Here's one flight delay that European Union citizens might appreciate: The European Parliament has grounded an agreement that would have sent more passenger data winging its way to Canadian law enforcers. And like other flight delays, it could have huge repercussions — in this case for similar data exchange deals with the U.S. and Australia.
Members of the European Parliament voted 383 to 271 to refer the Canadian flight data deal to the Court of Justice of the European Union (CJEU) for an opinion on whether it is in line with data protection rules enshrined in EU treaties and the EU's Charter of Fundamental Rights.
Canada and the EU are in the process of renegotiating a 2006 deal to exchange so-called passenger name record (PNR) data for the purposes of fighting terrorism and serious crime. This includes information provided by passengers when they book or check in for flights, and data collected by airlines for commercial purposes. It consists of about 60 elements, including itineraries, ticket references, contact details, travel dates, means of payment used, seat numbers and baggage information.
The EU Council of Ministers signed the revised deal with Canada in June, but it still needs the European Parliament's approval before it can enter into force.
Parliament is concerned that building such a database to retain and share passengers' personal data could be illegal in the light of a ruling by the CJEU in May. That judgment invalidated EU laws requiring communications providers to retain metadata — in much the same way as flight data would be retained under the PNR agreement — because the laws interfered with fundamental privacy rights.
Privacy groups welcomed the Parliament's decision Tuesday, and said that the CJEU ruling could have a big impact on similar deals.
The vote might also have consequences for the EU's existing PNR sharing deals with the U.S. and Australia, said Alexander Sander, managing director of German digital rights group Digitale Gesellschaft, welcoming the decision.
"If the court rules this is not in line with EU fundamental rights they would first of all have to stop the already existing agreements with the U.S. and Australia," he said.
It doesn't stop there though. The court ruling could also affect the EU-U.S. Terrorist Finance Tracking Program (TFTP) Agreement under which some data from the SWIFT international bank messaging system is transmitted to U.S. authorities, again to fight terrorism. "That deal is really similar to the PNR agreement, and I'm really sure that we have to rethink it as well," if the CJEU's opinion on the deal is in line with the April data retention ruling, Sander said.
Joe McNamee, executive director of European digital rights group EDRi was also delighted by the Parliament's decision.
Sign up for CIO Asia eNewsletters.