Download - Master Thesis final version
Master Thesis
Master of Information Law Jennifer Crama 10062122
[THANK YOU FOR FLYING BIG BROTHER AIRLINES] How do the new PNR-powers derived from the Agreement between Canada and the European Union on the transfer and processing of Passenger Name Record and the Directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime relate to the fundamental right to respect for private and family life contained in the ECHR and the Charter?
Page | 2
Abstract
Both the PNR-Directive and the PNR-Agreement make serious infringements on the right to
respect for private and family life.
It is not made easy for individuals to complain to the judicial authorities about this
infringement. This implies that either the government has a positive obligation to facilitate
this and to ensure better checks and balances, or that an individual must wait for the
implementation of the law in order to have the PNR-Agreement examined indirectly by a
domestic judge.
Both the PNR-Agreement and the PNR-Directive very broad in their scope, this leads to
serious privacy concerns and legal uncertainties. This in turn affects the well-being of
travelers who may feel like Big Brother is watching and out to get them, which could harm
his or her self-development as a human being and affect their choices.
In conclusion, the PNR-Agreement’s and the PNR-Directive’s relation to the fundamental
right to private and family life as laid down by article 8 ECHR and articles 7 and 8 of the
Charter is one of violation and contravention to all the criteria that have been set out to protect
that right by the ECJ and the ECtHR.
Page | 3
Table of Contents
Introduction p.5
Chapter 1: The Contents of the Agreement between Canada and the European Union
on the transfer and processing of Passenger Name Record (PNR-Agreement) p. 7
o 1.1. Introduction p. 7
o 1.2. Articles 1 through 10 p. 7
o 1.3. Articles 11 through 20 p. 9
o 1.4. Articles 21 through 30 and the Annex p. 10
o 1.5. Conclusion p. 11
Chapter 2: Does the European Court of Human Rights have the competence to
examine the PNR-Agreement in light of the fundamental rights of the ECHR and the
Charter? p. 12
o 2.1. Introduction p. 12
o 2.2. The European Court of Human Rights p. 12
o 2.3. Does the European Court of Human Rights have the competence to decide
on an Agreement between the EU and Canada when a complaint has been
based on the Charter? p. 13
o 2.4. Does the European Court of Human Rights have the competence to decide
on an Agreement between the EU and Canada when a complaint has been
based on the ECHR? p. 13
2.4.1. Implementation of the Agreement p. 14
2.4.2. Positive obligations p. 14
o 2.5. Conclusion p. 17
Chapter 3: What relevant privacy-aspects are being interfered with by the PNR-
Agreement and is this justifiable? p. 18
o 3.1. Introduction p. 18
o 3.2. Convention for the protection of individuals with regard to automatic
processing of personal data (Convention 108) p. 18
o 3.3. European Convention on Human Rights (ECHR) p. 19
3.3.1. The right to one’s reputation p. 19
3.3.2. Collection of personal data and access p. 20
3.3.3. The right to private and confidential information p. 21
3.3.4. The right not to be subject to unlawful surveillance p. 22
o 3.4. Charter of fundamental rights of the European Union (the Charter) p. 22
3.4.1. Right to respect for private and family life p. 23
3.4.2. Right to protection of personal data p. 23
o 3.5. Justification p. 24
3.5.1. Provided by law p. 24
3.5.1.a. Consequences must be foreseeable p. 24
3.5.1.b. Application to the PNR-Agreement p. 26
o 3.6. Necessary in a democratic society p. 28
3.6.1. Case law concerning secret surveillance p. 28
3.6.2. Digital Rights Ireland-case p. 30
Page | 4
3.6.3. Application to the PNR-Agreement p. 33
o 3.7. Conclusion p. 35
Chapter 4: What are the relevant differences between the PNR-Directive and the PNR-
Agreement between Canada and the European Union? p. 37
o 4.1. Introduction p. 37
o 4.2. The relevant differences p. 37
o 4.3. Conclusion p. 40
Chapter 5: How do the differences influence the examination of the PNR-Directive in
light of the fundamental right to privacy in the ECHR and the Charter? p. 41
o 5.1. Introduction p. 41
o 5.2. Examination of the possible influence of the differences p. 41
o 5.3.Extended PNR in relation to air carriers and third party businesses p. 43
o 5.4. Conclusion p. 44
Chapter 6: Conclusion p. 46
List of sources and references p. 47
Page | 5
Introduction
“Just relax, enjoy the promise of technology, and stop worrying about Big Brother.
Realistically, he’s been ass-raping you for years, and apparently he’s not sufficiently
endowed for you to have noticed. I don’t see that situation changing.”
-Scott Adams
Passenger Name Record (PNR) was originally brought into existence to facilitate passengers
getting from point A to point B through interconnecting flights. PNR is nothing new; PNR-
Agreements between the European Union and other countries have existed for many years.
Nowadays, governments see PNR as a profiling tool that uses algorithms to determine who is
likely to pose a terrorist threat according to patterns created by mixing different types of
passenger data. This data is obtained when a traveler books a flight.
Especially in light of the current climate of fear that surrounds us, governments want to
collect as much data about individuals as possible in order to prevent the next Brussels-like or
9/11 attack.
Creating lists of people with similar characteristics may seem useful to law enforcement
purposes, however it remains an educated guess as to whether or not that person is in fact a
threat. It has happened in the past that PNR has produced mismatched results, the most
notorious case being Maher Arar. This case involves a Canadian citizen who was flying back
to Canada after visiting family in Tunisia. He was detained by American authorities,
transferred secretly to Syria and tortured for a year until they realized they had made a
mistake.
America was one of the first countries to negotiate for more intrusive PNR-data collection and
there is a pilot Agreement between Canada and the European Union and an internal PNR-
Directive has been proposed. Both these legislative texts call for more and more data
collection in order to maximize the chances of prevention. The governments of the European
Union and the rest of the world are endowing themselves in such a way that we may start
noticing the infringement on our private lives.
The European Parliament made a referral to the European Court of Justice on the 25th
of
November regarding the PNR-Agreement pilot. On the 5th
of April 2016 a preliminary
hearing took place to decide on this referral and in September of this same year the Attorney
General is expected to give his advice on the content of the PNR-Agreement. The Greens feel
the legislative text of the PNR-Agreement will not hold up against even the general privacy
and data protection requirements of the European Union. In the ECJ’s judgment is damning to
the PNR-Agreement, this will also have direct consequences for the European Commission’s
PNR-Directive that has been on the table since 2011 and has finally elicited the possibility of
a vote due to these turbulent times.
Considering the way the European Parliament and the European Commission appear to be at
odds with one another and the approved referral to the ECJ regarding the PNR-Agreement, it
has led me to the following question:
Page | 6
“How do the new PNR-powers derived from the Agreement between Canada and the
European Union on the transfer and processing of Passenger Name Record and the proposed
Directive of the European Parliament and of the Council on the use of Passenger Name
Record data for the prevention, detection, investigation and prosecution of terrorist offences
and serious crime relate to the fundamental right to respect for private and family life
contained in the ECHR and the Charter?”.
This question will first be answered by explaining which judicial body of the European Union
has the competence to judge the case under the ECHR. Then there will be an examination of
which privacy aspects are being interfered with and whether or not this interference can be
justified. After that, the relevant differences between the PNR-Directive and the PNR-
Agreement will be looked at. And finally, the influence these differences may have on the
earlier examination of the interfered privacy-aspects will be surveyed.
Page | 7
Chapter 1: The Contents of the Agreement between Canada and the European Union on
the transfer and processing of Passenger Name Record (PNR-Agreement)
1.1. Introduction
The preamble of the PNR-Agreement states the goals, ambitions and common ground
between Canada and the European Union. Both parties recognize the need to share
information as a crucial element in the fight against terrorism and that PNR-data is critically
important for achieving the goals of the PNR-Agreement.
It continues to stipulate that this PNR-Agreement is not meant for Advance Passenger
Information, which is applied to border control measures, and that this is a pilot to examine
the feasibility for similar Agreements in the Marine Mode.
It closes with both parties reaffirming their commitment to what has been laid down in the
provisions of the PNR-Agreement and the recognition of the importance of data sharing. The
parties also note that this Agreement is not meant to set a precedent for any future
arrangements, but that they are committed to the further development of international
standards for the processing of PNR-data.
This immediately sets the tone for the rest of the PNR-Agreement, namely that is it meant as a
cooperative document where both parties have a common goal: to fight terrorism by
collecting and sharing data between them.
This Chapter seeks to summarize the provisions of the Agreement between Canada and the
European Union on the transfer and processing of Passenger Name Record (PNR-
Agreement). Provisions that are important to this thesis will be highlighted so that later
reference does not lead to confusion.
1.2. Articles 1 through 10
Article 1 of the PNR-Agreement restates the goal discussed earlier in the preamble and article
2 gives definitions for terms that are used. It defines air carrier, Passenger Name Record
Data (PNR data), processing, Canadian Competent Authority and sensitive data. Most of
these definitions are similar to those laid down in European law, there are two that require
explicit mention for the purposes of this thesis namely: PNR-data and Canadian Competent
Authority.
The definition of PNR-data refers to records created by the air carriers for each journey
booked by or on behalf of any passenger. It references the Annex for those who wish to see
specifically what data elements would be used.
The Canadian Competent Authority is defined as the authority responsible for receiving and
processing the PNR-data.
