EU and Norway to Share Flight Booking Data to Fight Terrorism and Serious Crime
Published April 29, 2026
Goal: Keep people safe
Community improvement
Clickbaity title? Suggest change
The European Parliament passed a resolution that allows the EU and Norway to share flight booking details (called PNR data) to help prevent, detect, and fight terrorism and other serious crimes.
Document summary The source
EU and Norway Data Sharing Agreement
The European Parliament has formally approved an agreement allowing the European Union and Norway to share Passenger Name Record (PNR) data.
What is PNR Data?
PNR data consists of the details that airlines collect when people book flights. This information includes:
- Name
- Travel dates
- Contact information
Purpose of Sharing
The data sharing is intended to help authorities:
- Prevent serious crimes.
- Detect serious crimes.
- Investigate serious crimes.
- Prosecute terrorism and other serious crimes.
Key Details of the Agreement
- Scope: The exchange of PNR data is limited specifically to counter-terrorism and serious crime purposes. It is not for general surveillance or other uses.
- Legal Status: This approval is a legislative resolution, not a treaty. It follows a draft Council decision and the actual agreement between the EU and Norway.
Next Steps
The Parliament’s President will send this decision to several bodies to ensure the agreement moves forward:
- The European Council
- The European Commission
- The governments and parliaments of all EU member states
- The government and parliament of Norway
Contextual Analysis
This is one of the alternative context analyses generated by ClaudeAI and rated 3 stars. Other AI versions:
Perplexity
Mistral
Broader context
The EU has been building a network of PNR data-sharing agreements with countries outside the EU for over two decades. The first agreements were signed with the United States (in force since 2012), Australia (consented to in 2011), and Canada (finalised in 2025 after years of legal challenges). The EU also maintains a similar arrangement with the United Kingdom. The Norway agreement is part of a newer wave: in September 2023, the European Commission recommended opening negotiations not only with Norway, but also with Switzerland and Iceland.
The reason Norway needed a dedicated agreement is a legal technicality. Norway is bound by the Schengen Convention and shares responsibility for security within the common travel area, but the EU's internal PNR Directive does not count as a development of the Schengen framework — so Norway could not lawfully receive or process PNR data from EU flights without a separate agreement.
Within the EU, the EU PNR Directive (adopted in 2016) requires airlines to hand over passenger data for flights entering or departing the EU to national law enforcement units. Member states are allowed — but not required — to also collect data on selected flights within the EU.
The push for more countries to use PNR systems has also been driven by United Nations Security Council resolutions (adopted in 2017 and 2019) requiring all states to develop the ability to collect and use PNR data, and by standards set by the International Civil Aviation Organization (ICAO) in 2020.
This means PNR data collection is becoming a standard part of international air travel globally — not just an EU practice.
Impact on people living in the EU
For most travellers, this agreement changes nothing about the booking process — you do not fill in any extra forms or provide new information. Airlines already collect PNR data for their own commercial purposes during booking and check-in; the legislation does not oblige airlines to collect additional data from passengers.
What changes is who can access that data. When you fly between an EU country and Norway, your booking details can now be lawfully shared with Norwegian law enforcement — and Norwegian PNR data can flow back to EU authorities.
The agreement includes a set of data protection safeguards:
Protections include compliance with GDPR standards, data minimisation (only collecting what is necessary), proportionality, independent supervision, and redress mechanisms if something goes wrong.
There is an explicit prohibition on processing data that could reveal a person's race or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, health, sexual life, or sexual orientation.
Under the EU's internal PNR Directive, personal data is held in full for six months, after which it is "masked" (your name and identifying details are hidden) and kept for up to five years for potential use in ongoing investigations.
One point worth understanding is that these agreements mean that all passengers on covered flights — the vast majority of whom are entirely innocent — have their booking information made available to law enforcement. This is an unusual practice and one that courts and civil liberties organisations have scrutinised carefully. The EU's Court of Justice has previously struck down earlier versions of such agreements (including an early EU-Canada deal) when it found safeguards insufficient, which is why each new agreement is now built to meet the Court's established requirements.
