Court annuls EU-US data sharing agreement
The bloc's top court has annulled an EU-US agreement on EU handovers of air passenger data to US security agencies, and dismissed the European Commission's assurance that Washington could provide necessary privacy protection for such data.
The European Court of Justice (ECJ) on Tuesday (30 May) announced its final verdict in a row that highlights Brussels limited legal powers in security matters.
Join EUobserver today
Get the EU news that really matters
Instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
"Neither the Commission decision finding that the data are adequately protected by the United States nor the Council decision approving the conclusion of an agreement on their transfer to that country are founded on an appropriate legal basis," the court ruling states.
But the court instead says EU countries are free to sign bilateral agreements with the US on the matter.
After the September 11 attacks of 2001, Washington demanded access to airlines' booking records to help it fight terrorist threats.
Despite protests from MEPs and debate over travellers' privacy rights in EU capitals and in Brussels, Washington insisted that a broad range of data held by airlines – Passenger Name Records (PNR) – be handed over to ‘homeland security' authorities.
A deal was struck between Washington and EU member states in a fast-track procedure, leading MEPs to contest the agreement in the ECJ, saying they would not endorse or reject it until the legality of the deal had been tested.
"While the view may rightly be taken that PNR data are initially collected by airlines in the course of an activity which falls within the scope of Community law, namely sale of an aeroplane ticket which provides entitlement to a supply of services, the data processing which is taken into account in the decision on adequacy is, however, quite different in nature," the court states.
"That decision concerns not data processing necessary for a supply of services, but data processing regarded as necessary for safeguarding public security and for law-enforcement purposes," it continues, arguing that handing over such information falls under member states' criminal law legislation, and not under EU scope.
Washington currently collects 34 types of data from airlines' passenger records, including name, address, phone number, credit cards and travelling companions.
The US may store the data for three and a half years and is allowed to pass on the data it receives to third countries - an issue which has seriously concerned MEPs.
EU negotiation credibility weakened
EU officials earlier warned that halting the Trans-Atlantic deal would damage the EU's negotiating credibility and create chaos for European travellers to the US.
"Were we to put this on ice we would have tens of thousands of European holiday-makers standing in queues at American airports," former EU external affairs commissioner Chris Patten said a year ago.
Others have worried that airlines could be hit by bans and fines from the US for not handing over the required data, while at the same time facing domestic sanctions from national data protection authorities for transferring the very same data.
British Socialist MEP and member of the parliament's civil liberties committee Michael Cashman however told the Euobserver that the ruling most probably would not change US information collecting procedures.
"It would be commercial suicide for airlines not to hand over the required information, as they would not have the right to land in the US," Mr Cashman said, adding that airlines could agree with their national governments to be relieved from prosecution for the data handover.
The MEP said the parliament should stop its 'immature games' and end the resistance to cooperate with the US on terrorism matters, proposing that EU passengers sign a waiver allowing US authorities to use their data when booking a ticket to the US.
His committee colleague, Swedish Socialist Inger Segelstrom, in favour of stricter privacy rules and data safety for passengers, said that all cards had to be put on the table before an agreement could be reached.
"Will they (the US) have the right to sell the data? Where will it end? How will they use it? Those questions still have to be tackled," Ms Segelstrom said.
Ms Segelstrom said that it would also be commercial suicide for the US to bother EU tourists too much at airports, as the country's own tourism industry would suffer gravely if EU travellers decided to pack their bags for other destinations.