Privacy should become a key component in the IT system. It is not something to be considered at last but from the very early stages. Almost no nation has a greater sense of personal data security which could be equivalent to the European level. Since 9/11, the United States has declared to utilize PNR as a method for combating terrorism by associating PNR data with criminal records. Nevertheless, in fact, the majority of data found in the PNR is immense and most of this data is of a confidential nature. The paper used doctrinal legal research methodology utilizing the case and comparative law approach. It elaborates particular cases in relation to data protection issues. It also explores the differences between EU and US law which hinder the idea of data protection in particular on PNR. The study revealed that security is one of the most critical issues which hinder the agreement between the EU and the US on PNR data protection. As the EU promotes the highest standard to the data protection referring to the European community history and GDPR provisions, while the US places national security as a main priority beyond the privacy issues.

Barros, Xiana. "The external dimension of EU counter-terrorism: the challenges of the European Parliament in front of the European Court of Justice." European Security 21, no. 4 (2012): 518-536.

Belfiore, Rosanna. "The Protection of Personal Data Processed within the Framework of Police and Judicial Cooperation in Criminal Matters." In Transnational Inquiries and the Protection of Fundamental Rights in Criminal Proceedings, pp. 355-370. Springer, Berlin, Heidelberg, 2013.

Birzu, Bogdan. "Prevention, Detection, Investigation and Prosecution of Terrorist Offenses and Other Serious Crimes by Using Passenger Name Record (Pnr) Data. Critical Opinions. De Lege Ferenda Proposals." Perspectives of Business Law Journal 05 (2016): 195-206.

Bolognini, Luca, and Camilla Bistolfi. "Pseudonymization and Impacts of Big (personal/anonymous) Data Processing in the Transition from the Directive 95/46/EC to the New EU General Data Protection Regulation." Computer law & security review 33, no. 2 (2017): 171-181.

Bygrave, Lee A. "The ‘Strasbourg Effect’on Data Protection in Light of the ‘Brussels Effect’: Logic, Mechanics and Prospects." Computer Law & Security Review 40 (2021): 105460.

Council of Europe. (2021). Chart of Signatures and Ratifications of Treaty 108. Treaty Office. Accessed Jan 17, 2021, https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108/signatures?p_auth=9ylknwkN.

Cunningham, McKay. "Privacy in the Age of the Hacker: Balancing Global Privacy and Data Security Law." Geo. Wash. Int'l L. Rev. 44 (2012): 643.

De Hert, Paul, and Vagelis Papakonstantinou. "The Proposed Data Protection Regulation replacing Directive 95/46/EC: A Sound System for the Protection of Individuals." Computer Law & Security Review 28, no. 2 (2012): 130-142.

De Terwangne, Cécile. "The Work of Revision of the Council of Europe Convention 108 for the Protection of Individuals as Regards the Automatic Processing of Personal data." Int. Review of Law, Computers & Technology 28, no. 2 (2014): 118-130.

Dutta, Soumitra, Thierry Geiger, and Bruno Lanvin. "The Global Information Technology Report 2015." In World Economic Forum, vol. 1, no. 1, pp. P80-85. 2015.

Giovanni Buttarelli, “Vienna Parliamentary Forum on Intelligence-Security,†accessed January 4, 2021, https://edps.europa.eu/sites/edp/files/publication/15-05-06_vienna_parliamentary_forum_speech_gb_en.pdf.

Greenleaf, Graham. "‘Modernising’data Protection Convention 108: A safe basis for a global privacy treaty?." Computer Law & Security Review 29, no. 4 (2013): 430-436.

Gutiérrez Zarza, Ãngeles. "Towards a EU Passenger Name Record (PNR) Scheme?." In Exchange of Information and Data Protection in Cross-border Criminal Proceedings in Europe, pp. 219-222. Springer, Berlin, Heidelberg, 2015.

Haganta, Raphael. "Legal Protection of Personal Data as Privacy Rights of E-Commerce Consumers Amid the Covid-19 Pandemic." Lex Scientia Law Review 4, no. 2 (2020): 77-90.

Hijmans, Hielke. "PNR Agreement EU-Canada Scrutinised: CJEU Gives Very Precise Guidance to Negotiators." Eur. Data Prot. L. Rev. 3 (2017): 406.

Hu, Margaret. "The Ironic Privacy Act." Wash. UL Rev. 96 (2018): 1267.

Huijboom, Noor, and Gabriela Bodea. "Understanding the Political PNR Debate in Europe: A Discourse Analytical Perspective." European Politics and Society 16, no. 2 (2015): 241-255.

Jasmontaite, Lina. "European Union: The European Data Protection Supervisor (EDPS) Opinion 4/2015 Towards a New Digital Ethics." Eur. Data Prot. L. Rev. 2 (2016): 93.

Ji, Changqing, Yu Li, Wenming Qiu, Uchechukwu Awada, and Keqiu Li. "Big data processing in Cloud Computing Environments." In 2012 12th International Symposium on Pervasive Systems, Algorithms and Networks, pp. 17-23. IEEE, 2012.

Kaunert, Christian, Sarah Léonard, and Alex MacKenzie. "The Social Construction of an EU Interest in Counter-Terrorism: US Influence and Internal Struggles in the Cases of PNR and SWIFT." European Security 21, no. 4 (2012): 474-496.

King, Nancy J., and V. T. Raja. "Protecting the Privacy and Security of Sensitive Customer Data in the cloud." Computer Law & Security Review 28, no. 3 (2012): 308-319.