Article 3 seeks to specify what and when the collected data will be used. It states that use of
the data will be made “(…) strictly for the purpose of preventing, detecting, investigating or
Page | 8
prosecuting terrorist offences or serious transnational crime”. Terrorist offence is then
defined as:
“(a) an act or omission that is committed for a political, religious or ideological purpose,
objective or cause with the intention of intimidating the public with regard to its security,
including its economic security, or with the intention of compelling a person, government or
domestic or international organization to do or refrain from doing any act, and that
intentionally:
(i) causes death or serious bodily harm;
(ii) endangers an individual’s life;
(iii) causes a serious risk to the health or safety of the public;
(iv) causes substantial property damage likely to result in the harm referred to in (i) to (iii);
or
(v) causes serious interference with or serious disruption of an essential service, facility or
system, other than as a result of lawful or unlawful advocacy, protest, dissent or stoppage of
work, such as a strike, that is not intended to result in the harm referred to in (i) to (iii); or
(…)”.
It goes on to state that the PNR-Agreement also applies to offences that fall under the scope of
applicable international conventions and protocols that relate to terrorism1, knowing
participation or benefaction and the direct/indirect collection of resources (financial, services
or property), threatening/attempting/conspiring/facilitating/instructing or counseling to carry
out an act as described earlier.
Article 3 then goes on to describe “terrorist entity” as follows:
“(i) a person, a group, or an organization that has as one of its purposes or activities
facilitating or carrying out an act or omission described in (a) or (b); or
(ii) a person, a group, or an organization that knowingly acts on behalf of, at the direction of
or in association with such a person, group or organization in (i).”
Article 3 then defines “serious transnational crime” as any offence punishable in Canada by a
maximum deprivation of liberty of at least 4 years or a more severe penalty.2 A crime is
transnational in nature when it is committed in more than one country or any variation
thereof.3 Lastly, it states in what exceptional cases the Canadian Competent Authority is
allowed to process PNR-data to protect the vital interests of any individual (e.g. in cases of a
risk of death or serious injury) and that processing may also take place on a case-by-case basis
for accountability purposes or to comply with a judicial request (e.g. a subpoena).4
Article 4 is dedicated to ensuring that PNR-data is provided. The European Union must
ensure that the air carriers can transfer the PNR-data. This transfer will be done through
1 PNR-agreement article 3 (b).
2 PNR-agreement article 3 paragraph 3.
3 PNR-agreement article 3 paragraph 3 (a)-(e).
4PNR-agreement article 3 paragraph 4 (a)-(b) and paragraph 5 (a)-(b).
Page | 9
authorized agents that act on behalf of and under the responsibility of the air carriers.5 Canada
has the obligation to delete any data that is not part of any of the element listed in the Annex.6
Article 5 relates the adequacy of the level of protection for the transferred data in Canada,
thereby stating compliance with existing EU data protection laws.
Article 6 states when Canada will share data with police and judicial authorities. Europol,
Eurojust, the police and judicial authorities of a Member State are explicitly named. Relevant
and appropriate information will be shared as soon as practicable in accordance with
agreements and arrangements that Canada has with Member States and Europol and Eurojust.
Information will also be provided at the request of these authorities for specific investigations
to prevent/detect/investigate or prosecute terrorist offences within the European Union.
Article 7 states that all safeguards apply to all passengers equally without unlawful
discrimination taking place.
Article 8 allows Canada to collect and use sensitive data. Sensitive data is masked by using
automated systems and in accordance with paragraphs 3,4 and 5. Sensitive data can be
processed when it is indispensable because an individual’s life is in danger or if there is a risk
for serious injury.7 The processing must be approved by the Head of the Canadian Competent
Authority, has to be carried out by a specifically and individually authorized individual and
once the data has been unmasked it cannot be processed through automated systems.8 Canada
must delete the sensitive data no later than 15 days after they receive it, unless there are
extenuating circumstances that require a longer retention period.9 Canada must give notice of
the processing to the European Union at their earliest convenience, this too will happen in
accordance with agreements and arrangements with the Member States.10
Articles 9 and 10 concern data security and integrity, and oversight. These two articles aim to
set up protocols for the Canadian Competent Authority to follow in regards to regulatory,
procedural or technical measures to protect the PNR-data against accidental/unlawful or
unauthorized access, processing or loss and accountability for when it does happen.
1.3. Articles 11 through 20
Articles 11-14 concern transparency and the rights of data subjects. The Canadian Competent
Authority has to publish information regarding the collection of PNR-data on their website
and both the European Union and Canada need to work with interested parties to ensure this
information is provided to passengers, preferably at the time of booking.11
Individuals have
access to their data if they make a written request. Canada can deny this request based on
reasonable legal requirements.12
Individuals can correct or have annotations placed on the
5 PNR-agreement article 4 paragraph 4.
6 PNR-agreement article 4 paragraph 3.
7 PNR-agreement article 8 paragraph 3.
8 PNR-agreement article 8 paragraph 4 (a)-(c).
9 PNR-agreement article 8 paragraph 5 jo. article 16 paragraph 5.
10 PNR-agreement article 8 paragraph 6.
11 PNR-agreement article 11 paragraphs 1 to 2.
12 PNR-agreement article 12 paragraphs 1 -3.
Page | 10
information, this can also be refused by the Canadian Competent Authority.13
Lastly,
individuals have the right to administrative and judicial redress under Canadian law.14
Article 15 concerns decisions based on automated processing and states the following:
“Canada shall not take any decisions significantly adversely affecting a passenger solely on
the basis of automated processing of PNR data.”
Article 16 concerns the retention of the PNR-data. The retention period is 5 years and the data
will be depersonalized after 30 days. After another two years the data will be depersonalized
further. Data can be retained for an extra two years after the 5 year period for specific
investigations and accountability. After the retention period the PNR-data will get
destroyed.15
Articles 17 to 20 concern the logging and documenting of PNR data processing, disclosure
within and outside of Canada and the method of transfer. In regards to the disclosure within
Canada article 18 states that this only happens when certain conditions have been met. The
transfer can only take place when the authority or the purposes are related to article 3, on a
case by case basis and only if a minimum of PNR-data is disclosed.16
These same conditions
apply to disclosure outside of Canada, with article 19 explicitly stating that transfers to third
countries outside of the European Union when that country can guarantee adequate safeguards
to the same standards as the European Union.17
1.4. Articles 21 through 30 and the Annex
Article 21 states that the transfers must take place frequently (with a maximum of 5 times for
a particular flight) with the earliest moment in time being 72 hours before the scheduled
departure. The Canadian Competent Authority must inform the air carriers of the specified
times for the transfers and the Canadian Competent Authority can require them to send data at
different intervals of the scheduled transfers.18
Articles 22 to 24 concern the retroactive character of the PNR-Agreement to data that was
already in Canada at the time it comes into force, the parties recognizing that when the EU
adopts its own PNR-data processing regime the Agreement will be amended to ensure full
reciprocity and non-derogation.
Articles 25-27 relate to procedural obligations on the parties in regards to the PNR-
Agreement, such as dispute resolution, amendments and suspension/termination of the
Agreement.
Articles 28-30 are about the duration of the Agreement (a period of 7 years), the territorial
application (the territory in which the Treaty on European Union and the Treaty on the
13
PNR-agreement article 13 paragraphs 1-2. 14
PNR-agreement article 14 paragraphs 1-2. 15
PNR-agreement article 16 paragraphs 1-6. 16
PNR-agreement article 18 paragraph 1 (a)-(f). 17
PNR-agreement article 19 paragraphs 1-3. 18
PNR-agreement article 21 paragraphs 1-3.
Page | 11
Functioning of the European Union are applicable and the territory of Canada) and the final
provisions which state that both parties will notify each other when they have completed the
necessary procedures (e.g. such as appointing the Canadian Competent Authority).
The Annex contains the categories of data that can be collected under the PNR-Agreement.
These categories are as follows:
“1. PNR locator code; 2. Date of reservation/issue of ticket; 3. Date(s) of intended travel; 4.
Name(s); 5. Available frequent flyer and benefit information (free tickets, upgrades, etc.); 6.
Other names on PNR, including number of travelers on PNR; 7. All available contact
information (including originator information); 8. All available payment/billing information
(not including other transaction details linked to a credit card or account and not connected
to the travel transaction); 9. Travel itinerary for specific PNR; 10. Travel agency/travel
agent; 11. Code share information; 12. Split/divided information; 13. Travel status of
passenger (including confirmations and check-in status); 14. Ticketing information, including
ticket number, one way tickets and Automated Ticket Fare Quote; 15. All baggage
information; 16. Seat information, including seat number; 17. General remarks including
Other Supplementary Information (OSI), Special Service Information (SSI) and Special
Service Request (SSR) information; 18. Any Advance Passenger Information (API) collected
for reservation purposes; 19. All historical changes to the PNR data listed in numbers (1) to
(18).”
1.5. Conclusion
The PNR-Agreement between Canada and the European Union is aimed at collecting data in
order to help investigate and prevent terrorism and transnational crime.
Several provisions relate to the kind of data that can be collected and the categories of people
and offences that are subject of the PNR-Agreement.
The PNR-Agreement foresees in data security in 12 of its provisions. These provisions cover
the adequacy of data, the use of sensitive data, data security and integrity, oversight,
transparency, access for individuals, correction or annotation for individuals, administrative
and judicial redress, decisions based on automated processing, the retention of PNR-data,
conditions for logging and documenting of PNR-data processing and the disclosure in- and
outside of Canada.
Whether or not these provisions can help justify the interference with the fundamental right to
privacy will be examined in chapter 3.
Page | 12
Chapter 2: Does the ECtHR have the competence to examine the Agreement in light of
the fundamental rights of the ECHR and the EU Charter?
2.1. Introduction
The fundamental right to privacy can be found both in article 8 European Convention on
Human Rights (ECHR) and articles 7 and 8 of the Charter of Fundamental Rights of the
European Union (the Charter). Article 7 of the Charter contains the fundamental right to
Respect for Private and Family life, whereas article 8 of the Charter contains the right to
Protection of Personal Data. This last right cannot be found in the ECHR.
