By Maxime Lassalle
On 8 September 2016, Advocate General (AG) Mengozzi delivered his much awaited opinion on the agreement between Canada and the European Union on the transfer and processing of Passenger Name Record (PNR). It follows the European Parliament’s resolution seeking an Opinion from the Court of Justice of the European Union (CJEU) on the compatibility of the agreement with the Treaties. Even though the opinion concludes that the agreement has many loopholes, it could disappoint those who were expecting a strong condemnation of PNR schemes as such.
This blogpost intends to present the context of this procedure and the main elements of the AG’s opinion before analysing them. The question of the appropriate legal basis for the agreement, also raised by the Parliament, will not be addressed. However, before turning to the AG’s opinion, we need to briefly sketch the background of the proposed agreement.
Today, in the absence of a PNR agreement with the EU, Canadian authorities apply their own PNR system unilaterally to air carriers established in the European Union (EU) which provide flights to Canada. This means that air carriers have to transfer PNR data (para. 7 of the AG’s opinion) to the extent that it is collected and contained in their automated reservation systems and departure control systems (para. 19). According to the Commission, the adoption of PNR systems is necessary to balance the legitimacy of the requests for PNR data in the fight against terrorism and the need to protect personal data of EU citizens from abusive access. As a result of the Lisbon Treaty, the adoption of PNR agreements now also requires the consent of the European Parliament (EP) (Article 218(6)(a)(v) of the Treaty on the Functioning of the European Union (TFEU)), and it is no secret that the EP is quite reluctant to adopt data retention schemes.
For a long time the EP has been requesting the Commission to provide for evidence that PNR schemes are necessary and in particular that the processing of Advance Passenger Information (API) would not be sufficient to reach the same objective of fighting terrorism and serious crime (for example here and here). API are one of the 19 categories of PNR data and are limited to the identification of the travelers (name, date of birth, gender, citizenship, and travel document data) while PNR data encompass a much broader range of information (food habits, seating information etc.).
Nevertheless, the Commission ignored this request for evidence and proposed in 2013 a Council decision on the conclusion of a PNR agreement with Canada. This proposal was seriously criticized by the European Data Protection Supervisor (EDPS), also questioning the necessity of PNR schemes. Even though in the past, the Parliament had, albeit reluctantly, given its consent to similar PNR agreements (see the EU-US Agreement and the EU-Australia Agreement), this time it persisted and on 25 November 2014 it decided to refer the proposal on the agreement with Canada to the CJEU for it to assess the compatibility of this proposed agreement with the provisions of the TFEU and the Charter. Clearly, this move of the Parliament was inspired by the activism of the CJEU which had proved to be extremely demanding on the protection of personal data in the framework of the fight against terrorism in its famous Digital Rights Ireland case (DRI, commented on this blog).
The AG’s general considerations on PNR schemes
Let us now have a closer look at the (lengthy) opinion of the AG. Before analysing the agreement, the AG assesses the intrusiveness of the PNR schemes as such, in relation to the right to data protection and the right to privacy. PNR data consist of 19 categories of personal data including data which ‘might provide information concerning, in particular, the health of one or more passengers, their ethnic origin or their religious beliefs’ (para. 169). The processing of these data therefore constitutes an interference which is of a ‘considerable size’ and ‘a not insignificant gravity’ (para. 176). This system is ‘capable of giving the unfortunate impression that all the passengers concerned are transformed into potential suspects’ (para. 176). However, the interference does not reach a level where the essence of the fundamental rights is harmed, because the PNR data do not permit to draw precise conclusions concerning ‘the essence of the private life of the persons concerned’ (para. 186). To justify the interference caused by the processing of PNR data, PNR schemes, should be properly provided for by law, such as an EU agreement adopted by the Council and approved by the EP (paras. 191-192), and meet an objective of general interest, namely the objective of combatting terrorism and serious transnational crime (para. 194).
