Scrapped EU surveillance law throws doubt on US data agreements
A decision by the EU court earlier this year to scrap a controversial data retention directive may have implications for existing international data agreements and EU proposals under review.
“We will have a debate on the question of the compatibility of these international agreements with EU law here in the parliament,” German Green Jan Phillip Albrecht said Wednesday (23 July).
Join EUobserver today
Get the EU news that really matters
Instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
At stake are a number of data-sharing agreements with the Americans such as the one requiring airlines to share air passengers' personal details (PNR) with US authorities, and the EU-US terrorist financial tracking programme (TFTP).
The European Court of Justice in April ruled that the EU retention directive had violated the rights to privacy and data protection, in part, because no link was made between the data retained and the threat to public security.
The court rejected the bulk collection of data of people not suspected of any crime and the amount of time it was stored.
But the now-defunct retention directive is not the only EU policy or law that involves the mass collection of data of people not suspected of any crime.
A study, commissioned by the European Greens and presented by Albrecht, says the court’s judgement means the European Commission will have to review or renegotiate a number of agreements.
It finds that the transfer of undifferentiated bulk data collection and transfer of flight passenger and bank data to the US are not compatible with court’s judgement.
“It doesn’t happen very often that a directive is declared void in its entirety and this shows the importance of the case and maybe the initial misjudgement of the EU legislator, in particular the commission, which defended the directive in recent years,” said Franziska Boehm, an assistant professor at the University of Munster, and co-author of the study.
One legal argument used by the study is an article in the 2002 e-privacy directive.
It states blanket data retention is not possible in the field of communications “except under certain circumstances” and only if compatible with fundamental rights.
“We think a review of these agreements and possibly even a renegotiation of these agreements even if it is painful needs to be carried out,” she said.
The commission disagrees.
A “preliminary assessment” by the Brussels executive suggests other EU-level justice and home affairs laws cannot be compared with the scrapped directive.
EU spokesperson Michele Cercone said in an email the air passenger data and financial tracking agreements “provide for effective data protection safeguards”.
He said the existing instruments are also “more limited in purpose and scope” and “set out clear rules for the access and use of data.”
Some concessions to the ruling could be made when it comes to on-going discussions, he said.
He pointed to discussions on the EU’s own air passenger data collection system and the so-called Entry/Exit system where the fingerprints of all visiting non-EU nationals are collected and stored in a database.
Albrecht received a similar written reply from EU home affairs commissioner Cecilia Malmstrom in June.
Malmstrom said the commission has no intention of terminating the PNR agreements with the US, Canada or Australia regardless of the court’s judgement.
“The personal data involved in the processing of PNR (passenger name record) data is less revealing than the types of telecommunications data formally retained under the data retention directive,” she noted.
Albrecht, for his part, said the debate would continue in the parliament’s civil liberties committee after the summer break.