EU Called Wrong to Allow Passenger Data Release

A European Union decision taken two years ago to share personal information about passengers flying from the union to the United States with American authorities was illegal, the European Court of Justice ruled Tuesday.

The decision to share passenger name records, which include details such as citizens’ names, addresses and travel schedules, came in the wake of the Sept. 11, 2001 attacks and was intended to help the United States pursue its so-called “war on terrorism.”

The European Parliament opposed the agreement, which was brokered by the European Union’s executive body, the European Commission, and approved by the 25 national governments of the union member states.

The Parliament appealed to the Court of Justice in Luxembourg, claiming that the commission was wrong to conclude that European citizens’ personal data would be adequately protected by authorities in the United States, and that the national governments were wrong to approve the agreement to transfer the data, signed with the U.S. government in May 2004.

The court agreed with both claims by the Parliament and overruled both the commission and the Council of national governments.

“Neither the Commission decision nor the Council decision are founded on an appropriate legal basis,” the court said in a statement.

The overturning of the decisions marks a victory for civil-liberties activists, but it leaves travel companies, especially the airlines that must collect the passenger data and hand it over to U.S. authorities, in a legal quandary.

Under U.S. laws passed after Sept. 11, 2001, airlines can be fined for failing to hand over the information.

The court gave the commission and the council until Sept. 30 to find another solution. The agreements signed two years ago will remain in place for another four months, it said, “for reasons of legal certainty,” while European legislators seek an alternative.

Some national governments including the British government are considering striking a bilateral agreement with the United States in order to continue sharing passengers’ details with the authorities there.

A U.S. official said, “We are working with the commission, and we will make the best efforts to find an agreed interim approach to data transfers which fully respect the ruling.” The official said the U.S. government remains committed to the principle of privacy. The aim during the four-month transition period is to avoid disruption to transatlantic traffic and to maintain a high level of security, he said.

The commission is examining “the full implications” of the court’s decision, said Johannes Laitenberger, spokesman for the commission. It remains committed to the fight against terrorism, and also the respect of people’s privacy, he said.

The court did not overrule the substance of the agreement struck in 2004, but focused on the legal basis for those decisions, he said.

The commission is considering changing the legal basis of the agreements so that the European Parliament can be involved in the decision, he said.

Part of the reason the Parliament challenged the passenger data decision in court is that it was excluded from the decision-making process.

-Paul Meller, IDG News Service

Keep checking in at our CSO Security Feed page for updated news coverage.