PL&B UK E-news, Issue 44

1. European Court of Justice declares the EU/US air passenger data agreement illegal

The European Court of Justice ruled yesterday that the EU/US agreement approving the transfer of airline passenger data from Europe to the US for security purposes was illegal.

But privacy advocates may give only one cheer, or perhaps none at all to the judgment. The Court ruled that the EU/US agreement was invalid because the EU has no authority under EU law to do anything at all about the processing of personal data for public security and law enforcement purposes. Only member states, under their national data protection laws, can take action to regulate the processing of personal data for law enforcement purposes.

The agreement approved the requirement that EU airlines give Washington 34 bits of information about passengers flying to the US, including names, addresses, telephone numbers, and methods of payment. This will continue under the judgment until the end of September.

For the EU to renegotiate the agreement would almost certainly require amending the Data Protection Directive, and possibly even the EU Treaty, either of which could take a very long time. What is more likely, although with possible pitfalls, would be for the 25 national data protection authorities to negotiate collectively with the US, using the EU agreement as a model, but acting collectively independent of the EU. The member states have already effectively approved the terms of the agreement, although some could now have second thoughts.

For further details on Privacy Laws & Business Newsletters, please click here.

Copyright Privacy Laws & Business 2006