EU-Canada passenger data deal infringes privacy: EU adviser

BRUSSELS (Reuters) - An agreement between the European Union and Canada to share airline passenger data that the two sides say is vital to fighting terrorism must be redrafted before it can be signed, an adviser to the top EU court said on Thursday.

European Union (EU) flags fly in front of the European Central Bank (ECB) headquarters in Frankfurt, Germany, December 3, 2015. REUTERS/Ralph Orlowski/File Photo

Parts of the deal, agreed in 2014, go against the EU Charter of Fundamental Rights, Advocate General Paolo Mengozzi said, and in most such cases, judges follow advisers’ views.

Mengozzi’s opinion will therefore come as a blow to governments around the world, which have stepped up their arguments for data retention and sharing after a spate of militant attacks this year.

EU lawmaker Timothy Kirkhope, who successfully steered so-called Passenger Name Record (PNR) legislation through the European Parliament in April, called the opinion “irresponsible”, given the level of security threat.

Canada welcomed the “detailed opinion” but said it would not comment until the final ruling, expected in a few months.

“We remain committed to continue working closely with the European Union until the ratification of a Canada-EU PNR Agreement that complies with EU fundamental rights and EU law,” a government representative said.

Mengozzi said the proposed agreement allowed authorities to use the passenger name records data beyond what is strictly necessary for the prevention and detection of terrorist offences and serious transnational crime.

It also leaves too much leeway for Canadian authorities to transfer the data to a non-EU country’s authorities, he said.

Passenger name records include names, travel dates, itineraries, ticket and contact details, travel agents and other information.

However, he said the agreement would be compatible with EU fundamental rights subject to certain conditions. These include sensitive data not being collected, that the offences for which data can be retained be listed exhaustively and that the number of targeted persons be limited to those who can reasonably be suspected of participating in a terrorist offense.

The opinion might also bode badly for a separate commercial data transfer deal with the United States, Privacy Shield, which replaces a framework disallowed a year ago by the European Court of Justice over concerns about mass U.S. surveillance. It is widely expected to be challenged by privacy advocates.

Civil rights groups and liberal politicians welcomed the opinion as a reaffirmation of the importance of privacy even when responding to security threats.

“For years now we have questioned the necessity and proportionality of a massive transfer of European passenger data and the legal basis for this,” Dutch Member of the European Parliament, Sophie In’t Veld, said.

Editing by Louise Ireland