The AG’s general considerations on the standard to be applied to this unprecedented case
Following a classical reasoning on the assessment of the proportionality of the interference (see for example Schwarz, C‑291/12, para. 53), the AG explains that the proposed agreement ‘must also consist of the measures least harmful […] while making an effective contribution to the public security objective pursued by the agreement envisaged’. Provided that there are alternative measures which would be less intrusive, ‘those alternative measures must also be sufficiently effective’ in order to be considered as serious alternatives (para. 208). However, the definition of what is “sufficiently effective” is not given by the previous case law, neither that of the European Court of Human Rights (ECtHR) nor that of the CJEU. For the AG, the effectiveness of these alternative measures must ‘be comparable […] in order to attain the public security objective pursued by that agreement’ (para. 208). This standard of comparability is set by the AG himself. This was not evident as he could also have considered that less effective measures are still sufficiently effective. Requesting comparable effectiveness is a first. Usually in the reasoning, it is easy to decide whether there alternative measures are sufficiently effective or not (see for example Saint-Paul Luxembourg S.A. v. Luxembourg, para. 44). For measures of secret surveillance, it seems more difficult. The comparability criteria may be a way not to address a difficult question.
The AG acknowledges the ability of the interference to achieve the public security objective based on statistics communicated by the United Kingdom Government and the Commission concerning the Canadian authorities’ best practices (para. 205). Between April 2014 and March 2015, thanks to PNR data, 9,500 targets were identified, among them 1,765 persons were subjected to more thorough checks and 178 were arrested for a serious transnational criminal offence, connected in particular with drug trafficking (para. 262). However, the AG does not take into account that the statistics which were presented to the Court do not indicate the amount of data which was necessary to identify these targets. Moreover, one could note that according to the statistics no terrorist was identified, which is quite surprising for a scheme whose main purpose is precisely to identify people related to terrorism. The AG was obviously satisfied with the fact that PNR schemes are effective against organized crime.
The AG goes on addressing the specificity of PNR schemes, namely that it is their very nature to be based on profiling methods, by a comparison of the PNR data with scenarios or predetermined assessment criteria and that PNR data processing can lead to ‘false positive “targets” being identified’ (para. 255). This specificity of PNR schemes, which have never been assessed by the CJEU, made it necessary for the AG to detail the conditions under which PNR schemes could be considered as proportionate. In order to do so, he suggests to adapt a standard used by the ECtHR in Zakharov v. Russia, namely the standard of ‘reasonable suspicion’. For the AG, these procedures should manage to target ‘individuals who might be under a ‘reasonable suspicion’ of participating in terrorism or serious transnational crime’ (para. 256). The application of this standard is ambitious. Indeed, Judge Pinto de Albuquerque, in his dissenting opinion in Szabò and Vissy v. Hungary, had feared that this standard would be replaced by an ‘individual suspicion’, a lower standard, for surveillance measures whose purpose is to fight terrorism. However, this standard is used to limit the access to personal data by law enforcement authorities (an idea also present in the DRI case, para. 60-62). And yet the purpose of PNR schemes is not to create a pool of information available under strict conditions to law enforcement authorities, but to allow the Canadian competent authority, namely the Canada Border Services Agency, to use data mining procedures in order to discover new persons who were not previously suspected. Hence, the application of the standard of the ‘reasonable suspicion’ seems impossible as such: the limitation of the access to the data is not compatible with the idea, accepted by the AG, that PNR schemes need to process all the data that are available. The AG nevertheless tries to adapt the standard by proposing three principles. The first principle is that the assessment criteria used to analyse the PNR data should not ‘be based on an individual’s racial or ethnic origin, his political opinions, his religion or philosophical beliefs, his membership of a trade union, his health or his sexual orientation’ (para. 258). The AG obviously fears discriminatory measures based on the processing of PNR data. The second principle, which is in line with the new principles proposed by Directive 2016/680 (i.e., the new Directive on data protection for police and criminal justice sector) is that the result of the automatic processing of data must be examined by non-automatic means (para. 259). The third principle is that the functioning of the automatic means should be checked regularly by an independent public authority (para. 259).