EU law blog characterises the ECJ Advocate General's decision on the transfer of EU airline passenger data to the US authorites as a shock. I'm not sure it is a shock necessarily, given the amount of behind the scenes politicking that's gone on with this, but it's certainly worth noting that the specific reasons why he concludes as he does, that the European Court of Justice should annul the Council's and the Commission's decisions on the handover, are different to the reasons put forward by the European Parliament, which made the complaint.
"First, he considers that Commission Decision 2004/535/EC on the adequate protection of personal data contained in the Passenger Name Record of air passengers transferred to the United States Bureau of Customs and Border Protection was wrongly based on Directive 95/46/EC because the processing of the data put at the disposal of the United States concerned public security and the activities of the state in relation to criminal law and the fight against terrorism. Processing data for such purposes is outside the scope of the protection afforded by Directive 95/46/EC according to its Article 3 § 2. As the Commission could not lawfully adopt Decision 2004/535/EC on the basis of article 25 § 6 of Directive 95/46/EC, the Advocate General recommends that it should be annulled by the Court.
So, the reasons the Advocate General puts forward are very different from those submitted by the European Parliament which brought the action.
Second, the Advocate General considered that Article 95 EC was not the proper basis for adopting Council Decision 2004/496/EC of May 17th, 2004 on the conclusion of an Agreement between the European Community and the United States of America on the processing and transfer of PNR data by Air Carriers to the United States Department of Homeland Security, Bureau of Customs and Border Protection and it too should be annulled by the Court. The reasoning was the same. The processing of the data pursuant to the agreement between the EC and the USA concerned the fight against terrorism and serious crime whereas Article 95 EC concerned the functioning of the internal market of the EC."
Basically the decision says nothing about whether the Commission and Council should be allowed to mandate the passing of personal data to the US authorities, only that they used the wrong procedure. The Parliament were partly prompted to make the complaint in the first place because of anger over what they believed to have been assurances by the relevant EU commissioner, which they then felt he deliberately reneged on in confidential discussions and agreements with the US.
Essentially then, the EU Council of Governments and the EU Commission used the wrong procedure to mandate the handing over of large quantities of personal data to a foreign government. The EU Parliament then cited the wrong procedure in its complaint that a fundamental principle of European Union citizen data protection was being undermined. The mainstream press would probably paint this as another story of bureaucratic incompetence. As a great believer in the ubiquity of the cock of theory of history, I'd find it easy to be sold on that but there is another story here too. The making of reactive, superficial, high level political decisions about fundamental liberties and the pressurising of officials to "find a way" to get it done. The way is generally attaching it to some procedural process and with any luck it will slip through without getting subject to the kind of thorough judicial review the PNR decision attracted.
The Council and the Commission will now lean on officials to find another way...
No comments:
Post a Comment