime having a cross-border nature, and at the same time respecting fundamental rights and freedoms, notably the right to privacy and data protection; Recognising that the European Union and Australian legislation, policies and principles in the field of data protection is a common basis, and that differences in the implementation of these principles should not hinder cooperation between the European Union and Australia in accordance with this agreement; In the light of the International Covenant on Civil and political rights article 17 on the right to privacy; Having regard to the Treaty on European Union, paragraph 2 of article 6 on fundamental rights and, in particular, the fundamental right of protection of personal data; Taking into account the relevant provisions of the Customs Act 1901 (the Customs Act 1901 (Cth)), and in particular section 64.AF, according to which all international passenger air carriers that fly to Australia from its or its territory, is bound by the Australian Customs Service's request to put it in a special way and PNR data that is collected and stored in the air carrier's reservation and departure control systems; as well as the 1985 law customs administration (Customs Administration Act 1985 (Cth)), the Migration Act 1958 (the Migration Act 1958 (Cth)), 1914, criminal law (Crimes Act 1914 (Cth)), the 1988 Privacy Act (Privacy Act 1988 (Cth)) and in 1982 the freedom of Information Act (Freedom of Information Act 1982 (Cth)); Taking into account the European Union's commitment to ensure that air carriers who have a reservation system, departure control systems and/or PNR data processed in the European Union, is not denied to comply with Australian law regarding the origin of the European Union on the transfer of PNR data to the Australian Customs Service in accordance with this agreement; Affirming that this agreement does not constitute a precedent for any future discussions or negotiations on a European PNR data of origin or any other form of processing and transfer of data between the European Union and Australia, or between one of the parties and any other country; In an effort to promote and expand cooperation between the parties in the EU and Australia in a spirit of partnership, it is decided that: 1. the article Definition in this agreement: (a)) "parties" means the European Union (EU) and Australia; b) "agreement" means this agreement and its annexes, including the amendments from the time of it is agreed between the parties. This agreement called for the EU-Australia PNR agreement; (c)) "air carrier" means an air carrier which is reservation systems and/or PNR data processed in the EU Member States, and which are engaged in international passenger air flights to Australia from its or its territory; d) "customs" is the Australian Customs Service; e) "passenger name record data (PNR data) means any passenger travel data record that contains all the necessary information to the booking and participating airlines can make reservation processing and control; These data are what they are in the air carrier's reservation system; (f)) "the Australian PNR system" is the system to be ORGANISED using the Customs after the end of the article 4, paragraph 1 of the transition period to process the PNR data of EU origin, transmitted by the carriers to customs in accordance with the agreement, as specified in paragraph 11 of the annex; g) "reservation system" means an air carrier's reservation and departure control systems; h) "treatment" means any personal data performed an action or set of actions with or without automated means, as the collection, recording, filing, storage, adaptation or alteration, read, search, use, disclosure, transfer, distribution or making available to them otherwise, or grouping, blocking, erasing or destroying; I) "EU PNR data of origin" is the PNR data transferred to customs in accordance with the agreement; j) "serious crime" is an offence, punishable by imprisonment, with a maximum duration of at least four years or a more severe penalty, with. Article 2 scope 1. Australia provides for Customs processing origin EU PNR data in accordance with the agreement. 2. the EU shall ensure that air carriers would not be able to comply with Australian law regarding the transmission of PNR data of EU origin to customs in accordance with the agreement. Article 3 of the agreement of the compliance requirements under the EU data protection legislation in mean level deemed adequate the EU origin for the protection of PNR data transferred to customs for the purpose of implementing the agreement. Article 4 access method 1. Customs not later than two years after the signing of the agreement of EU PNR data processing originating gradually blends into the Australian PNR system laid down in article 1 (f)). During this transitional period, it is considered that the reference to the agreement on PNR data transfer means access to PNR data from customs the parties under the current system, described in point 2. 2. During the transitional period Customs shall use currently existing PNR system, which stores the data only in circumstances connected with the airport of arrival or if the offence has been made. The current system allows real-time online electronic access to data areas indicated in paragraph 9 of the annex and stored in air carriers ' reservation systems. Article 5 purpose limitation for EU-originating PNR data 1. Customs processing origin EU PNR data and other personal information resulting therefrom only aims to prevent and combat: i) terrorism and related crimes; II) serious crimes, including organised crime, that are transnational in nature; III) evasion of arrest warrants or custody for crimes described above. 