28 January 2022
The mass travel surveillance and profiling of air passengers carried out under the EU's Passenger Name Record Directive does not breach fundamental rights standards, says an opinion published yesterday by the Court of Justice in Strasbourg. Opinions precede the verdict of the court, and often set the tone for rulings.
Support our work: become a Friend of Statewatch from as little as £1/€1 per month.
The Passenger Name Record (PNR) Directive was agreed in April 2016 and mandates the surveillance and profiling of almost all air passengers entering, travelling within, or leaving the EU. Passenger data has to be transmitted by travel companies and airlines to Passenger Information Units (PIUs) operated by national police forces.
PIUs can then:
"(a) compare PNR data against databases relevant for the purposes of preventing, detecting, investigating and prosecuting terrorist offences and serious crime, including databases on persons or objects sought or under alert, in accordance with Union, international and national rules applicable to such databases; or
(b) process PNR data against pre-determined criteria [i.e. profiling]."
The case was brought by Belgium's Ligue des droits humains and referred to the Court of Justice to assess whether the Belgian implementation of the PNR Directive and Advance Passenger Information (API) Directive complied with the rights to respect for private life and data protection. The API Directive requires the transmission of air passengers' travel document data to the authorities prior to a flight's departure.
The Advocate-General's Opinion recognises that the measures are "an interference with their private life and as an interference with the fundamental right to protection of personal data," but, as the court's press release puts it:
"...the Advocate General points out that the data that air carriers are required to transfer to PIUs under the PNR Directive are relevant, adequate and not excessive in relation to the objectives pursued by that directive and that their scope does not exceed what is strictly necessary in order to attain those objectives. He considers, moreover, that this transfer is surrounded by sufficient safeguards, the objectives of which are, first, to ensure that only the data expressly referred to are transferred and, second, to ensure the security and confidentiality of the data transferred. The Advocate General also recalls that the PNR Directive sets out a general prohibition on the processing of sensitive data, including also their collection, with the result that the PNR system provides sufficient safeguards making it possible to exclude, at each stage of the processing of the data collected, that this processing may directly or indirectly take into account protected characteristics." [all emphasis in quotes in the original]
"...the Advocate General considers that the generalised and undifferentiated nature of the transfer of PNR data and the prior assessment of air passengers by means of the automated processing of those data is compatible with Articles 7 and 8 of the Charter, which enshrine the fundamental rights to respect for private life and to the protection of personal data."
Christian Thönnes has roundly demolished the reasoning of the opinion in a detailed post for Verfassungsblog.
Beyond its overall approval of the Directive, the Advocate General's opinion does state:
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: MayDay Rooms, 88 Fleet Street, London EC4Y 1DH. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.