In order to lodge a complaint based on these articles at the European Court of Human Rights
it must first be established that this court has the competence to examine the Agreement. For
this to be the case, certain requirements must be met.
In this chapter the necessary requirements to lodge a complaint will first be surveyed. Then
the possibility of lodging a complaint based on the Charter will be discussed. After this,
alternate ways of complaining to the European Court of Human Rights relating to the specific
facts of the PNR-Agreement between Europe and Canada based on the ECHR will be
examined.
2.2. The European Court of Human Rights (ECtHR)
The European Court of Human Rights (ECtHR) is a part of the body of the Council of Europe
and avails itself to complaints from individuals, groups, organizations and countries against a
Member State about the violation of one or more of the fundamental rights from the European
Convention on Human Rights (ECHR).
Before a complaint can be processed by the ECtHR, it has to adhere to the following criteria:
1. The complainant must have been affected directly and personally by the violation of a
fundamental right of the ECHR or one of its protocols;
2. The complaint must be aimed at a public institution (being the lawmaker,
administrative government or judicial body);
3. All domestic remedies must have been exhausted;
4. The complaint must have been filed within six months after the final decision of the
highest domestic court.
After these criteria have been met, the Court will assess the complaint as follows:
Firstly, it is necessary to assess whether or not the complaint falls within the scope of article 8
ECHR. It is up to the applicant to characterize the /interest which he or she seeks to protect
and to advance it before the Court in its understanding of article 8 paragraph 1 ECHR. The
four concepts laid down in article 8 ECHR have not been solidly defined by the ECtHR. It has
avoided laying down specific rules as to their interpretation. Hence, the assessment takes
place on a case by case basis, which gives these concepts an autonomous meaning.
Page | 13
Secondly, there has to have been an interference with the fundamental right in article 8
ECHR. Again, it is for the applicant to establish the interference with this right. In Klass and
others v. Germany, the Court had adjudged and declared that, in certain cases, the mere
existence of legislation constitutes an interference with the right to privacy from article 8
ECHR for the individual.19
From the Campbell v. the United Kingdom judgment it can be
inferred that where the applicant cannot establish the certainty of the material damage which
would constitute the interference, it will be sufficient if he can demonstrate the likelihood that
the interference has occurred.20
Lastly, the interference can be in accordance with the law and necessary in a democratic
society and be justified. This will be discussed at length in the next chapter.
If these criteria have been met, the case will be admissible and examined by the European
Court of Human Rights, after which a decision will follow. The ECtHR’s decisions are
binding for the Member States involved and final.
In this case, the complaint would be lodged against the PNR-Agreement between the
European Union and Canada. This complaint would be based on article 8 ECHR and could be
based on articles 7 and 8 of the Charter.
2.3. Does the European Court of Human Rights have the competence to decide on an
Agreement between the European Union and Canada when a complaint has been based
on the European Charter of Fundamental Rights?
The EU Charter protects both individuals and legal entities against actions undertaken by the
European Union’s institutions that violate fundamental rights. When this is the case, the
competence of the European Court of Justice (ECJ) prevails over that of the ECtHR.
When the government of a Member State violates the EU Charter during the implementation
of EU law, it is up to the national judges to ensure that the Charter is respected. This happens
under the guidance of the ECJ.
The ECtHR will not find itself competent to assess complaints based on the Charter, since
they do not judge the implementation of laws. They only concern themselves with whether or
not the implementation of a law has caused an interference with a fundamental right.
Thus, one can conclude that the ECtHR does not have the competence to decide on the PNR-
Agreement between the European Union and Canada when a complaint has been based on the
Charter.
2.4 Does the European Court of Human Rights have the competence to decide on an
Agreement between the European Union and Canada when a complaint has been based
on the ECHR?
19
ECtHR 6 September 1978, no. 5029/71 (Klass and others v. Germany), para. 33. 20
ECtHR, 25 March 1992, no. 13590/88 (Campbell v. the United Kingdom).
Page | 14
The PNR-Agreement between the European Union and Canada states that the air-carriers are
responsible for the export of data to the Canadian Competent Authority and that it is up to the
EU to ensure that they are not prevented from doing so.21
A problem that relates to this chapter is that the European Union is cannot accede to the
European Convention on Human Rights (ECHR), because it cannot be considered a State
(which is a core requirement to be a party to the ECHR).22
This makes stepping up to the
ECtHR impossible since they cannot be held accountable for creating legislation that is in
contradiction to the ECHR, because they aren’t party to it. It requires complainants to wait for
the law to have been implemented in the national legislation.
Another problem is article 4 paragraph 4, which states that these transfers may be overseen by
authorized agents, who would act on behalf of and under the responsibility of the air carriers.
These authorized agents must adhere to the conditions laid down in the PNR-Agreement. One
can conclude that these agents are not of a government body, but rather a part of the legal
entity of the air carrier.
This complicates matters in regards to the competence of the ECtHR since the government
does directly involve itself in the export of the PNR-data. However, there are two ways in
which the ECtHR can consider complaints made based on the ECHR, namely if the complaint
has been filed against the government for failing to act on the positive obligations derived
from article 8 ECHR and through the implementation process of the Agreement itself.
2.4.1. Implementation of the Agreement
An Agreement must be carried out by the Member State, through legislation, oftentimes on a
national level. This requires the Member State to transform the international Agreement into
national law.
When the PNR-Agreement has been implemented into national law, it would become a formal
law that allows it to become subject of examination by the courts. They can examine whether
or not this legislation contravenes the fundamental rights as laid down in the ECHR.
This leads to an indirect examination of whether the PNR-Agreement in relation to the ECHR.
Of course, this approach would require the national legislator to give proper execution to what
is written in the PNR-Agreement in order for an examination of the Agreement to take place
and the ECtHR to be the competent authority.
However, it is possible that national legislation differs from what has originally been laid
down in the Agreement. In this case an individual could complain to the courts about the
improper execution of the Agreement and go to the ECtHR.
2.4.2. Positive obligations
21
Article 4 (1) of the Agreement between Canada and the European Union on the transfer and processing of
Passenger Name Record. 22
Court of Justice of the European Union Press Release No. 180/14, Luxembourg 18 December 2014.
Page | 15
While article 8 ECHR’s essential objective is to ‘protect the individual against arbitrary
action by the public authorities’, the ECtHR in Kroon vs. the Netherlands held that there may
inherently be a positive obligation for governments to effectively respect the values contained
in the article.23
In other words, the State has to, on occasion, take affirmative action to respect
the wide range of personal interests set out in the provision.
In the case of X&Y vs. the Netherlands the ECtHR held that:
“[Article 8] does not merely compel the state to abstain from (…) interference: in addition to
this primarily negative undertaking, there may be positive obligations inherent in an effective
respect for private and family life (…) These obligations may involve the adoption of
measures designed to secure respect for private life even in the sphere of the relations of
individuals between themselves.”24
It remains difficult to identify the circumstances in which these positive obligations are
required of the national governments. This is due to the idea that the notion of ‘respect’ does
not adhere to a single definition, since conditions and circumstances in the Member States
vary greatly. A wide margin of appreciation has thus been afforded to the Member States to
decide what ‘respect’ requires in the circumstances of a particular application.
According to the ECtHR’s current case law surrounding this topic, whether or not a positive
obligation exists is dependent on whether or not a fair balance has been struck between the
general interest of the community and the interests of the individual.25
The Court can find that the application of article 8 paragraph 2 ECHR can be sufficient in
certain cases, therefore not creating a new positive obligation for the government. The
difference between the application of paragraph 2 and the creation of a positive obligation are
relevant, because the examination of the former differs greatly from the latter. Paragraph 2
makes it necessary to strike a balance between a right that has already been established and
the offsetting interests the State seeks to protect. So for the Court to consider that the Member
State needs to act affirmatively, the individual must show that his or her interests overrule
those of the general community.
An example of this can be found in Marckx vs. Belgium, where the Court found that respect
for family life between an unmarried mother and her child placed a positive obligation on the
State to adopt measures designed to ensure the child’s integration into his/her family from the
moment of birth.26
In this case the government had a positive obligation placed upon them,
because the disadvantage endured by the unmarried mother and her daughter was greater in
comparison to the interests of the State to protect family based marriages.
The content of the positive obligation is dependent on the margin of appreciation a State
enjoys with regards to the interest at stake and the fundamental rights in question. In the case
of X&Y v. the Netherlands, the ECtHR deemed the State to be entitled to a wide margin of
23
ECtHR, 27 October 1994, no. 18535/91 (Kroon v. the Netherlands), para. 31. 24
ECtHR, 26 March 1985, no. 8978/80 ( X&Y v. the Netherlands), para.23. 25
For example: ECtHR, 7 July 1989, no. 10454/83 (Gaskin v. the United Kingdom), para. 42. 26
ECtHR 13 June 1978, no. 6833/74 (Marckx v. Belgium),para. 31.
Page | 16
appreciation when it came to the respect for family life, whereas in Marckx v. Belgium it was
deemed appropriate for the State to enjoy a narrow margin of appreciation. This means the
difference created in regards to the content of the positive obligation, is that a wide margin of
appreciation requires a government to take less action in order to fulfill and satisfy article 8.
One can assume, that it does not lie beyond the scope of imagination that an individual can
feel directly affected by the PNR-Agreement between Canada and Europe. That this
complainant has exhausted all domestic remedies in order to find protection of his or her
fundamental right under article 8 ECHR, but has found themselves stuck due to the fact that
the government has no involvement in the data-collection and export for PNR-purposes, only
to then turn to the ECtHR to ascertain whether or not it is necessary to create a positive
obligation for this government.
