European Court of Justice Strikes EU-US Agreement on PNR Data

You may also like...

5 Responses

  1. Michaël Van Dorpe says:

    I understand that the Court says that “the Data Protection Directive does not cover security-related data transfers”. However, does that mean that there are no privacy issues left? Even if this directive is not a problem, couldn’t art. 8 ECHR or some EU general principle make signing the exact same agreement with a “3rd pillar hat” illegal?

    Or is the fact that the Court allows the programme to continue until September 30, 2006 enough proof that the Court thinks there are no privacy issues?

    Of course, if the Parliament cannot challenge the new agreement, this question will not come up before the Court (unless the Parliament argues that a new agreement should be based on the first pillar anyway…).

    I just read that the plan is to keep the substance of the agreement intact, and just change the legal basis (

    Somewhere in my reasoning I probably lost course… This would have been much worse if I didn’t have your detailed blog entries to rely on; thank you!

  2. Francesca says:

    Thanks very much for that EU Observer article. It sounds like they will be proceeding under the Pillar 3 scenario that I outlined in my post, since Frattini talks of all 25 member states having to implement the agreement (which is part of what distinguishes Pillar 3 from Pillar 1 agreements).

    The privacy issue was never addressed by the Court (it was addressed by the Advocate General, in favor of the Council and the Commission, but that has no legal effect). Therefore, you are right that art. 8, ECHR and art. 8, EU Charter of Fundamental Rights could pose problems. The most likely way that such a challenge would arise is in the national courts and, from the national courts, by way of preliminary reference, to the ECJ. (14 member states have accepted ECJ jurisdiction over such preliminary references so far.)

  3. Thomas says:


    I thought a little historical background may shed some light on the EU’s position regarding privacy legislation. As a group of countries that have witnessed the severe abuse of personal identifiable (PI) information over the past century, you may start to appreciate why the European governments are reluctant to share. Case in point is their restrictions on cross border transmission of PI data or asysets. Trading partners were given a choice- comply or do not do business here.

    In a sense, when a person visits our country we are in effect inviting them into our own home. When I greet someone at my door, I have the right to establish certain conditions before granting them the privilege of entry. This includes the behaviour expected while in my home. As the gatekeeper, I should be able to demand that a prospective guest prove to me they are worthy of entry and trust while in my home.

    Since an airline ticket is in essence a key to my front door, the burden of proof should rest with the guest, not the airline or government at the point of departure or arrival.

    For example, many countries require a pre-approved visitor’s visa including length of stay & purpose. Some go as far as demanding proof that certain inoculations occur in advance to protect their own population. Should I get the urge to see a real lemur in the wild, I know that Madagascar requires my compliance with their rules. A pre-approved vistor’s visa can also act a deterant to those acting on spur-of the-moment emotions. By the same token, I can choose whether to go or be content visiting the local zoo.

    Proofing one’s identity is not a new concept. I image that even the caveman demanded some form of authentication such as a sign, marking or ritual prior to inviting a stranger into their firelight. The elusive 28th could include a national “Right to Privacy” in this context.

    In short, the onus should be on the guest. The solution does not lie in going Pillar to Post.

  4. Gitaoero says:

    interesting thank you…


  5. Gitaoero says:

    interesting thank you…