Thursday

29th Sep 2016

Scrapped EU surveillance law throws doubt on US data agreements

  • The April ruling may affect discussions on the Entry/Exit system where the fingerprints of all visiting non-EU nationals are collected and stored (Photo: EU's attempts)

A decision by the EU court earlier this year to scrap a controversial data retention directive may have implications for existing international data agreements and EU proposals under review.

“We will have a debate on the question of the compatibility of these international agreements with EU law here in the parliament,” German Green Jan Phillip Albrecht said Wednesday (23 July).

Dear EUobserver reader

Subscribe now for unrestricted access to EUobserver.

Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.

  1. Unlimited access on desktop and mobile
  2. All premium articles, analysis, commentary and investigations
  3. EUobserver archives

EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.

♡ We value your support.

If you already have an account click here to login.

At stake are a number of data-sharing agreements with the Americans such as the one requiring airlines to share air passengers' personal details (PNR) with US authorities, and the EU-US terrorist financial tracking programme (TFTP).

The European Court of Justice in April ruled that the EU retention directive had violated the rights to privacy and data protection, in part, because no link was made between the data retained and the threat to public security.

The court rejected the bulk collection of data of people not suspected of any crime and the amount of time it was stored.

But the now-defunct retention directive is not the only EU policy or law that involves the mass collection of data of people not suspected of any crime.

A study, commissioned by the European Greens and presented by Albrecht, says the court’s judgement means the European Commission will have to review or renegotiate a number of agreements.

It finds that the transfer of undifferentiated bulk data collection and transfer of flight passenger and bank data to the US are not compatible with court’s judgement.

“It doesn’t happen very often that a directive is declared void in its entirety and this shows the importance of the case and maybe the initial misjudgement of the EU legislator, in particular the commission, which defended the directive in recent years,” said Franziska Boehm, an assistant professor at the University of Munster, and co-author of the study.

One legal argument used by the study is an article in the 2002 e-privacy directive.

It states blanket data retention is not possible in the field of communications “except under certain circumstances” and only if compatible with fundamental rights.

“We think a review of these agreements and possibly even a renegotiation of these agreements even if it is painful needs to be carried out,” she said.

The commission disagrees.

A “preliminary assessment” by the Brussels executive suggests other EU-level justice and home affairs laws cannot be compared with the scrapped directive.

EU spokesperson Michele Cercone said in an email the air passenger data and financial tracking agreements “provide for effective data protection safeguards”.

He said the existing instruments are also “more limited in purpose and scope” and “set out clear rules for the access and use of data.”

Some concessions to the ruling could be made when it comes to on-going discussions, he said.

He pointed to discussions on the EU’s own air passenger data collection system and the so-called Entry/Exit system where the fingerprints of all visiting non-EU nationals are collected and stored in a database.

Albrecht received a similar written reply from EU home affairs commissioner Cecilia Malmstrom in June.

Malmstrom said the commission has no intention of terminating the PNR agreements with the US, Canada or Australia regardless of the court’s judgement.

“The personal data involved in the processing of PNR (passenger name record) data is less revealing than the types of telecommunications data formally retained under the data retention directive,” she noted.

Albrecht, for his part, said the debate would continue in the parliament’s civil liberties committee after the summer break.

Stakeholders' Highlights

  1. Counter BalanceWhy the Investment Plan for Europe Does not Drive the Sustainable Energy Transition
  2. Nordic Council of MinistersThe Nordic Region Seeks to Make Its Voice Heard in the World
  3. Taipei EU OfficeCountries Voice Support for Taiwan's Participation in ICAO
  4. World VisionNew Tool Measuring Government Efforts to Protect Children Released
  5. GoogleDid You Know Europe's Largest Dinosaur Gallery Is in Brussels? Check It Out Now
  6. IPHRHuman Rights in Uzbekistan After Karimov - Joint Statement
  7. CISPECloud Infrastructure Providers Unveil Data Protection Code of Conduct
  8. EFAMessages of Hope From the Basque Country and Galicia
  9. Access NowDigital Rights Heroes and Villains. See Who Protects Your Rights, Who Wants to Take Them Away
  10. EJCAppalled by Recommendation to Remove Hamas From EU Terrorism Watch List
  11. GoogleBringing Education to Refugees in Lebanon With the Clooney Foundation for Justice
  12. Belgrade Security ForumCan Democracy Survive Global Disorder?