Seized by the European Parliament to decide on the conformity of the agreement (the “PNR Agreement”) initialed between the European Union and Canada on the transfer of Passenger Name Record (“PNR”) data with the protection of fundamental rights in the European Union, the Court of Justice of the European Union rendered an opinion on 26 July 2017 which upholds the notion of the PNR regime, while requiring a review of the terms of the PNR Agreement.
While the Court of Justice of the European Union has validated the controversial PNR system in principle, it did censure some of its modalities of implementation. As a direct result of this decision, the PNR Agreement may not become operational in its current form. However, the Court’s opinion provides guidelines to amend the PNR Agreement in ways that would conform to the provisions of the Charter of Fundamental Rights of the European Union (thereafter the “Charter”).
1. Purpose of the EU-Canada PNR Agreement on the transfer and processing of PNR data
The PNR Agreement on the transfer and processing of PNR data was signed in 2014.
Its purpose was to permit the systematic and continuous transfer of PNR data of all air passengers to a Canadian authority with a view to that data being used and retained, and possibly transferred subsequently to other authorities and to other non-member countries, for the purpose of combating terrorism and forms of serious transnational crimes.
To achieve this goal, the transferred PNR data were intended to be analyzed on a systematic basis by automated means, based on pre-established models and criteria, before the passengers’ arrival. As a result, border controls were expected to be more efficient, and much faster. The PNR information would have been stored for a period of five years.
Taken as a whole, the PNR data would have revealed, inter alia, a complete travel itinerary, travel habits, information on the financial situation of the passengers, their state of health, and even sensitive information. To allocate privacy concerns, the PNR Agreement contains requirements to assure the security and integrity of the transferred and stored PNR data. More specifically, the PNR Agreement provided for immediate masking of sensitive data, right of access to and correction and erasure of data, and the possibility of administrative and judicial redress.
In spite of these guarantees, the European Parliament asked the Court to pronounce on the conformity of the PNR Agreement with the Articles 7 and 8 of the Charter.
2. Validation of the PNR system by the Court of Justice of the European Union
For the Court, the PNR data, considered individually, do not reveal information affecting the private life of the passengers. However, the Court considered that the aggregation of the transferred PNR data constitutes an infringement on the right to privacy as protected by the Charter.
Furthermore, PNR data are intended to be analyzed systematically before the arrival of the aircraft in Canada by automated means, based on pre-established models and criteria. The PNR data may also be verified automatically by cross-checking with other databases. For the Court, such cross-checking may provide additional information on the private lives of air passengers, which may be considered as interference to rights to privacy and protection of personal data.
For the Court, this does not constitute per se a violation of the provisions of the Charter. Indeed, the Court, modifying its jurisprudence, considers that interference with the rights protected by the Charter can be justified by the pursuit of an objective of general interest.
The PNR Agreement had as its primary objective the fight against terrorist offences and serious transnational crime. For the Court, this objective, considering the current context in Europe, should be considered of general interest, thereby justifying interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter.
However, the Court was cautious to limit the effects of its opinion by requiring such interference to be necessary to achieve the general interest objective.
3. The necessity of interference: the criterion of compliance with fundamental rights
The Court’s opinion lists provisions of the PNR Agreement which the Court considers not to be necessary for combating terrorism and forms of serious transnational crimes.
- Categories of PNR data not defined clearly and precisely
The Court considered that some provisions of the PNR Agreement mentioning “all available contact details” are not delineated in a clear and precise manner. For the Court, such provisions are too broad and do not limit the scope and nature of the information transferred. As a consequence, the Court considered that such provisions constitute a violation of the rights protected by the Charter.
- Sensitive data
The Court viewed some provisions of the agreement as allowing the transfer of sensitive data (i.e. data revealing the ethnic origin, political opinions, religious or philosophical convictions, state of health). For the Court, the authorization of the transfer of sensitive data to Canada requires a precise and particularly solid justification, based on grounds other than the protection of public security against terrorism and serious transnational crime. However, the Court found that no such justification was established.
- Modalities of the predictive algorithms
For the Court, pre-established models and criteria should be specific and reliable in order to produce results targeting individuals with respect to whom there would be a reasonable suspicion of involvement in terrorist offenses or serious transnational crime. As the Court found that this is not the case under the terms of the PNR Agreement, the Court considered that the models and criteria should be adapted in order to comply with the Charter.
- Storage of PNR data
The PNR Agreement provides for a storage period of the PNR data of 5 years.
For the Court, the storage of the PNR is acceptable as long as the concerned passengers remain on the Canadian soil; however, the use of the PNR data during the stay in Canada of the passenger, unless for emergency situation, must be previously controlled by a judicial or administrative authority.
Moreover, the Court considered that the storage of PNR data, after the departure of the passenger from Canada is not limited to what is strictly necessary, except in extremely rare cases where derogation could be obtained.
Therefore, the Court called for modification of the PNR Agreement in order to comply with the Charter in these regards.
- Transfer of PNR data to third parties country
Pursuant to the Directive 95/46, and the Court’s “Schrems” decision, the transfer of data may be performed only if the European Commission considers that the level of protection offered by the recipient country is of an adequate level, or substantially equivalent to the one granted within the European Union. As the PNR Agreement does not provides for such requirement the Court has considered that the PNR Agreement’s provisions on that matter infringed the rights guaranteed by the Charter.
The opinion rendered by the European Court of Justice is notable in the sense that it considers that the PNR system can, if properly constructed, comply with the provisions of the Charter.
On the other hand, as a direct result of this opinion, although the PNR Agreement cannot be enforced as such, the Court gave precise guidelines which would allow the negotiators to find a new agreement in line with the fundamental rights granted to the European citizens.