Sunday, 27 November 2005

EU Court advisory opinion against USA access to airline reservation data

In his advisory opinion on a lawsuit initiated in June 2004 by the European Parliament, the Advocate General of the European Court of Justice has recommended that the Court annull both the agreement by the Council of the European Union to permit access by certain USA government agencies to airline reservation data from the EU, and the finding by the European Commission that airline reservation data transferred to the USA government under the agreement would be "adequately" protected.

Opinion of the Advocate General in cases C-317/04 and C-318/04 (22 November 2005):

My French is weak (a translation of the Opinion into English may eventually be posted here , but hasn't yet been prepared), and my knowledge of EU legal procedure nonexistent. But my understanding from European press reports is that the Advocate General investigates and researches the case on behalf of the Court, and that his or her recommendations are usually but not always followed.

The recommended actions (nullification of the agreement and the adequacy finding) are no surprise, but the Advocate General's reasoning isn't what I had expected.

As I (imperfectly) understand it, the Advocate General's Opinion rejects the arguments against the adequacy finding and agreement based on their incompatibility with the EU Data Protection Directive, on the thoery that transfers of personal data for law enforcement purposes are excluded from that Directive. And the Advocate General rejects Parliament's procedural and division-of-powers objections to the manner in which the adequacy finding and agreement were approved over Parliament's objections.

Instead, the Advocate General's Opinion is based on the argument that international transfers of personal data for law enforcement purposes are outside any authority of the EU -- and thus, implicitly, that they could be authorized, if at all, only by national action by individual EU mmeber governments, according to their various national procedures.

Should this reasoning be adoipted by the EU Court of Justice in its final decision, the likely consequence would be an immediate attempt by the USA to conclude similar agreements with individual EU members. The first targets, I suspect, would probably be the UK and/or the Netherlands, and it's possible that negotiations for such reservation data access treaties could be bundled into, and leveraged by other concessions in, the ongoing negotaitions between the USA and EU governments on bilateral and multilateral aviation treaties.

None of this has any effect on the (il)legality of transfers of reservation data from airline offices, travel agents, and tour operators in the EU to commerical entities in the USA, including airlines and computerized reservations systems . As I've noted repeatedly, those routine ongoing transfers of personal data, in the absence of any legal restrictions on how those commerical entities can use (sell, rent, re-transfer, etc.) the data, are undoubtedly in violation of the EU Data Protection Directive and the privacy clause of the EU Code of Conduct for CRS's, and provide grounds for complaints by travellers from the EU.

[Addendum, 14 February 2006: Statewatch.org has posted the official translation into English of the Advocate General's opinion. There's still no word on a date for the decision of the Court itself.]

Link | Posted by Edward on Sunday, 27 November 2005, 19:49 ( 7:49 PM) | TrackBack (1)
Comments
Post a comment









Save personal info as cookie?