2. EU-originating PNR data may also be processed on a case-by-case basis, if it is necessary for the data subject or of other persons vital interests, especially in respect of the data subject or of other persons death or serious injury, or threat of significant threats to public health, in particular, if required by the internationally recognised standards, such as the World Health Organization's 2005 international health regulations. 3. In addition, the EU-originating PNR data may also be processed on a case-by-case basis, if such processing is specified by a court order or Australian law in relation to public administration supervision and responsibility, including in accordance with the requirements of the 1982 freedom of Information Act (Freedom of Information Act 1982 (Cth)), 1986 the human rights and equal opportunity Commission Act (Human rights and Equal Opportunity Commission Act 1986 (Cth)) 1988, the privacy protection law (the Privacy Act 1988 (Cth)), 1997 Ģenerālrevident Act (the Auditor-General Act 1997 (Cth)) or of the Ombudsman Act 1976 (employment policy Act 1976 (Cth)). If subsequent amendments to Australian legislation, for which Australia declares, in accordance with article 6, the expanding EU PNR data originating in the area to be treated in accordance with paragraph 3 of article 5, the EU can use 10 and the provisions of article 13. Article 6 information on the law relating to the agreement, Customs shall inform the EU of any Australian legislation, which is directly linked to EU PNR data of origin protection as defined in the agreement. Article 7 data protection of individuals 1. Australia creates a system that is accessible to individuals regardless of their nationality or country of residence, to request access to your personal data and to amend them. The origin of EU PNR data protection, which the Australian Government bodies keep in accordance with the 1988 Privacy Act (Privacy Act 1988 (Cth)) apply irrespective of the nationality of the person concerned, or the country of residence. 2. The Customs shall process EU-originating PNR data received, and their attitude to individuals in such processing strictly complies with the agreement and Australian legislation applicable data protection standards and are free of discrimination, in particular with regard to nationality or country of residence. Article 8 private and public information the Customs shall ensure that the public (including travelling passengers) have access to information on the processing of PNR data, including General information on the powers, under which the data will be compiled, the data the purpose of the data collection, ensure protection and the degree to which the data may be disclosed, the redress procedures available and the contact information of the individuals who wish to submit questions or express concerns. Article 9 review of the implementation of the Joint Australia and EU jointly review periodically the implementation of the agreement, including with respect to data protection and data safety guarantees, ensure the effective implementation of the agreement. Review of the EU European Commission DG Justice, freedom and security, including data protection and law enforcement representatives, and a representative of Australia under the Australian Government's higher officials or officials whose appointment to each of the parties may mutually determine. The EU and Australia jointly determine the detailed procedures for the review. Article 10 settlement of disputes any dispute between the parties concerning the interpretation of the agreement relating to the application or implementation of the consultation, the parties settle or negotiation, and to find a solution, it would turn to a third party or the Court. Article 11 amendments to the agreement and the revision of the agreement 1 the parties may agree in writing on the amendments to the agreement. Amendments shall enter into force only after the parties have completed all necessary internal requirements and the day on which the parties have agreed. 2. the parties may review the provisions of the agreement four years after its signing. Regardless of this period, if the PNR system is implemented in the European Union, of the agreement be reviewed if and when such a review would facilitate the European Union's PNR system or the implementation of the agreement. 3. in the case of Australia the review shall make every effort to facilitate the European Union's PNR system. Article 12 suspension of traffic data 1. the competent authorities in the EU Member States can use their powers by stopping the flow of data to customs in order to protect individuals with regard to the processing of personal data if there is a substantial likelihood that a breach of the standards of protection set by the agreement, there is reason to believe that the Customs shall not perform or will not take adequate and timely steps to resolve this issue, and further transfer of data would cause the immediate risk of grave harm to data subjects. 2. the competent authorities in the EU Member States take appropriate to the situation following efforts to inform customs and enable it to respond: before any data stream stop notification, which States a reasonable period within which the Customs and the relevant competent authorities of the Member States of the EU shall endeavour to reach a solution, and this solution the EU Announces Australia. The EU shall notify Australia of any decision to use the powers under this article. 