In 2004 the European Commission cut a deal with the US authorities that forced airlines flying from Europe into the US to hand over passenger details to US authorities before landing. A total of 34 separate pieces of information per passenger were routinely handed over.
The deal was agreed as US authorities sought to increase border and airspace security in the aftermath of the terrorists attacks in the US on 11th September 2001. It was later ruled illegal by the European Court of Justice on what some consider to be a legal technicality.
The European Commission was forced to terminate the agreement and frame a new one. The Commission has said that its new agreement will be largely the same in policy terms as the last one, but will be submitted under the EU Treaty rather than the EC Treaty.
The UK Parliament's European Scrutiny Committee has just assessed the Commission's termination notice and the Government's proposals for implementing passenger data transfer and has found the Government's proposals wanting.
The Parliamentary Under-Secretary of State at the Department for Constitutional Affairs, Baroness Ashton of Upholland, found that UK law would permit the transfer of passenger with some minor amendments. She also told the Committee that a new EU deal would be beneficial. The Committee disagreed.
"It is plainly necessary for notice of termination of the agreement to be given to the United States, following the judgment of the ECJ, so that the European Community can avoid a breach of its international obligations," said the Committee's report. "We find the arguments that a new instrument is necessary at EU level to be less than convincing."
"The Committee's conclusion chimes with the Working Party of Data Protection Commissioners who stated in September 2004 that they were very concerned that the provisions of the Data Protection legislation were being set aside," said Dr Chris Pounder, a data protection specialist with Pinsent Masons, the law firm behind OUT-LAW.COM. "Clearly the Committee are concerned that important data protection issues need to be addressed in any new agreement in the USA and that the desire to arrive at a political deal with the USA should not override privacy concerns."
Baroness Ashton had set out how the data could be transferred legally under UK law. “It has been necessary to identify a means of implementing the new Agreement under UK law," she wrote in her submission to the Committee. "It would appear likely at this stage that Article 13 of the Chicago Convention of 1944 would allow the UK to introduce secondary legislation, via an Air Navigation Order and section 60(2) of the Civil Aviation Act 1982, providing for the passing of certain elements of passenger information to the United States from UK air carriers or the UK Government."
"This approach would satisfy requirements in the Data Protection Act 1998. An Air Navigation Order would be an Order in Council. It has been proposed that an emergency Privy Council Office meeting be called for early September," wrote Baroness Ashton.
The Committee said that if data transfer were legal within the UK, no European law was needed. "We note the Minister’s comment that the ECJ judgment 'would not prevent the UK carriers from transferring PNR data under UK law', and that measures could be adopted under the Civil Aviation Act 1982 to satisfy the requirements of the Data Protection Act 1998," wrote the Committee. "From these comments it appears that no instrument is required at EU level to permit domestic measures to make lawful the transfer of data by UK based carriers."
Privacy experts have warned that the EU's failure contemplate changing the content of the data transfer deal will anger privacy activists. "In effect, all the Commission has done is to ensure that those who object to the Passenger Name Records (PNR) deal have to start again in the Courts, possibly with a human rights case," Pounder told OUT-LAW when the EU announced it would not change its policy.