Privacy & Information Security Law Blog

On July 26, 2017, the Court of Justice of the European Union (“CJEU”) declared that the envisaged EU-Canada agreement on the transfer of Passenger Name Records (“PNR Agreement”) interferes with the fundamental right to respect for private life and the right to the protection of personal data and is therefore incompatible with EU law in its current form. This marks the first instance where the CJEU has been asked to rule on the compatibility of a draft international agreement with the European Charter of Fundamental Human Rights.

The envisaged PNR Agreement authorizes the systematic and continuous transfer of all air passenger data to a Canadian authority for purposes of combating terrorism and other serious transnational crimes. The PNR Agreement permits the transferred data to be used, retained and possibly transferred to other authorities and non-member countries to achieve this aim.

The CJEU holds that while the interferences in question can be justified by the pursuit of public security, several provisions of the PNR Agreement are not limited to what is strictly necessary to achieve that aim:

• Transfer and Retention of Sensitive Data: Parties to the PNR Agreement accept that sensitive data may be transferred to Canada. However, a transfer of sensitive data requires a solid justification based on grounds other than the protection of public security. In this instance, there is no such justification.
• Use of PNR Data During Air Passengers’ Stay in Canada: Following verification of passenger data and permission to enter Canadian territory, the use of their data during their stay must be based on new circumstances justifying the use. As a general rule, the use of retained passenger data during their stay must be subject to a prior review carried out by a court or independent administrative body following a reasonable request by competent authorities submitted within the framework of procedures for the prevention, detection or prosecution of crime.
• Continued Storage of PNR Data after Departure: The envisaged PNR Agreement permits the storage of passenger data for a period of five years. After a passenger (who has not been identified as presenting a risk relating to terrorism or serious transnational crime upon arrival and up to departure) has left Canada, there is no longer a connection between the data and the objective pursued by the PNR Agreement which would justify the retention of their data.

The CJEU notes that the PNR Agreement should:

• Determine clearly and precisely certain passenger data to be transferred.
• Specify that the criteria used for automated processing of passenger data will be non-discriminatory, reliable and specific.
• Indicate that databases used will be limited to those used by Canadian authorities in the fight against terrorism and serious transnational crime.
• Provide that passenger data may be disclosed by Canadian authorities to the authorities in a non-member country only if there is an agreement between the EU and the country in question equivalent to the envisaged PNR Agreement or a decision of the EU Commission in that field.
• Provide air passengers with a right to notification if their data is used during their stay in Canada or after their departure, or if it is disclosed to other authorities or individuals.
• Guarantee that an independent supervisory authority will oversee the rules relating to the protection of the processing of air passengers’ data.

Until changes are made to several provisions to ensure they are limited to what is strictly necessary to achieve the aim of the PNR Agreement, the CJEU concludes that the envisaged agreement may not be concluded in its current form.

Despite the ruling of the court, the EU Commission confirmed that it is moving forward with the implementation of an internal EU Passenger Name Record system which was adopted last year.