3. any suspension shall cease immediately after Australia and the relevant competent authorities of the Member States of the EU are satisfied that the standards of protection are assured and Australia shall notify to the European Union. Article 13 termination 1. either party may terminate the agreement at any time, on giving notice through diplomatic channels. The termination shall take effect ninety (90) days from the date on which the notice is submitted to the other party. 2. Notwithstanding the termination of the agreement, all EU-originating PNR data held by competent authorities of Australia in accordance with the agreement, continue to be processed in accordance with the prescribed standards of data protection. 3. the agreement and the related liabilities, excluding obligations under article 13, paragraph 2, and shall expire seven years after the date of signing, unless the parties mutually agree to replace the agreement. Article 14 does not retreat from the law the purpose of the agreement is not a retreat from Australia or the EU or its Member States ' legislation. The agreement does not create or confer any rights or benefits to any other public or private person or entity nor the legal protection that is not clearly defined in the agreement. Article 15 entry into force; provisional application; language 1. the agreement shall enter into force on the first day of the month following the date on which the parties have exchanged notifications indicating that they have completed their internal procedures for this purpose. 2. the agreement shall apply provisionally from the date of its signature. 3. Prepared in Brussels, on the 30th June, 2008, in two originals in the English language. The agreement shall also be Bulgarian, Czech, Danish, French, Greek, Dutch, Hungarian, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovak, Slovenian, Spanish and Swedish languages, and the parties to the exchange of diplomatic notes confirming the wording of the agreement. The wording of the agreement is approved in these languages, they are equally authentic.

European Union of the Republic of Slovenia on behalf of the Permanent Representative to the European Union Igor Sencar Brussels, 30 June 2008, AUSTRALIA's Ambassador to Australia on behalf of the European Union, Alan Thomas Brussels, 30 June 2008 annex EU origin passenger name record (PNR) data processing in Australia 1. Customs requires EU origin PNR data only for those passengers travelling to Australia or Australian territory. It also includes passengers travelling in transit through Australia with or without visas. PNR data of EU origin, which customs have access, are all PNR data of passengers on the route or the normal way for specific flights indicating a final destination or a stop in Australia. EU origin disclosure disclosure of PNR data the Australian Government 2. EU PNR data originating in Australia gets only in connection with article 5 of the agreement, for the purposes of paragraph 1, the Australian Government departments and agencies listed in this annex and which functions are directly related to article 5 of the agreement. 3. This list may be amended by an exchange of diplomatic notes between the parties, to include: (i) any of the departments or agencies), which take over the section in list of functions; and (ii)) and of any new agency, created after the commencement of the agreement, the function of which is directly related to article 5 of the agreement 1. 4. the EU-originating PNR data gets only institutions listed in the list, if it is necessary, on the basis of specific requests, in writing, on a case-by-case basis. The Customs shall, in accordance with paragraphs 7 and 8 of the EU-originating PNR data gets only after it has been evaluated by a specific request, compliance with the objectives of the agreement. The Customs shall maintain appropriate disclosure of such data. 5. The Customs shall disclose the persons listed in the list of any aggregate EU PNR data of origin only in such a way that EU PNR data of origin is rendered anonymous and the data subject is no longer identifiable. Such anonymised data to authorities listed in list processing, only the objective, in-depth statistics and trend analysis, and charts for analysis, development, in connection with article 5 of the agreement referred to in paragraph 1. In any case, the Customs shall not disclose the list of authorities listed the following aggregate EU-originating PNR data: iv) name (s); vi) other names, including the number of travellers ARRIVING in the PNR; VII) all available contact information (including originator information); XVII) General remarks including other supplementary information (Other Supplementary Information – OSI), special service information (Special Service Information – SSI) and special service request (SSR-Special service request) information if it includes data that can identify individuals. XVIII) any collected data of passengers additional processing (advance Passenger Processing-APP) or advance passenger information (Passenger Information – API advance) data. Disclosure to Governments of third countries 6. Customs may be disclosed only to EU PNR data originating in certain third countries authorities, the function of which is directly related to article 5 of the agreement, for the purposes of paragraph 1. Any such disclosure shall be made on a case-by-case basis and in order to prevent or combat the agreement article 5 1 of the offences listed in paragraph 1. The Customs shall maintain appropriate disclosure of such data. 1985 – disclosure Customs Act (Customs Administration Act 1985 (Cth)) 7. disclosure in accordance with paragraphs 2 to 6 shall be subject to section 16, 1985 the Customs Administration Act (Customs Administration Act 1985 (Cth)) and the 1988 privacy protection law (the Privacy Act 1988 (Cth)), which together have established that the person, body or agency to which the information is disclosed use or disclose information only for the purpose for which the information is transferred to the person, body or agency. 