I wrote about the PNR Directive at length last year. The information gathered covers everything from the flight to the food you order, so the authorities would be casting a wide net. There would be some rights for people to have their data corrected or deleted, but:
"However the purposes for gathering and processing the data is so wide that it’s debatable how much substance there is to these rights. For example, PIUs can use the data for general analysis work and to update and create criteria for “objective assessment criteria” to identify unknown criminals – a very wide purpose to use and process data, so PIUs could probably refuse under the Directive to erase a person’s data even if they aren’t suspected of a crime. Also, this use of objective assessment criteria means that the PNR regime is open to the profiling of individuals by law enforcement authorities, where they might be put under closer scrutiny simply because they happened to match a certain pattern of behaviour. There are no safeguards for independent external review of these objective factors (the National Supervisory Authorities don’t seem to have the power to do so), and nor has there been an assessment of the effectiveness of this method in identifying unknown criminals versus the false identification of innocent people.
There’s also little satisfactory evidence that PNR is necessary or effective for fighting terrorism and serious transnational crime. We already have the Schengen Information System, the Visa Information System and the Carrier’s Directive (Link) permitted the use of a less invasive Advance Passenger Information system in 2004, where airlines would transfer passport information of passengers and flight arrival/destination details (rather than the whole gamut of PNR information) – but there’s been no assessment of the effectiveness of API, or whether changes in it or the other systems could provide a cheaper and less invasive alternative. The main advantage offered by PNR is presumably the detection of unknown criminals. The Commission has used crime statistics to highlight the levels of serious crime and terrorism to establish the need for further security measures to be introduced and it has also used statistics on the of PNR data in drug seizures (see its impact assessment here: PDF) Interestingly, some of these impressive PNR statistics derive from some Member States which do not currently have a national PNR regime! (Like Belgium - PDF)."
While the draft parliamentary report (by LIBE rapporteur Timothy Kirkhope [ECR Group]) clarified some issues with the original text, it did little to address the scope of both the data gathered and the purposes that it could be used for (without further restricting and defining these, it would be very difficult for the system to be held to account in that most uses for the data would be lawful and citizens would have little substance to their data rights).
The draft Directive could still go to the EP plenary, where the full European Parliament could still pass the law.