This makes it possible to allow the ECtHR to have the competence to judge a case under this
Agreement and place a positive obligation on the Member State.
This obligation could mean that Member States will have to install an independent body to
review the data before it’s transferred to Canada. Both the ECJ and the ECtHR have stated
many times that Member States are required to set up one or more public authorities who’ll
have the responsibility to monitor compliance with EU legislation. In many cases both Courts
have stated a preference for this independent body to be a judge who performs a judicial
review.27
In the Schrems-case the ECJ went as far as to state:
“(…) The very existence of effective judicial review designed to ensure compliance with
provisions of EU law is inherent to the existence of the rule of law (…).”28
Working Party 29 (WP29) recently reiterated the need for independent oversight mechanisms
when it concerns intelligence activities in its opinion on the new Privacy Shield-Agreement
between the European Commission and the United States of America. WP 29 stated in its
opinion that this mechanism must both be effective and impartial and must have sufficient
abilities to carry out any necessary checks.29
In that same opinion WP 29 expressly mentions
the need for the independent oversight body to be able to coordinate with different
government and intelligence agencies and private parties. The independent body or
mechanism would also need to have the ability to impose measures of punishment in the case
of a violation.30
When considering earlier case-law by both Courts, it does not seem unlikely that the positive
obligation would entail the requirement of prior review of the data by an independent body in
order to ascertain whether it is necessary to guarantee the respect for the fundamental rights
and compliant with the rules laid down in the PNR-Agreement.
27
Most recently: ECtHR, 06 June 2016, no. 37138/14 (Szabó and Vissy v. Hungary), paras. 81 and 195-204. 28
ECJ, 06 October 2015, C-362/14, ECLI:EU:C:2015:650, para. 95. 29
Working Party 29, Opinion 01/2016 on the EU-US Privacy Shield draft adequacy decision, 13 April 2016, p. 11. 30
Working Party 29, Opinion 01/2016 on the EU-US Privacy Shield draft adequacy decision, 13 April 2016, p. 46-57.
Page | 17
The consequences of such a positive obligation are that Member States will be required to
take operational steps in order to secure the fundamental right to privacy of individuals living
within their borders. They will have to ensure the abovementioned independent instrument or
be found to have violated European law based on the Court’s decision. A violation would
open the government up to liability at which point they will still have to comply with the
positive obligation.
2.5 Conclusion
In conclusion, there are many individual requirements that need to be addressed before one
can complain to the ECtHR. The stumbling block for a complainant can be found at where
their complaint should be aimed, since the PNR-Agreement between Canada and the
European Union appears to exclude government involvement when in regards to data-
exportation in article 4 paragraph 4.
The ECtHR only has the competence to assess complaints made based on the ECHR, so a
complainant who bases his claim on the Charter can only direct himself towards the ECJ.
Due to the abovementioned non-involvement by the State it is impossible, or at the very least
difficult, to lodge a complaint against a government institution and to fill that requirement.
However, there are two cases in which the ECtHR could still be competent to consider
complaints made by individuals under article 8 ECHR.
Firstly, the PNR-Agreement can be indirectly examined by the Court through a complaint
aimed at the implemented legislation by the Member State. This way the courts and the
EctHR can assess whether or not the implemented legislation contravenes the fundamental
right to privacy in article 8 ECHR.
Secondly, the Court could have competence to assess a complaint if it finds that the State has
a positive obligation to take action in order to ensure the fundamental right of the ECHR. The
amount of action the Member State has to take depends on the margin of appreciation they
enjoy.
Page | 18
Chapter 3: What relevant privacy-aspects are being interfered with by the PNR-
Agreement and is this interference justifiable?
3.1. Introduction
The PNR-Agreement exists to collect data from travelers and to process this for investigative
purposes. This could lead to interference with an individual’s right to a private life as secured
by article 8 ECHR, and articles 7 and 8 of the Charter.
In this chapter there will be an examination of the different laws ensuring privacy within the
European Union and the different aspects associated with it. Then, there will be an analysis of
whether or not the PNR-Agreement interferes with these rights and how this is the case.
Finally in this chapter, we will look at whether a Member State can justify the interference.
3.2. Convention for the Protection of Individuals with regard to Automatic Processing of
Personal data (Convention 108)
Council of Europe Convention 108 protects individuals from the abuses which may go hand
in hand with the collection and processing of personal data and regulates cross-border data
flows. It sets out principles for fair and lawful collection and tries to ensure the processing of
stored data only happens for specified and legitimate purposes. These cannot be incompatible
with the original purposes or stored for a longer period than necessary.
These principles also relate to the quality of the data, data accuracy, the informing of the data
subjects and those subjects’ right of access and information. The data must be adequate,
relevant and should adhere to the principle of proportionality.
The ECtHR has referred to Convention 108 on several occasions when interpreting the
concept of private life. The ECtHR has advocated for a non-restrictive interpretation of
‘private life’ and case-law has shown that it encompasses the individual’s right to establish
and develop relationships with other human beings, not excluding business contexts. Thus the
ECtHR highlights that its view is in concordance with Convention 108.31
Emphasis of this concordance is also found in regards to the concept of ‘public information’.
Both the ECtHR and Convention 108 agree it can fall within the scope of ‘private life’. This is
the case, where information of a public nature is systematically collected and stored in files
held by the authorities.32
The ECtHR has also referred to article 6 of Convention 108 when it stated that an individual’s
ethnic identity must be regarded as an important element of his or her private life, specifically
where racial origin (along with other sensitive information about the individual) is revealed.
31
For example: ECtHR 16 February 2000, no. 27798/95 (Amann v. Switzerland), ECtHR, 4 May 2000, no.
28341/95 (Rotaru v. Romania) and ECtHR 27 October 2009, no. 21737/03 (Haralambie v. Romania). 32
ECtHR 27 October 2009, no. 21737/03 (Haralambie v. Romania),ECtHR 18 November 2008 (Cemalettin
Canli v. Turkey).
Page | 19
In such a case, it falls within the special category of data which cannot be processed unless
appropriate safeguards are provided.33
In conclusion, the ECtHR does not mean for the term ‘private life’ to have an exhaustive
interpretation, especially in the age of digitized bulkdata-collection and automated processing.
3.3. European Convention on Human Rights (ECHR)
Article 8 of the ECHR states the following:
“(1) Everyone has the right to respect for his private and family life, his home and his
correspondence.
(2) There shall be no interference by a public authority with the exercise of this right except
such as is in accordance with the law and is necessary in a democratic society in the interest
of national security, public safety or the economic well-being of the country, for the
prevention of disorder or crime, for the protection of health or morals, or for the protection of
the rights and freedoms of others.”
The ECtHR has diluted many different aspects inherent to this right in its case-law. The most
relevant of aspects in regards to the PNR-Agreement will be discussed below.
3.3.1. The Right to One’s reputation
The right to reputation is not explicitly stated in article 8 ECHR, this right is oftentimes
brought up alongside the right to freedom of expression considering most of the case-law in
this area concerns defamation.
The right to reputation was officially linked to article 8 ECHR in the case of Pfeiffer v.
Austria, where the ECtHR stated the following:
“a person’s right to protection of his or her reputation is encompassed by article 8 as being
part of the right to respect for private life”.
Karakó and Polanco Torres give a clear direction of where the ECtHR is heading with the
right to reputation. From these cases one can see that a right to reputation does exist, but only
when the publication in question compromises the personal integrity of the person concerned.
Unfortunately, as of yet, there is no clarity when this threshold is met. This will have to be
revealed in subsequent case-law.
The right to reputation has not yet been applied outside of a conflict relating to article 10
ECHR (Freedom of Expression). However, it could be applicable in this instance.
The PNR-Agreement has been written to have a very broad scope under which data can be
collected. This could lead to false positives in results obtained through PNR and have people
facing prosecution or denial of services without just cause.34
33
ECtHR 4 December 2008, nos. 30562/04 and 30566/04 (S. And Marper v. the United Kingdom). 34
For example: article 3 in conjunction with the Annex.
Page | 20
The reason this could relate to the right to reputation is that such an occurrence could do
damage to this right. For example, a man (A.) of Islamic faith has to go on a business trip for
his employer. He openly supports the activist group PETA and is part of a political party that
has strong views on what must be done against the discrimination of Muslims in the country
where he lives. When his employer attempts to book the ticket for the trip, he is told that (A.)
is not allowed to fly, because he is on the no-fly list. Or, in the case where the employer is in
fact able to book the ticket, (A.) gets publicly apprehended at the airport or the border control
because his PNR has lead authorities to believe he may be a threat.
This could damage (A.)’s reputation not only in the eyes of many strangers, but also his
employer and could have far reaching consequences effectively ruining his reputation.
This could lead to interference with the right to reputation and also with article 8 ECHR.
3.3.2. Collection of personal data and access
PNR entails the collection and processing of data. This data is personal data, since it carries
the identity of a person or could be used to identify a person behind the data.35
The Annex contains a list of open categories of data that can be collected. This invites bulk
collection of data especially since the definitions of the reasons for collecting this data are not
very specific about the goal. Article 3 is very vague and broad in its scope since it must be
read in combination with the Annex. The Annex does not give any definition of what specific
categories of data can be collected and how far reaching they are.
Bulk data, the same way as Dig Data, concerns the visualization of correlations. Specific
patterns which could have a meaning within the context for which they have been gathered.
This is not the same as the collection of causal links and in many cases it isn’t inherently
apparent why certain correlations exist. This is due to the fact that the causality has yet to be
determined.
The collection of bulk data for the detection of possible terrorist threats can be seen as a black
box, it states many characteristics that correlate to a certain result, but it does not explain the
result. This in itself is problematic, because it can lead to unexpected results and wrong
conclusions when analyzed.