8. Disclosure to EU PNR data of origin Australian Government authorities or third country Government authorities in accordance with section 16 of the customs administration of the 1985 Act (Customs Administration Act 1985 (Cth)), as a condition of disclosure of the data importer shall determine: (i)) that EU PNR data of origin must not be passed on without customs permission, and that permission shall be limited to the purpose of the Customs established in article 5 of the agreement in paragraph 1 or, in the case of the Government of Australia-the authorities in accordance with article 5 of the agreement of 2 or 3; (ii)) that the recipient follows EU PNR data of origin should be considered in terms of law enforcement sensitive, confidential data subject apply to the personal information; (iii)) that the situation that is not an emergency situation, which is at risk of the data subject or another person's life or physical safety, the data importer should apply to EU PNR data originating the data protection standards equivalent to the standards set out in the agreement, including those relating to data retention period. The types of information to be collected by the German origin of 9 EU PNR data: (i) the record locator PNR); (ii) the reservation/ticket) date of issue; (iii) the intended date of travel) (-i); IV) name (s) and surname (s); v) available information on the frequent flyer and about privileges (i.e. free tickets, transfer to a better class, etc.); vi) other names, including the number of travellers ARRIVING in the PNR; VII) all available contact information (including originator information); VIII) all available payment/billing information (but not the other information about the transaction that is associated with the credit card or account, but is not related to the travel transaction); IX) travel itinerary for specific PNR data subject; x) Travel Office/travel agent; XI) information on common code; XII) information on the reservations separated; passenger flight XIII) status (including confirmation and registration status); XIV) ticketing data, including ticket number, one-way tickets and automated ticket price quote; XV) all information on baggage; XVI) information on seating, including seat number; XVII) General remarks including other supplementary information (Other Supplementary Information – OSI), special service information (Special Service Information – SSI) and special service request (SSR-Special service request) information; XVIII) any collected data of passengers additional processing (advance Passenger Processing-APP) or advance passenger information (Passenger Information – API advance); XIX) any changes to the PNR data of historical, listed in annexes i to XVIII)). 10. the data contained in the PNR sometimes some sensitive data, i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and data concerning health or sex life ("sensitive EU origin data"). The Customs shall distinguish between all such sensitive EU origin data and delete all such data, they are further processed. EU PNR data transfer of origin 11. Customs cooperation with individual air carriers shall ensure that the requirements of the EU for the transfer of PNR data of origin is reasonable and proportionate and is consistent with the need to ensure EU PNR data originating in the timeliness, accuracy and completeness. Customs normally requires that EU PNR data originating from the initial 72 hours of dispatch before the departure, and requires no more than five regular EU PNR data of origin shipping times for a particular flight. Without prejudice to the 72-hour limit, the Customs may in addition require ad hoc transmission with "push" (shipping) method, if it is necessary to help respond to specific threats with respect to flight, more flights, route or other circumstances related to article 5 for the purposes of paragraph 1. The implementation of this freedom of action, Customs will act reasonably and proportionately. Data storage 12. Customs in EU PNR data of origin no longer than three and a half years from the date on which the Customs PNR data received after this deadline you can archive data storage for a further two years. Archived PNR data can only be accessed for purposes of the investigation, after examination on a case-by-case basis. 13. Notwithstanding paragraph 12, any customs PNR data anonymised EU origin do not have to be archived, but in any case the customs or other agencies keep them no more than five and a half years, since the day the Customs PNR data is received. 14. by the end of this period the EU-originating PNR data delete, except 15. in the cases referred to in point. 