Advocate general Paolo Mengozzi, who is one of the top lawyers whose job it is to advise the Court of Justice of the European Union (CJEU), found that “certain provisions of the agreement envisaged, as now drafted, are contrary to the EU Charter of Fundamental Rights”, largely because the deal, he says, went beyond what was “strictly necessary” for achieving “the public security objective pursued by the agreement”.
Advertisement
Under it, Canadian authorities would have access to the data of European travelers like contact details, credit card and other personal information.
Civil liberties advocates have long argued that such agreements are incompatible with European Union privacy laws.
“It is important that the storage and transfer of personal data is done correctly, and does not go beyond what it is strictly necessary”, she said in a statement.
The Luxembourg-based Court of Justice of the European Union (ECJ) heard arguments for and against the agreement at a six-hour proceeding.
But the lawmaker responsible for chaperoning a similar intra-EU agreement through the European Parliament lashed out.
The agreement, which the European Union and Canada began negotiating in 2010, concerns the transfer of PNR data to Canadian authorities for the objective of combatting terrorism and other serious transnational crime.
Under the agreement, so-called Passenger Name Records data would be transferred to Canadian authorities.
He believes the Passenger Name Record agreement would allow Canada to keep data for up to five years even though it might not be deemed necessary to prevent and detect terrorism or serious transnational crime. This creates a needless security risk, undermines privacy, and generates huge costs for taxpayers. If it does agree with Mengozzi’s analysis, it would have far-reaching implications not just for the stalled EU-Canada PNR agreement, but existing deals with other nations, such as the US, Australia, and the EU’s internal PNR Directive. These include that sensitive data not be collected, that the offences for which data can be retained be listed exhaustively and that the number of targeted persons can be limited to those who can be reasonably suspected of participating in a terrorist offense.The opinion also bodes badly for a separate commercial data transfer agreement with the United States, Privacy Shield, which replaces a framework struck down a year ago by the ECJ over concerns about mass USA surveillance. It is widely expected to be challenged by privacy advocates.
Advertisement
She said the opinion raises questions over the legality of other agreements, including ones with the US and Mexico, and recently adopted EU legislation on European storage of passenger data.