Leetaru, K. (2018). â€What Does It Mean For Social Media Platforms To "Sell" Our Data?,†https://www.forbes.com/sites/kalevleetaru/2018/12/15/what-does-it-mean-for-social-media-platforms-to-sell-our-data/?sh=240141022d6c.

Louks, Douglas. "(Fly) Anywhere but Here: Approaching EU-US Dialogue concerning PNR in the Era of Lisbon." Ind. Int'l & Comp. L. Rev. 23 (2013): 479.

Lowe, David. "The European Union’s Passenger Name Record Data Directive 2016/681: Is it fit for Purpose?." International Criminal Law Review 17, no. 1 (2017): 78-106.

Lynskey, Orla. "Data Protection and Freedom of Information; Reconciling the Irreconcilable?." The Cambridge Law Journal 70, no. 1 (2011): 37-39.

Magdziarczyk, Malgorzata. "Right to be Forgotten in Light of Regulation (eu) 2016/679 of the European Parliament and of the Council of 27 april 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of such Data, and Repealing Directive 95/46/ec." In 6th International Multidisciplinary Scientific Conference on Social Sciences and Art Sgem 2019, pp. 177-184. 2019.

Martinez, Ronald, Karon A. Weber, Samantha Tripodi, Winton Davies, Chris Kalaboukis, and Oliver Raskin. "System and Method of Storing Data and Context of Client Application on the web." U.S. Patent 8,046,437, issued October 25, 2011.

Newman, Abraham L. "What the “right to be forgotten†means for privacy in a digital age." Science 347, no. 6221 (2015): 507-508.

Nugraha, Ridha Aditya, Dejian Kong, Gaia Guiso, and Lalin Kovudhikulrungsri. "Air and Space Law Education: Preparing for the Future in China, Indonesia, Italy and Thailand." Hasanuddin Law Review 7, no. 3 (2021): 183-209.

Olsen, Henrik Palmer, and Cornelius Wiesener. "Beyond Data Protection Concerns–the European Passenger Name Record System." Law, Innovation and Technology 13, no. 2 (2021): 398-421.

Pateraki, Anna. "The implementation of the Data Retention Directive: A Comparative analysis." In Personal Data Privacy and Protection in a Surveillance Era: Technologies and Practices, pp. 317-328. IGI Global, 2011.

Pfisterer, Valentin M. "PNR in 2011: Recalling ten Years of Transatlantic Cooperation in PNR Information Management." Nat'l Sec. & Armed Conflict L. Rev. 2 (2012): 111.

Politou, Eugenia, Alexandra Michota, Efthimios Alepis, Matthias Pocs, and Constantinos Patsakis. "Backups and the Right to be Forgotten in the GDPR: An Uneasy Relationship." Computer Law & Security Review 34, no. 6 (2018): 1247-1257.

Quesada Gámez, María, and Elitsa Mincheva. "No data Without Protection? Re-thinking Transatlantic Information Exchange for Law Enforcement Purposes After Lisbon." In EU External Relations Law and Policy in the Post-Lisbon Era, pp. 287-312. TMC Asser Press, 2011.

Reidenberg, Joel R. "The Data Surveillance State in the United States and Europe." Wake Forest L. Rev. 49 (2014): 583.

Sagiroglu, Seref, and Duygu Sinanc. "Big data: A review." In 2013 International Conference on Collaboration Technologies and Systems (CTS), pp. 42-47. IEEE, 2013.

Syed, Hassan. “Data Protection Rights & National Security Objectives: Critical Analysis of ECtHR and CJEU Case Lawâ€. North American Academic Research 2, no. 3 (2019): 155-170.

Taylor, M. S. C. "Flying from the EU to the US: Necessary Extraterritorial Legal Diffusion in the US-EU Passenger Name Record Agreement." Spanish Yearbook of International Law 19 (2015): 221-234.

Tourkochoriti, Ioanna. "The Transatlantic Flow of Data and the National Security Exception in the European Data Privacy Regulation: in Search for Legal Protection Against Surveillance." U. Pa. J. Int'l L. 36 (2014): 459.

Tsiftsoglou, Anna. "Surveillance in Public Spaces as a Means of Protecting Security: Questions of Legitimacy and Policy." In Personal Data Privacy and Protection in a Surveillance Era: Technologies and Practices, pp. 93-102. IGI Global, 2011.

Voss, W. Gregory. "After Google Spain and Charlie Hebdo: The Continuing Evolution of European Union Data Privacy in at Time of Change." Bus. Law. 71 (2015): 281.

Wachter, Sandra. "Normative Challenges of Identification in the Internet of Things: Privacy, Profiling, Discrimination, and the GDPR." Computer Law & Security Review 34, no. 3 (2018): 436-449.

Waldzus, Dagmar. "The European General Data Protection Regulation and Franchise Networks-Time for a Change of Perspective." Int'l J. Franchising L. 16 (2018): 12.

Wasike, Ben. "FOI in Transition: A Comparative Analysis of the Freedom of Information Act Performance between the Obama and Trump Administrations." Government Information Quarterly 37, no. 2 (2020): 101443.

Welch, Kyle. "The Patriot Act and crisis legislation: The Unintended Consequences of Disaster Lawmaking." Cap. UL Rev. 43 (2015): 481.

Wu, Kuang-Wen, Shaio Yan Huang, David C. Yen, and Irina Popova. "The effect of online privacy policy on consumer privacy concern and trust." Computers in Human Behavior 28, no. 3 (2012): 889-897.