A proper analogy for this is given by Gerrit Jan Zwenne in his 2015 article.36
He describes
Big Data in his article as follows:
“(…) The pictured elephant could just as well be a metaphor for Big Data; an alarmingly
large animal which never forgets and forms a big risk for the porcelain and other knick-
knacks we care for”.37
35
Article 2 (a) of Directive 95/47/EC. 36
G.J. Zwenne, ‘De onbestaanbare olifant: gedachten over Big Data en de Privacywet’, Internetrecht 2015, p. 142-147. 37
G.J. Zwenne, ‘De onbestaanbare olifant: gedachten over Big Data en de Privacywet’, Internetrecht 2015, p. 145.
Page | 21
In the article Mr. Zwenne has included the picture of an elephant with an undeterminable
number of legs, making it hard to decide which legs are really there and which legs are not.
The same analogy can be made for bulk collection of PNR-data for intelligence purposes.
The Canadian Competent Authority will mask the data 30 days after the data has been
received. For further depersonalization another two years must pass.38
Anonymization of data
is oftentimes suspected of not being effective when it comes to masking personal data since
the technique which is applied can be weak or the data set can have such unique features that
it can still be linked to a specific individual. The European Competent Authorities have thus
taken the view that such anonymized information should still be considered personal data.
Individuals have access to their data, if they request it, but this request can be denied. The
denial of the request has to be subject to reasonable legal requirements and limitation.39
The
language of this article is very vague and can result in requests being denied fairly quickly.
This could lead to an interference with the collection of personal data and access and could
constitute an interference with article 8 ECHR.
3.3.3. The right for private and confidential information
Respect for private and family life includes the right to private and confidential information,
especially where the storing and sharing of such information is concerned.
Confidential information is about respecting the autonomy of the individual. This right is
mostly applicable to communications between e.g. lawyers and their clients and doctors and
their patients, but the ECtHR has stated it is also applicable to records held by the
government.40
The PNR-Agreement makes it possible for the Canadian Competent Authority to have
sensitive data transferred to them and to process and even retain this data.41
This would be in
direct interference with the right to private and confidential information.
The open categories of data that can be collected for PNR purposes lead to legal uncertainty
as to the scope of what can be collected. For example, item 17 of the Annex states that
“General Remarks” may be included in the data, this could indirectly lead to the systematic
and untargeted collection of sensitive data which would greatly adversely affect the autonomy
of the individual.
People will constantly feel like Big Brother is watching them when they travel and this could
lead to them making decisions that they would not make in a different situation. For example
people who enjoy the vegetarian or halal meal options may feel that they have to choose
differently in order for them not to be watched by the government. Another thing that may be
collected are the travel habits of the individual, one can equate this to the same problem
38
PNR-agreement article 16. 39
PNR-agreement article 12 (3). 40
For example: ECtHR 13 november 2012, no. 24029/07, (M.M. v. the United Kingdom). 41
PNR-agreement article 8 jo. 16.
Page | 22
presented by the collection of geo-location data. Whereas location data can relate specifically
to the location of the communication device and its user, PNR can relate to the specific travel
habits of an individual. Both can lead to extensive profiles being created.
In the case of location data WP 29 recommends that controllers should seek to secure ways to
provide direct online access to the collected data and possible profiles that are associated with
it. According to WP 29, a key element of this access would be that it is provided without
demanding additional personal data and information to ascertain the identity of the data
subject.
Such conditions could also be applied to PNR. The PNR-Agreement now foresees in the
possibility for individuals to gain access to their information through a written request, but it
could be made more efficient of the suggestions concerning access to collected location data
of WP 29 were followed. Such access could be linked to the use of frequent flyer miles, or be
made available through an online personal page for the journey (e.g.: this page could be
created when one checks in online and be revisited for a period of time after the journey has
been completed).
The need for a written request from the individual can be seen as a hurdle most individuals
who are only moderately interested in privacy won’t take, whereas a readily available online
area would make access and insight easy and give people a relief from the idea that Big
Brother might not be abusing their data, forcing them to change their behavior.
This is an interference with the autonomy of the individual and his right to privacy in order to
develop him- or herself according to their values and is thus an interference with article 8
ECHR.
3.3.4. The right not to be subject to unlawful state surveillance
Subjects of Member States have the right not to be subject to unlawful state surveillance. This
right entails that the surveillance of individuals by the Member State may not happen unless
there is a legal basis that adheres to certain requirements and has proper checks and balances.
In paragraphs 3.5 and 3.6 this privacy aspect will be elaborated on in the context of
foreseeability and necessity in a democratic society.
3.4. Charter of fundamental rights of the European Union (the Charter)
The Charter contains two articles that are important to privacy when it concerns transatlantic
data-flows. The first being article 7, which covers the respect for private and family life. It
states as follows:
“Everyone has the right to respect for his or her private and family life, home and
communications”
Therefore the right to respect for private life is stated explicitly in the Charter. The rights
guaranteed under article 7 correspond to those guaranteed by article 8 ECHR.
Page | 23
Article 8 concerns the protection of personal data and states the following:
“(1) Everyone has the right to the protection of personal data concerning him or her.
(2) Such data must be processed fairly for specified purposes and on the basis of the consent
of the person concerned or some other legitimate basis laid down by law. Everyone has the
right of access to data which has been collected concerning him or her, and the right to have
it rectified.
(3) Compliance with these rules shall be subject to control by an independent authority.”
The privacy aspects that can be diluted from these two articles are the right to respect private
and family life and the right to protection of personal data.
3.4.1. Right to respect for private and family life
Article 7 of the Charter corresponds with article 8 of the Charter and takes technological
advancements into account. The umbrella term ‘privacy’ encompasses first and foremost the
right to be left alone. This infers non-interference by governments.
Malone v. the United Kingdom states that the right to be left alone is also inherent to article 8
of the Charter.42
This right also encompasses personal integrity, confidential data (due to its correspondence
with article 8 of the Charter) and public files. This leads to the disclosure or improper
discovery by third persons of facts relating to the physical condition, health or personality
may undoubtedly interfere with one’s right to privacy.
The Annex of the PNR-Agreement contains a list of PNR that can be used for the data
processing. The way this list has been formulated leads to the ability to collect data in bulk.
Vague terminology and no definitions are the main reasons for this; it creates uncertainty as to
how far the information gathering within those categories can go.
The PNR-Agreement also does not exclude the collection and processing of sensitive data.
This should be explicitly excluded according to the European Data Protection Supervisor in
his opinion,43
but, this is not the case in the PNR-Agreement. It even allows for sensitive data
to be collected indirectly through general remarks, processed and retained for 5 years.
This leads to a clear interference with the right to private and family life.
3.4.2. Right to protection of personal data
The wide application of the principle of privacy requires the protection of personal data used,
e.g., for social security purposes, in the police sector, etc.. The ECJ has recognized that this
right includes a person’s right to keep his health a secret.44
42
ECtHR, 2 August 1984, no. 8691/79 (Malone v. The United Kingdom), para. 51. 43
Opinion of the European Data Protection Supervisor on the Proposals for Council Decisions on the conclusion
and signature of the Agreement between Canada and the European Union on the transfer and processing of
Passenger Name Record data, para. 49. 44
ECJ, C-404/92 P, 5 October 1994 (X v. Commission of the European Communities).
Page | 24
Article 8 does not in itself give a definition of what constitutes personal data, nor does it give
the criteria associated with the processing of this data. It relies heavily on Directive 95/46/EC
for these things.
The PNR-Agreement however, does not provide for notification of data breaches to the
European Commission and Data Protection Authorities. As to the transparency, there is no
obligation on either the air carriers or on the Competent Data Authority to provide
information regarding the categories of data that are collected, who has access to this data and
what mechanisms are in place under Canadian law to seek judicial review.
Also, article 15 of the PNR-Agreement states: “(…) decisions significantly adversely affecting
a passenger”, by adding the word ‘significantly’ one narrows the scope of when human
review of automated results is required drastically. This implies that decisions which may
affect the passenger adversely can still be taken based on automated processing without
human review.
These elements lead to an interference with the right to protection of personal data.
3.5. Justification
The PNR-Agreement creates an interference with the respect to private and family life (article
8 ECHR and article 7 of the Charter) and the right to protection of personal data (article 8 of
the Charter) by violating the privacy-aspects described above. This interference can be
justified if it is provided by law and necessary in a democratic society.
3.5.1. Provided by law
According to the ECtHR’s established case-law, interference is provided by law when the
following three conditions are satisfied: the impugned measure must have some basis in
domestic law and, with regard to the quality of the law at issue, it must be accessible to the
person concerned and have foreseeable consequences.45
In this thesis it will be assumed that the requirement of accessibility and the provided by law
have been met.
3.5.1.a. Consequences must be foreseeable
Malone v. the United Kingdom was about British legislation that simply acknowledged the
power of ministers to authorize telephone tapping without ever truly granting it. Furthermore,
the administrative practices for the tapping were only vaguely defined. The ECtHR accepted
the requirements of the ECHR, especially in regards to foreseeability. However, in the special
context of surveillance, the ability to foresee the consequences cannot mean that an individual
should be enabled to foresee if and when the authorities are likely to intercept his
communications so that he can change his conduct accordingly.
45
ECtHR, 26 April 1979, no. 6538/74 (Sunday Times v. the United Kingdom), para. 46-68.
