The processing of passenger name records (PNR) for security purposes on a European level was officially announced in 2016. Since then, ongoing legal discussions about PNR data focus mainly on its collection and the impact on data protection. The focus of this paper lies on a less-discussed aspect of the legal framework: the processing of PNR data and the different technological approaches it allows for. The following analysis of the German implementation of the European Directive on PNR data processing shows that it is open to the use of two different technological approaches: theory-based and machine learning methods. Taking this into account can provide a perspective that is mostly lacking in current legal debates about PNR data but can be an important addition since different technological approaches might shift the focus from data protection concerns to some aspects of technologies like machine learning. The paper also addresses a need for more technical research on the topic.