Impact on people living in Norway
Norwegian travellers flying to or from the EU are now in a formally regulated system. A dedicated Passenger Information Unit (PIU) in Norway is responsible for receiving and processing PNR data, and the European Data Protection Supervisor confirmed in 2025 that the agreement's provisions are satisfactory.
Norwegian authorities will be able to use EU passengers' flight data to identify potential terrorism suspects or serious criminals — and EU authorities will be able to use Norwegian flight data in return. Data transfers are required to be kept to the minimum necessary and proportionate to the security purposes set out in the agreement.
This is one of the alternative context analyses generated by ClaudeAI and rated 3 stars. Other AI versions:
Perplexity
Mistral
Broader context
The EU has been building a network of PNR data-sharing agreements with countries outside the EU for over two decades. The first agreements were signed with the United States (in force since 2012), Australia (consented to in 2011), and Canada (finalised in 2025 after years of legal challenges). The EU also maintains a similar arrangement with the United Kingdom. The Norway agreement is part of a newer wave: in September 2023, the European Commission recommended opening negotiations not only with Norway, but also with Switzerland and Iceland.
The reason Norway needed a dedicated agreement is a legal technicality. Norway is bound by the Schengen Convention and shares responsibility for security within the common travel area, but the EU's internal PNR Directive does not count as a development of the Schengen framework — so Norway could not lawfully receive or process PNR data from EU flights without a separate agreement.
Within the EU, the EU PNR Directive (adopted in 2016) requires airlines to hand over passenger data for flights entering or departing the EU to national law enforcement units. Member states are allowed — but not required — to also collect data on selected flights within the EU.
The push for more countries to use PNR systems has also been driven by United Nations Security Council resolutions (adopted in 2017 and 2019) requiring all states to develop the ability to collect and use PNR data, and by standards set by the International Civil Aviation Organization (ICAO) in 2020.
This means PNR data collection is becoming a standard part of international air travel globally — not just an EU practice.
Impact on people living in the EU
For most travellers, this agreement changes nothing about the booking process — you do not fill in any extra forms or provide new information. Airlines already collect PNR data for their own commercial purposes during booking and check-in; the legislation does not oblige airlines to collect additional data from passengers.
What changes is who can access that data. When you fly between an EU country and Norway, your booking details can now be lawfully shared with Norwegian law enforcement — and Norwegian PNR data can flow back to EU authorities.
The agreement includes a set of data protection safeguards:
Protections include compliance with GDPR standards, data minimisation (only collecting what is necessary), proportionality, independent supervision, and redress mechanisms if something goes wrong.
There is an explicit prohibition on processing data that could reveal a person's race or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, health, sexual life, or sexual orientation.
Under the EU's internal PNR Directive, personal data is held in full for six months, after which it is "masked" (your name and identifying details are hidden) and kept for up to five years for potential use in ongoing investigations.
One point worth understanding is that these agreements mean that all passengers on covered flights — the vast majority of whom are entirely innocent — have their booking information made available to law enforcement. This is an unusual practice and one that courts and civil liberties organisations have scrutinised carefully. The EU's Court of Justice has previously struck down earlier versions of such agreements (including an early EU-Canada deal) when it found safeguards insufficient, which is why each new agreement is now built to meet the Court's established requirements.
Impact on people living in Norway
Norwegian travellers flying to or from the EU are now in a formally regulated system. A dedicated Passenger Information Unit (PIU) in Norway is responsible for receiving and processing PNR data, and the European Data Protection Supervisor confirmed in 2025 that the agreement's provisions are satisfactory.
Norwegian authorities will be able to use EU passengers' flight data to identify potential terrorism suspects or serious criminals — and EU authorities will be able to use Norwegian flight data in return. Data transfers are required to be kept to the minimum necessary and proportionate to the security purposes set out in the agreement.
Licensing: This article is available under Creative Commons Attribution 4.0 (CC BY 4.0).