Data privacy in spotlight after European ruling on flight data

A new deal is needed to allow EU states to provide passenger information to the US

A data sharing agreement for flight details between the US and the EC will have to be rewritten, as the European Court of Justice has deemed current arrangements lack proper legal status.

In 2001 the EC agreed that European airlines would share passenger information with law enforcement agencies in the US from from 2004. This data - up to 34 items including credit card details, itineraries, and addresses - had to be passed onto the US agencies within 15 minutes of a flight taking off. If this was not done then the flight could be refused entry and the airline could be fined.

The European Parliament objected to the agreement on privacy grounds, saying the scope was too wide and the use of the data was not sufficiently specified. The European Court of Justice did not address these privacy issues but ruled the agreement had no legal basis because of a technicality.

Dr Chris Pounder, a data protection specialist with law firm Pinsent Masons, said that the outcome was a “victory for no one”, and the result could be much looser data protection controls for EU citizens or much tighter ones. “There is a risk that since this falls outside of data laws, other rules could be made that have no protection,” he added.

The EC and the US have until the end of September to reach a new agreement. In the meantime the court said the existing deal is allowed to continue.

“A compromise from the US is not the most likely outcome,” Pounder predicted. “I am expecting the UK government to come up with a bi-partisan agreement with the US that argues that the agreement is necessary to protect citizens travelling from the UK to the US. Then, it will sort out how to deal with the data later.”