Europe will not share passenger data with US

A deal allowing airlines to hand over confidential passenger data to the United States has been struck down by Europe's highest court. The decision came after complaints that an agreement allowing US officials access to 34 different pieces of passenger information–from credit card details to phone numbers–breaches personal privacy. The European Court of Justice on May 30 threw out the deal, negotiated to satisfy US anti-terror measures, objecting to its legal basis. The court gave the European Union until Sept. 30 to find an alternative solution, leaving officials with a race against the clock to try to resolve the legal muddle. If they fail, airlines may have to choose between defying the US authorities–and being fined or having flights turned back–or leaving themselves open to legal action in Europe. Disputes over passenger records date back to the aftermath of the 9/11 suicide hijackings in the United States, when the US authorities demanded more stringent security standards. After several European aircraft were turned back because of their failure to supply passenger data, the European Commission (EC) helped negotiate the new deal, which came into force in May 2004. It obliges airlines to transmit information electronically within 15 minutes of flights embarking for the US. Details include the names of all travelers, all contact details, telephone numbers, addresses, emails, payment information, bank numbers and credit card data. Though minor concessions were won, the European Parliament challenged the measure in court, arguing that the US offers insufficient data protection guarantees. In fact the May 30 ruling did not criticize passenger-name record transfers or raise objections on the grounds of human rights or privacy. Instead it took issue with the technicalities behind the law. The court ruled that this was inappropriate since the law did not apply to information collected for security purposes. The EC will now look for a way to put the agreement on a different legal footing. One possibility is to use article 24 of the EU's governing treaty, which allows for EU foreign policy agreements with individual states or international organizations. An alternative is to go ahead under justice and home affairs legislation. Such accords might not be impossible to agree within the three-month timetable, particularly since all governments would have to agree–including nations such as France, where national parliaments are very hostile. Failing that, EU governments might strike bilateral deals with the US, though whether these would contravene European law remains unclear. Plunged into legal limbo, some airlines are alarmed at the possibility of being hit by bans or fines from the US side of up to $6,000 per passenger if they fail to hand over electronic passenger records. They may also face domestic sanctions from national data protection authorities in countries such as the Netherlands for transferring the data. Officials on both sides of the Atlantic sought to play down the crisis. Johannes Laitenberger, a spokesperson for the EC, emphasized the court's judgment was only about the agreement's "legal basis," and not its content. Stewart Baker, an assistant secretary at the US Department of Homeland Security, called it a "resolvable issue." British Airways, whose most profitable business comes from transatlantic flights, said it was "disappointed" by the ruling but suggested that data could be transmitted in any event. It said: "We have been liaising with [the] government in advance of the ECJ ruling and understand that the UK data protection legislation does not prevent British Airways from providing passenger data to the US authorities."