The European Court of Justice has ruled that the 2014 EU-Canada passenger name record (PNR) agreement was "incompatible with the fundamental rights recognised by the EU," because the records ("names, travel dates, itineraries, ticket and contact details, travel agents and other information") were used for purposes "beyond what is strictly necessary for the prevention and detection of terrorist offences and serious transnational crime."
In other words: if you let mission-creep infect your data-sharing arrangement, the ECJ will kill it.
The ECJ hasn't ruled (yet) on the US-EU version of this agreement, but it has exactly the same structural problems as the Canadian deal, so don't expect it to hold up, either.
"The court declares that the agreement envisaged between the European Union and Canada on the transfer of Passenger Name Record data may not be concluded in its current form," the European Court of Justice said in a statement.
"Several of its provisions are incompatible with the fundamental rights recognised by the EU," the court said.
An adviser to the European Court of Justice said in September that the passenger name record (PNR) agreement with Canada, agreed in 2014, needed to be redrafted before it could be signed because it allowed authorities to use the data beyond what is strictly necessary for the prevention and detection of terrorist offences and serious transnational crime.
The EU also has a PNR agreement with the United States as well as an internal one, both of which could face challenges in light of Wednesday's ruling.
[Dan Alexe/New Europe]
(via Naked Capitalism)
(Image: Thomas Tolkien, CC-BY)