Page | 25
Still, the ECtHR held that the law should be sufficiently clear in its terms to give citizens an
adequate indication as to the circumstances in which and the conditions on which public
authorities are empowered to resort to this secret and potentially dangerous interference with
the right to respect for private life and correspondence. Consequently, the law should indicate
the scope of any such discretion conferred on the competent authorities and the manner of its
exercise with sufficient clarity, having regard to the legitimate aim of the measure in question,
to give the individual adequate protection against arbitrary interference.46
Leander v. Sweden stated that the foreseeability could not mean that individuals should be
enabled to foresee precisely what checks are placed on the special police. In this case, the law
also had to be sufficiently clear in its terms to give people an adequate indication as to the
circumstances and conditions on which the public authorities are empowered to resort to this
kind of secret and potentially dangerous interference with private life.47
In Amman v. Switzerland the ECtHR insisted on the need for rules on the conditions under
which files could be opened to be foreseeable. There had to be rules that could specify the
circumstances in which cards could be created, the procedures that had to be followed, what
information could be stored and the comments that could be forbidden. The ECtHR also
concluded that, since the authorities had not destroyed the information after finding out that
no offence had been prepared, the storing of the card on the applicant had not been “in
accordance with the law”.48
Kruslin v. France and Huvig v. France lead to the ECtHR stating that surveillance of citizens
through tapping and other forms of interception of communications lead to a serious
interference with private life and correspondence and has accordingly be based on a “law”
that was particularly precise. It is essential for there to be clear, detailed rules. The ECtHR
thought this was especially important since the technology available for use is continuously
becoming more sophisticated. The ECtHR emphasized further that adequate legislation should
come with adequate safeguards against various possible abuses, e.g. the categories of people
liable to have their telephones tapped by judicial order and the nature of the offences which
could give rise to such an order need to be defined. It must also state under what
circumstances recordings could or should be erased or the tapes destroyed, in particular where
an accused had been discharged by an investigating judge or acquitted by a court.49
The matter of the adequate safeguards in legislation was addressed again in the case of
Shimovolos v. Russia, which related to the registration in a ‘surveillance database’ of the
name of a human rights activist and the monitoring of his movements along with his arrest in
connection to the surveillance. A violation of article 8 ECHR had been found, because the
database containing the applicant’s name had not been established by a ministerial order or
46
ECtHR, 2 August 1984, no. 8691/79 (Malone v. the United Kingdom), para 67-68. 47
ECtHR, 26 March 1987, no. 9248/81 (Leander v. Sweden), para 51. 48
ECtHR, 16 February 2000, no. 27798/95 (Amman v. Switzerland), para. 76-79. 49
ECtHR, 29 June 2006, no. 9248/81 (Weber and Saravia v. Germany), para. 95.
Page | 26
published or made accessible to the public in any other way.50
The requirement for adequate
safeguards in the law had not been met.
3.5.1.b. Application to the PNR-Agreement
Foreseeability
As mentioned earlier in 3.4.2 foreseeability, when it comes to national security and measures
of surveillance, does not entail enabling the individual to foresee if and when the authorities
are likely to intercept his communications. This can also be applied to the PNR-regime in the
sense that the foreseeability does not have to require individuals to know exactly when their
data is being collected and handed over to the authorities.
The law, however, must be sufficiently clear, giving an adequate indication as to the
circumstances and the conditions that empower the authorities to resort to these measures.
The PNR-Agreement states that PNR-data will be processed strictly for the preventing,
detecting, investigating or prosecuting of terrorist offences or serious transnational crime. The
definition the Agreement proceeds to give of ‘terrorist offence’ and ‘terrorist entity’ is quite
broad because it has to be read in conjunction with the Annex.
Naturally, one can understand that a certain degree of vagueness is required for the law not to
become rigid or out of date too quickly. However, the current way these terms are formulated
could lead to the involvement of activist activities of a NGO or its representatives, but also
those who donate to those NGO’s (for example, Greenpeace and its (non) active members). It
could also make it possible for countries to monitor dissidents or other parties that oppose the
current government. This same problem has long been present in article 140 of the Dutch
Criminal Code, a critical darling for Dutch law scholars.
Article 140 of the Dutch Criminal Code (DCC) relates to the participation to an organization
that aims to engage in crimes and the participation to the continuation of an illegal
organization. Theoretically, criminalization through this article can be seen as a safety net in
the case where participatory actions to premeditated or committed crimes of suspects/others
are hard to prove by authorities. Thus, it can be seen as an evidence accelerator.
In this theoretical application of article 140 paragraph 1 DCC as an independent
(endangerment) offense would be the main subject of an indictment. On the other hand it
could be applied as an alternative criminal indictment for crimes that can only be committed
as an organization or by a group of people, which would make it accessory to the committed
crimes. It could then be considered possible this article would not find a consistent use for the
indictments, because these theoretical uses for article 140 DCC allow a varied use by
authorities.
This can also be said to the case in the PNR-Agreement, given the fact that for example the
Annex only gives general categories of data elements without any specification.
50
ECtHR, 21 June 2011, no. 30194/09, (Shimvolos v. Russia) , para 69-72.
Page | 27
One can argue that since PNR is based on algorithms that it mostly relies on software and
objective data, however, these algorithms are written and maintained by humans. Machines
that learn algorithms are thus influenced by their maintainers and can adjust what they do
based on human behavior. This could lead to algorithms enforcing human prejudices. To not
have properly specified categories for these algorithms to run on will lead to a lot of data
being collected from a lot of travelers, even if they have nothing to do with what is described
in article 3 of the PNR-Agreement and could then lead to an arbitrary interference with the
right to privacy.
Article 17 of the Agreement does lay down some rules and requirements for the logging and
documenting of the PNR-data processing. The Canadian Competent Authority must first
verify the lawfulness of the processing, and then ensure the integrity of the data and the
security, oversight and accountability of those involved. This article neither states how the
Canadian Competent Authority intends to verify any these things, no protocols or steps are
given, nor does it state what consequences are to follow those accountable for mishaps with
data processing. This is especially problematic when it’s the algorithm that is accountable for
the result of what the collected data says about an individual.
Article 18 and 19 of the Agreement are to be read in conjunction with article 3. This, in
combination with the list of data that is to be collected (article 2 (b) read in conjunction with
the Annex), leads to less clarity as to the circumstances and conditions under which a person
would fall under the scope of the data-collection by the Canadian Competent Authority.
Again, this is a matter of the general nature of the data-elements listed in the Annex and also
because the PNR-Agreement does not exclude the collection of sensitive data.
As mentioned earlier, the processing of sensitive data is allowed, on a case-by-case basis,
where necessary in view of a serious threat to an individual’s life or if there’s a risk of serious
injury. This is not linked to the requirements of article 3, 4 and 5 of the PNR-Agreement, nor
does any judicial body have the authority to intervene with this processing. This makes it
seem like the collecting and storing of sensitive data is allowed as long as it’s approved by the
Head of the Canadian Competent Authority and carries the risk of broadening the scope to
undefined purposes.
All of these factors combined can lead to the indifferent treatment of suspicious and
unsuspicious people and would lead to what the ECtHR has called “risk of stigmatization”51
.
The ECJ also refers to this in the Digital Rights Ireland-case repeatedly.
The bulk data retention also contradicts the Digital Rights Ireland-judgment when there’s no
connection between the retained data and a threat to public security. The PNR-Agreement
obligates air carriers to transfer data to the Canadian Competent Authority solely based on the
reason that someone is traveling from the European Union to Canada, which leads to all
travelers being affected without there being a clear link between that person and a threat.52
51
ECtHR, 4 December 2008, app. nos. 30562/04 and 30566/04 (S. and Marper v. the United Kingdom), para.
122. 52
ECJ, 16 May 2014, no. C-293/12 and C-594/12, ECLI:EU:C:2014:238, para 58.
Page | 28
The ECtHR stated that the law, aside from providing a certain indication and clarity, should
be particularly precise. In this case, the terminology used is vague and broad. As feared by the
ECtHR this raises concerns with improving technology for bulk collection of data and
automated processing. The PNR-Agreement does not provide adequate safeguards for this.
Categories of offences are given, but these do not seem to provide categories of persons that
can be excluded from the collection. This could lead to bulk collection on all passengers,
which becomes a genuine problem when algorithms discriminate. It becomes unclear when
one will find themselves in a database as a suspect.
Lastly, decisions based on automated processing will not be taken only if it ‘significantly’
adversely affects a passenger and creates a pretty high threshold for review of any decision
when it is based on automated processing, which could have far reaching consequences for
individuals and take time and effort to be corrected and will affect the welfare of a traveler
who has to deal with a decision taken based an automated process that has only adversely
affected him, but not significantly in the eyes of the Canadian Competent Authority.
One can thus conclude that the PNR-Agreement does not adhere to the requirement of
foreseeability due to its broad and vague nature.
3.6. Necessary in a democratic society
Article 8 paragraph 2 ECHR gives a list of ‘legitimate aims’ which States may use to limit the
fundamental right to respect for private and family life. These legitimate aims are part of the
test to see if the restriction is necessary in a democratic society and thus in the interest of the
community as a whole.
Paragraph 2 expressly mentions ‘national security’, making it a justifiable defense for a State
when it wishes to limit the fundamental right to privacy. However, there is no clear definition
of this term and studying the case law on this topic, one can safely state it’s somewhat vague.
European case-law has given a certain substance to the term ‘national security’, to the point
where one can see that it definitely includes the protection of state security and constitutional
democracy from espionage, terrorism, support for terrorism, separatism and incitement to
breach military discipline.
For the purposes of this thesis, cases linked to secret surveillance and data-retention will be
examined in light of the PNR-Agreement.
