In This Section

Introduction
What is Passenger Name Record data?
What is the purpose of the Irish Passenger Information Unit?
What is the legal basis for the collection of Passenger Name Record Data?

Introduction

Please read to here to find out more about Passenger Name Record (PNR) data.

What is Passenger Name Record data?

Passenger Name Record (PNR) data refers to the following information provided by, or on behalf of, passengers to air carriers for each journey booked.

Passenger Name Record Data:

  • PNR record locator

  • Date of reservation or issue of ticket

  • Date(s) of intended travel
  • Name(s)
  • Address and contact information (telephone number, e-mail address)
  • All forms of payment information, including billing address
  • Complete travel itinerary for specific PNR
  • Frequent flyer information

  • Travel agency or travel agent

  • Travel status of passenger, including confirmations, check-in status, no-show or go-show information

  • Split or divided PNR information

  • General remarks (including all available information on unaccompanied minors under 18 years, such as name and gender of the minor, age, language(s) spoken, name and contact details of guardian on departure and relationship to the minor, name and contact details of guardian on arrival and relationship to the minor, departure and arrival agent)
  • Ticketing field information, including ticket number, date of ticket issuance and one-way tickets, automated ticket fare quote fields
  • Seat number and other seat information
  • Code share information
  • All baggage information
  • Number and other names of travellers on the PNR
  • Any advance passenger information (API) data collected (including the type, number, country of issuance and expiry date of any identity document, nationality, family name, given name, gender, date of birth, airline, flight number, departure date, arrival date, departure port, arrival port, departure time and arrival time)

  • All historical changes to the PNR listed above.

What is the purpose of the Irish Passenger Information Unit?

The Irish Passenger Information Unit (IPIU) was established in May 2018 to collect and process PNR data for the purpose of the prevention, detection, investigation and prosecution of terrorism and serious crime. The IPIU is a unit of the Department of Justice.

What is the legal basis for the collection of Passenger Name Record Data?

SI 177 of 2018 European Union (Passenger Name Record Data) Regulations (hereafter referred to as the ‘PNR Regulations’) provides the legal basis for the collection and processing of PNR data by the IPIU. The PNR Regulations transpose Directive 2016/681/EU on the use of PNR data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime into Irish law.

Air carriers who are operating ‘extra-EU flights’ have a legal obligation to transfer PNR data they collect to the IPIU. An ‘extra-EU flight’ refers to a scheduled or non-scheduled flight entering, leaving or transiting through airports in Ireland from countries outside of the European Union, including flights with stop-overs in the territory of the EU or third countries.

Sharing of PNR data

The IPIU can share PNR data or the results of processing of PNR data with the Irish competent authorities and EU authorities listed below only for the purpose of the prevention, detection, investigation, or prosecution of a terrorist offence or serious crime.

  • Department of Justice (including Immigration Services)

  • Garda Síochána

  • Office of the Revenue Commissioners
  • Department of Employment Affairs and Social Protection
  • Permanent Defence Force
  • EU Passenger Information Units
  • Europol.

Transfer of data to third countries

The IPIU may transfer PNR data or the results of processing of PNR data to a third country (that is a country outside the European Economic Area) where it is strictly necessary to do so for the prevention, detection, investigation, or prosecution of a terrorist offence or serious crime.

Any transfers of PNR data to third countries are determined on a case-by case basis and are subject to the obligations set out in the PNR Regulations and the Data Protection Act 2018.

Retention of PNR Data

Under the PNR Regulations, the IPIU retains PNR data for a period of 5 years from the date of transfer by the air carrier. After 6 months, those PNR data elements which directly identify a passenger (For example, name, address and contact information) are depersonalised (masked) by the IPIU.

Data Protection

As the IPIU processes PNR data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime the applicable data protection legislation is Part 5 of the Data Protection Act 2018. The Data Protection Commission is the Supervisory Authority responsible for ensuring compliance with this legislation.

The IPIU has a designated Data Protection Officer who can be contacted at [email protected] in relation to all data protection queries concerning the processing of PNR data.

Rights of the Data Subject

Data subjects have the right to request access to their PNR data. Data subjects can do by completing the IPIU’s Passenger Subject Access Request Form, which is available below and forward it to [email protected].

Data subjects also have the right to request the IPIU to rectify any errors in their data or to erase their data, as well as to seek a restriction of the processing of their data or to object to the processing of their data in certain circumstances

If a data subject believes that their PNR data is being processed by the IPIU unlawfully, they have a right to lodge a complaint with the Data Protection Commission. Information about how to make a complaint can be found on www.dataprotection.ie

IPIU Subject Access Request Form
This page was last updated on March 27, 2024