15. Data relating to the ongoing judicial proceedings or criminal investigations, can be saved as long as the proceedings or investigation is completed. Data storage issues will in relation to the review of the agreement in accordance with its article 11. Access to data and an appeal to the protection of privacy with the 1988 16. Privacy protection law (the Privacy Act 1988 (Cth)) regulates the protection of personal data held by the majority of Australian Government departments and agencies, collection, use, storage and disclosure, security, access and change. Customs to apply privacy protection law and EU PNR data of origin must be processed in accordance with the Privacy Act. PNR data and disclosure of PNR data, 17 of the private individual or on behalf of, the individual to disclose, upon request, in accordance with the Privacy Act and freedom of information of the 1982 Act (Freedom of Information Act 1982 (Cth)). Customs PNR data should not be disclosed publicly, except for the data subjects themselves or their representatives, in accordance with Australian law. Customs may submit requests for access to personal information contained in PNR data provided by the applicant. Data protection measures – 1988 privacy protection law (the Privacy Act 1988 (Cth)) 18. In respect of any personal information held by customs, which is a personal information Privacy Protection Act means, must comply with Privacy Act requirements to protect such information. Customs PNR information must be processed in accordance with the privacy protection law, in particular as regards the following data collection, use, storage, security, access and alteration and disclosure. 19. Individual complaints processing of PNR data by customs, must be submitted directly to customs and then-Privacy Commissioner under the Privacy Act. Data protection measures-protection of privacy audits 20. Australia's independent Privacy Commissioner can investigate whether the Agency comply with the Privacy Act, and to monitor and investigate the extent to which customs complies with the Privacy Act. 21. in accordance with the Privacy Act, the Customs has developed measures to the Office of the Privacy Commissioner to perform regular audits of all formal aspects in connection with the use of PNR data of EU origin, customs processing and access policy and procedures. Customs also has its own internal audit program, the purpose of which is to provide the highest level of passenger information and PNR data of EU origin. Data protection measures – 1982 freedom of Information Act (Freedom of Information Act 1982 (Cth)) 22. Customs apply the freedom of Information Act, and it must issue a document to any person who requests them, respecting the freedom of information act under certain exceptions and limitations. The freedom of Information Act provides that the decision taken, for exceptions on a case-by-case basis. The freedom of Information Act contains several exceptions to the protection of sensitive information, including exceptions that prevent the disclosure of documents concerning national security, defence, international relations, law enforcement, public safety and personal privacy. Customs one month after its decision, inform the EU of any decision relating to EU PNR data disclosure of origin to the public under the freedom of information act. 23. Requests the customs database to correct existing PNR data may be submitted directly to customs in accordance with the freedom of information act or the Privacy Act. Other protective measures – the Ombudsman Act 1976 (employment policy Act 1976 (Cth)) 24. Passengers on the basis of the Ombudsman Act 1976 (employment policy Act 1976 (Cth)), has the right to submit a complaint to the Commonwealth Ombudsman, concerning the customs treatment of them border crossing procedures. Customs security measures with respect to PNR data 25. Customs still has the following data protection measures: (i)) access to PNR data is only a limited number of customs officials that the processing of PNR data is specifically authorized by the Executive Director of customs in accordance with the Customs Act 1901 (the Customs Act 1901 (Cth)); and ii) running a complex physical and electronic security of PNR data system-namely, computer systems and network, which: (a) separate PNR data of total) Customs environment and is distinct from all other Customs IT systems and networks; (b)) is located in a secure customs territory in Australia to which access is restricted; and (c)), which makes secure, multi-level system of user names and passwords for access to PNR data. Execution 26. Australian law requires administrative, civil and penal measures, including rights for each data subject to use administrative or judicial remedies in respect of Australian law and infringements of the provisions of the privacy protection law, as well as any unauthorised disclosure of information. For example, the Crimes Act 1914 (Crimes Act 1914 (Cth)), the 1999 public service Act (Public Service Act 1999 (Cth)), in 1985 the Customs Act (Customs Administration Act 1985 (Cth)), the 1979 Australian Federal Police Act (the Australian Federal Police Act 1979 (Cth)) and a list of the Agency referred to in internal disciplinary penalties are laid down in codes of violations, including imprisonment. 27. Cooperation to strengthen cooperation in the field of police and judicial cooperation, the Customs authorities of the Government of Australia promotes analytical information flowing from PNR data transfer to the EU Member States ' police and judicial authorities and, where appropriate, to Europol and Eurojust, following the Australian Government's assessment of the institutions under the jurisdiction of the EU data protection measures. List of annexes relating to point 2 of this annex, in alphabetical order are listed in the following institutions: 1. the Australian Crime Commission; 2. the Australian Federal Police; 3. The Australian Security Intelligence Organization; 4. the Director of public prosecutions of the Commonwealth; and 5 the Department of immigration and citizenship.