3.6.1. Case-law concerning secret surveillance
The ECtHR has stated in some of its earliest case-law on secret surveillance in the interest of
national security, that where a state institutes secret surveillance it was possible for persons to
be treated in a manner contrary to article 8 ECHR without their active awareness and
therefore not being able to remedy the situation before the national courts. The ECtHR
accepted that an individual could, in certain circumstances claim to be a victim of a violation
occasioned by the mere existence of secret measures or of legislation permitting these
Page | 29
measures, without having to allege that such measures have in fact been applied to this
person.53
In the case of Klass and Others v. Germany, the disputed legislation directly affected all users
and potential users of the postal and telecommunication services in the Federal Republic of
Germany. The ECtHR concluded that each of the applicants was entitled to “(claim) to be the
victim of a violation” of the ECHR, despite the fact he was not able to show that he had in
fact been subjected to a concrete measure of surveillance.54
The ECtHR also accepted in this
case that the existence of some legislation granting powers of secret surveillance over the
mail, post and telecommunications was, under exceptional conditions, necessary in a
democratic society in the interests of national security and/or for the prevention of disorder
and crime.55
In Leander v. Sweden had the ECtHR recognized there could be no doubt as to the necessity
for national security purposes and the need for Member States to have laws granting the
competent authorities the power to collect and store in registers not accessible to the public
information on persons, and to use this information when assessing the suitability of
candidates for employment on posts of importance for national security.56
The ECtHR also
accepted in this case that Member States enjoy a wide margin of appreciation so that it is up
to the State to assess whether the ‘pressing social need’ implied by the notion of necessity
was truly present.57
However, in the case of Klass and Others v. Germany the ECtHR emphasized that Member
States do not have unlimited discretion to subject persons within their jurisdiction to secret
surveillance measures in the name of the struggle against espionage and terrorism.58
The
ECtHR stated the powers of secret surveillance of citizens characterize a police state and
should only be tolerable in so far the legislation is within the bounds of what is necessary in a
democratic society.59
Leander v. Sweden later clarified that the interest of the respondent State
in protecting its national security must be balanced against the seriousness of the interference
with the applicant’s right to respect for his private life.60
The case of Amman v. Switzerland concerned a call that had been intercepted by the public
prosecutor’s office leading to a card being drawn up on the applicant. This card stated that the
applicant was “a contact with the Russian embassy” and “does business of various kinds with
the [A.] company”. It was stored in the Confederation’s files. The ECtHR considered that it
was sufficient to find that data relating to the private life of an individual had been stored by a
public authority to conclude the creation and storing of the impugned card had amounted to an
interference. This interference fell within the scope of article 8 ECHR regardless of the
53
ECtHR 6 September 1978, no. 5029/71 (Klass and others v. Germany), para. 33. 54
ECtHR 6 September 1978, no. 5029/71 (Klass and others v. Germany), para. 37-55. 55
ECtHR 6 September 1978, no. 5029/71 (Klass and others v. Germany), para 48. 56
ECtHR, 26 March 1987, no. 9248/81 (Leander v. Sweden), para 59. 57
ECtHR, 26 March 1987, no. 9248/81 (Leander v. Sweden), para 59. 58
ECtHR 6 September 1978, no. 5029/71 (Klass and others v. Germany),para. 49. 59
ECtHR 6 September 1978, no. 5029/71 (Klass and others v. Germany),para. 46 and 49. 60
ECtHR, 26 March 1987, no. 9248/81 (Leander v. Sweden), para 59.
Page | 30
subsequent use of the stored information or if it concerned sensitive data or whether the
applicant had been inconvenienced in any way.61
The ECtHR has also ruled that public information can fall within the scope of article 8 ECHR
when it is systematically collected and stored in files held by the authorities62
, and McGinley
and Egan v. the United Kingdom made it clear that there must be an effective and accessible
procedure established which enables people to seek all relevant and appropriate information.63
Lastly, Kennedy v. the United Kingdom had the ECtHR considering that ‘strict necessity’
implied there have to be adequate and effective guarantees against abuse. This assessment has
to be done on a case-by-case basis, taking into account the nature, scope and duration of the
possible measures, the grounds for ordering them, the authorities competent to authorize,
carry out and supervise them, and the kind of remedy that would be provided for under
national law.64
Most recently the ECtHR discussed secret surveillance in Szabó & Vissy v. Hungary where
applicants were concerned about the multitude of privileges an Anti-Terrorism Task Force
and the police. Under the law these privileges included house searches, surveillances with
recording, the opening of letters and parcels as well as checking and recording the contents of
electronic or computerized communications. The applicants filed a complaint stating these
privileges constituted an interference with the right to privacy.65
The ECtHR reiterated earlier
case-law and criteria set out there and noted the legislation did not provide a way for
individuals to lodge a complaint with an independent body.66
Furthermore, it was taken into
consideration that the legislation did not identify the categories of people that could be subject
to the privileges of the Task Force and that there was no assessment of whether or not the
surveillance was strictly necessary.67
This led to orders taking place entirely within the realm
of the executive and had the ECtHR repeating the need for adequate and effective guarantees
against abuse (such as oversight by an independent body).68
3.6.2. Digital Rights Ireland-case
In 2014 the European Court of Justice (ECJ) judged the Digital Rights Ireland-case.
The case concerned Digital Rights Ireland, a private organization, along with more than
11.000 other applicants and a regional Austrian government. Together they challenged
national transposition measures on the grounds of constitutional incompatibility and violation
of EU law before the High Court of Ireland and the Austrian Constitutional Court.
61
ECtHR, 16 February 2000, no. 27798/95 (Amman v. Switzerland), para. 69-70. 62
ECtHR, 4 May 2000, no. 28341/95 (Rotaru v. Romania), para. 43-44. 63
ECtHR, 9 June 1998, no. 21825/93 and 23414/94 (McGinley and Egan v. the United Kingdom), para. 101. 64
ECtHR 6 September 1978, no. 5029/71 (Klass and others v. Germany), para. 50: ECtHR,29 June 2006, no.
54984/00 (Weber and Saravia v. Germany), para. 106: ECtHR, 18 August 2010, no. 26839/05(Kennedy v. the
United Kingdom), para. 153. 65
ECtHR, 6 June 2016, no. 37138/14 (Szabó & Vissy v. Hungary), paras. 8-27. 66
ECtHR, 6 June 2016, no. 37138/14 (Szabó & Vissy v. Hungary), paras. 58-83. 67
ECtHR, 6 June 2016, no. 37138/14 (Szabó & Vissy v. Hungary), para. 73. 68
ECtHR, 6 June 2016, no. 37138/14 (Szabó & Vissy v. Hungary), para. 86.
Page | 31
These courts referred questions concerning the validity of the Data Retention Directive
(Directive 2006/24/EC) to the ECJ. The directive was then examined in light of articles 7 and
8 of the Charter, existing EU legislation on data protection and the requirement of
proportionality.
The ECJ stated that the retention of data for the purpose of access by competent national
authorities constituted an interference with the private life and the rights guaranteed by
articles 7 and 8 of the Charter. The ECJ elaborated, stating that the obligation imposed on the
providers of publicly available electronic communications services or of public
communication networks to retain data which relates to a person’s private life and
communications for a certain period of time, would in itself constitute an interference with the
fundamental right to privacy. The character of the interference is made grave by the fact that
the competent national authorities are required to have access to this data.69
Another problem the ECJ found within the Data Retention Directive was that it did not
require the subscriber or the registered user to be informed about whether or not the stored
data would be used, which could lead to individuals feeling that their private lives are the
subject of constant surveillance.
The ECJ acknowledged that the material objective of the Data Retention Directive was to
fight against serious crime and contribute to public security. It recalled earlier case-law to
state that the fight against international terrorism in order to maintain international peace and
security constitutes an objective of general interest and that the retention of data for this
purpose satisfies that interest.70
In regards to the question of whether the retention of data was appropriate for attaining the
material objective of the Data Retention Directive the ECJ said the following:
“(…) having regard to the growing importance of means of electronic communication, data
which must be retained pursuant to that directive allow the national authorities which are
competent for criminal prosecutions to have additional opportunities to shed light on serious
crime and, in this respect, they are therefore a valuable tool for criminal investigations.
Consequently, the retention of such data may be considered to be appropriate for attaining
the objective pursued by that directive.”71
However, the ECJ continues that the retention of the data concerned all traffic data of fixed
telephony, mobile telephony, internet access, e-mail and internet telephony. This means that it
concerns all electronic communication, which is very widespread and of growing importance
in people’s everyday lives, and therefore entails an interference with the fundamental rights of
practically the entire European population. Another objection to this widespread retention and
69
ECJ, 16 May 2014, no. C-293/12 and C-594/12, ECLI:EU:C:2014:238, para 29-33. 70
ECJ, 16 May 2014, no. C-293/12 and C-594/12, ECLI:EU:C:2014:238, para 41. 71
ECJ, 16 May 2014, no. C-293/12 and C-594/12, ECLI:EU:C:2014:238, para 49.
