In 2004 the European Commission cut a deal with the US
authorities that forced airlines flying from Europe into the US to
hand over passenger details to US authorities before landing. A
total of 34 separate pieces of information per passenger were
routinely handed over.
The deal was agreed as US authorities sought to increase border
and airspace security in the aftermath of the terrorists attacks in
the US on 11th September 2001. It was later ruled illegal by the
European Court of Justice on what some consider to be a legal
technicality.
The European Commission was forced to terminate the agreement
and frame a new one. The Commission has said that its new agreement
will be largely the same in policy terms as the last one, but will
be submitted under the EU Treaty rather than the EC Treaty.
The UK Parliament's European Scrutiny Committee has just
assessed the Commission's termination notice and the Government's
proposals for implementing passenger data transfer and has found
the Government's proposals wanting.
The Parliamentary Under-Secretary of State at the Department for
Constitutional Affairs, Baroness Ashton of Upholland, found that UK
law would permit the transfer of passenger with some minor
amendments. She also told the Committee that a new EU deal would be
beneficial. The Committee disagreed.
"It is plainly necessary for notice of termination of the
agreement to be given to the United States, following the judgment
of the ECJ, so that the European Community can avoid a breach of
its international obligations," said the Committee's report. "We
find the arguments that a new instrument is necessary at EU level
to be less than convincing."
"The Committee's conclusion chimes with the Working Party of
Data Protection Commissioners who stated in September 2004 that
they were very concerned that the provisions of the Data Protection
legislation were being set aside," said Dr Chris Pounder, a data
protection specialist with Pinsent Masons, the law firm behind
OUT-LAW.COM. "Clearly the Committee are concerned that important
data protection issues need to be addressed in any new agreement in
the USA and that the desire to arrive at a political deal with the
USA should not override privacy concerns."
Baroness Ashton had set out how the data could be transferred
legally under UK law. “It has been necessary to identify a means of
implementing the new Agreement under UK law," she wrote in her
submission to the Committee. "It would appear likely at this stage
that Article 13 of the Chicago Convention of 1944 would allow the
UK to introduce secondary legislation, via an Air Navigation Order
and section 60(2) of the Civil Aviation Act 1982, providing for the
passing of certain elements of passenger information to the United
States from UK air carriers or the UK Government."
"This approach would satisfy requirements in the Data Protection
Act 1998. An Air Navigation Order would be an Order in Council. It
has been proposed that an emergency Privy Council Office meeting be
called for early September," wrote Baroness Ashton.
The Committee said that if data transfer were legal within the
UK, no European law was needed. "We note the Minister’s comment
that the ECJ judgment 'would not prevent the UK carriers from
transferring PNR data under UK law', and that measures could be
adopted under the Civil Aviation Act 1982 to satisfy the
requirements of the Data Protection Act 1998," wrote the Committee.
"From these comments it appears that no instrument is required at
EU level to permit domestic measures to make lawful the transfer of
data by UK based carriers."
Privacy experts have warned that the EU's failure contemplate
changing the content of the data transfer deal will anger privacy
activists. "In effect, all the Commission has done is to ensure
that those who object to the Passenger Name Records (PNR) deal have
to start again in the Courts, possibly with a human rights case,"
Pounder told OUT-LAW when the EU announced it would not change its
policy.