Page | 32
collection that it offered no exception for people who have an obligation to professional
secrecy. 72
The ECJ noted that the relationship between the data whose retention is provided for a threat
to public security was not restricted to retention in relation to data pertaining to a particular
time period/geographical zone/to a circle of particular persons likely to be involved in some
way in serious crime or to persons who could, in some way or other, contribute to the
prevention, detection or prosecution of serious offences through the retention of their data.73
Further objections were stated as follows:
“(…) Directive 2006/24 also fails to lay down any objective criterion by which to determine
the limits of the access of the competent national authorities to the data and their subsequent
use for the purposes of prevention, detection or criminal prosecutions (…) does not contain
substantive and procedural conditions relating to the access of the competent national
authorities to the data and their subsequent use. (…) does not expressly provide that that
access and the subsequent use of the data in question in question must be strictly restricted to
the purpose of preventing and detecting precisely defined serious offences or of conducting
criminal prosecutions relating thereto; (…) each Member State is to define the procedures
(…)”.74
The Data Retention Directive also did not lay down any objective criterion which limited the
number of persons who had access to the data and the subsequent use of that data, nor the
restriction of access in relation to the material objective. It also did not lay down a specific
obligation on Member States to establish those limits.75
Regarding the data retention period the Data Retention Directive stated that data was to be
retained for a period between a minimum of 6 and a maximum of 24 months, but did not state
that the determination of the retention period must be based on objective criteria and should
be limited to what is strictly necessary.76
The lack of adequate safeguards was also addressed. These are required by article 8 of the
Charter, to ensure effective protection of the data retained against risk of abuse and against
any unlawful access and use of that data. It also emphasizes that the Data Retention Directive
did not lay down rules which were specific and adapted to the vast quantity of data whose
retention is required by the Directive or the sensitive nature of that data and the risk of
unlawful access to it. Rules which would serve, in particular, to govern the protection and
security of the data in question in a clear and strict manner in order to ensure their full
integrity and confidentiality.77
72
ECJ, 16 May 2014, no. C-293/12 and C-594/12, ECLI:EU:C:2014:238, para 57-58. 73
ECJ, 16 May 2014, no. C-293/12 and C-594/12, ECLI:EU:C:2014:238, para 51. 74
ECJ, 16 May 2014, no. C-293/12 and C-594/12, ECLI:EU:C:2014:238, para 49-61. 75
ECJ, 16 May 2014, no. C-293/12 and C-594/12, ECLI:EU:C:2014:238, para 62. 76
ECJ, 16 May 2014, no. C-293/12 and C-594/12, ECLI:EU:C:2014:238, para 63-64. 77
ECJ, 16 May 2014, no. C-293/12 and C-594/12, ECLI:EU:C:2014:238, para 66.
Page | 33
The final statements of the ECJ concern the fact that the Data Retention Directive did not
require the data in question to be retained within the European Union, which creates control
issues and contravenes the requirement explicitly held in article 8 paragraph 3 of the
Charter.78
The ECJ concluded that the Data Retention Directive was invalid because it exceeded the
limits imposed by compliance with the principle of proportionality when examined in light of
articles 7 and 8 of the Charter.
3.6.3. Application to the PNR-Agreement
The test of whether or not an interference with the right to respect for private and family life
is necessary in a democratic society aims to balance the needs of the few against the needs of
the many. In other words, national security must be balanced against the seriousness of the
interference with an applicants’ right to privacy.
This requires a pressing social need for the interference, for the aims to be proportionate to the
intended goal and for there to be no other, less intrusive measure that could have been taken
by the government.
Despite Member States enjoying a wide margin of appreciation when it comes to their
policies concerning national security, powers of covert surveillance should only be tolerable
in so far that the legislation is within the bounds of what is necessary in a democratic society.
This criterion created by the ECHR in Klass and Others v. Germany emphasizes that there has
to be a pressing social need for something like PNR-data collection on a wide scale.
The current state of affairs surrounding the threat of a terrorist attack has created a climate of
fear amongst governments and their citizens. Attacks such as Charlie Hebdo, Paris, Brussels,
Egypt, Orlando and the trail of victims these have left behind have governments and citizens
alike convinced that terrorists are able to move around freely and unchecked throughout
Europe and the world. As a reaction, they feel that in the interest of national security more
surveillance and data is needed to apprehend suspects in a timely fashion and stop any future
terror attacks.
Accordingly, there exists a pressing social need for the PNR-Agreement to be imposed on its
citizens and since the government enjoy a wide margin appreciation it would seem unlikely
for the ECHR to contradict them on this point.
However, the interference with article 8 ECHR and articles 7 and 8 of the Charter is serious,
because of the wide scope created by the vague language in article 3 and in the annex. This
scope allows for all travelers from Europe to Canada to be subject to it. This would lead to
travelers feeling that their private lives would be under constant surveillance whilst travelling.
The data is collected at every booking, mostly (if not fully) through automated processing.
The data is collected by those who provide the service, in this case the air-carriers. The scope
78
ECJ, 16 May 2014, no. C-293/12 and C-594/12, ECLI:EU:C:2014:238, para 66-68.
Page | 34
of the data that can be collected even includes general remarks such as other supplementary
information or even baggage information.
This data is then processed and kept for a retention period of 5 years. After 30 days the data is
to be depersonalized and after two years this data will be depersonalized further. The data will
not get deleted until after the retention-period has ended. The PNR-Agreement does not
provide for it to be deleted sooner, not even when a suspect would get discharged.
The PNR-Agreement also allows Canada to collect and process sensitive data on a case-by
case basis and only where an individual’s life is in danger or if there is a risk of serious injury.
The sensitive data will not get deleted until 15 days after receipt. It may be retained if it is
necessary for a specific action, review, investigation, enforcement action, judicial proceeding,
prosecution, or enforcement penalties. This data will be retained until these purposes have
been concluded, allowing Canada to keep it for two additional years to ensure these purposes
have been fulfilled. As mentioned earlier in this chapter, this also carries the risk of
broadening the scope to include undefined categories of data.
The implementation of a time limit is a safeguard to avoid indiscriminate storage of personal
data. The full retention period counts 9 years (when including the additional two-year period
for any specific action, review, investigation, enforcement action, judicial proceeding,
prosecution, or enforcement of penalties, however the data can also be retained until this
specific investigation has been concluded). This retention period is very long in comparison to
other PNR-Agreements and the possibility to keep the data far beyond the initial retention
basically makes it endless in certain cases. This creates an imbalance between the interests of
unsuspected individuals and the goal of preventing crime. This is in clear contradiction to the
Digital Rights Ireland-case mentioned earlier.
In the aforementioned Digital Rights Ireland-case the ECJ clearly criticized the lack of limited
access by the competent national authorities to the collected data and their subsequent use.
Emphasis was laid upon the idea that both access and use of personal data must be the
exception rather than the rule, so it must be limited to the goal of the PNR-Agreement. It
limits the scope of access to Europol, Eurojust, the police or a judicial authority of a Member
States. The Agreement states explicitly that this access must fall within the scope of their
respective mandates or an Agreement between Canada and the Member State.79
The Agreement stipulates further that PNR-data will be shared at the request of these
authorities for specific investigations relating to the prevention, detection, investigation or
prosecution of terrorist offences or transnational crimes within the European Union. This
seems in line with the requirement to limit access to the PNR-data; be that as it may, the reach
of access remains undefined with ‘judicial authorities’ being included. It could lead to many
actors within the government or secret service agencies having access the collected data.
What this will mean in terms of whether or not the scope has been broadened hangs on the
future practice by the Canadian Competent Authority.
79
Article 6 paragraph 1 and 2 PNR-Agreement.
Page | 35
Although data is masked within 30 days after receipt, the ability to unmask it is very present
in the PNR-Agreement. This makes sense within the retention scheme as set out in article 16
read in conjunction with articles 2 (b), 3 and the Annex. Nonetheless, this constitutes a risk,
not only to the right to privacy, but also to other individual rights since frequent travelers and
people with unusual PNR-data sets could become the first targets of this unmasking.80
There are remedies open to individuals, allowing them to request a copy of the PNR-data so
they may issue a complaint or correct the information. So it is mostly of an administrative
nature. The possibility of judicial redress is based mostly on Canadian law which could prove
challenging for individuals seeking practical enforcement of the remedies. Whether or not the
protection is effective can be considered doubtful.
As mentioned in chapter 1, the Agreement allows for the PNR-data to go straight from the air-
carriers to the Canadian Competent Authority, completely bypassing the national data
protection officers of the Member State. The data is not retained within the European Union,
which causes control issues that would contravene article 8 paragraph 3 of the Charter in the
same way as the Data Retention Directive did in the Digital Rights Ireland-case before the
ECJ in 2014.
In conclusion, the PNR-Agreement passes the pressing social need criterion due to the wide
margin of appreciation Member States enjoy, but it surpasses the requirement of
proportionality exceeding the limits of what is understood as ‘strictly necessary’ by the
ECtHR. From the scope of the data collection to the people authorized to access this data,
there appears to be no true limit imposed. The PNR-Agreement does mention limits, but these
limits do not appear to be set in stone giving room for interpretation. This is due to the vague
language that has been incorporated in the Agreement.
3.7. Conclusion
The current PNR-agreement affects many aspects of a person’s privacy, both when it
concerns the ECHR as well as the Charter.
This constitutes an interference with this fundamental right that needs to be justified by the
Member State. In order to do that the interference must be provided by law and necessary in a
democratic society. The ‘provided by law’-criterion further requires that law to be accessible
and foreseeable.
The law isn’t foreseeable due to the definitions used within the Agreement being too broad
and too vague.
The ‘necessary in a democratic society’-criterion has also not been met. One can argue that
due to the wide margin of appreciation that Member States enjoy when it comes to national
security the requirement for a pressing social need is easily met by looking at current events.
However, there appears to be no clear limit to the data that can be collected and the authorities
80
Comparative study on the 2011 draft Agreement between the United States of America and the European
Union on the use and transfer of Passenger Name Records (PNR) to the United States Department of Homeland
Security, 14 March 2012, p. 12.
Page | 36
that can access this data leading to all travelers becoming suspects which exceeds the
proportionality of the Agreement. Thus, it does not adhere to the requirement of necessary in
a democratic society.
Page | 37
Chapter 4: What are the relevant differences between the PNR-Directive and the PNR-
Agreement between Canada and the European Union?
4.1. Introduction
In 2011 the European Commission proposed Directive COM(2011) 32 final, named in full
‘Directive on the use of Passenger Name Record data for the prevention, detection,
investigation and prosecution of terrorist offences and serious crime’ (the PNR-Directive).
The PNR-Directive aims to institute a PNR-regime within the European Union. This Directive
did not attract much interest until recently when the threat of terrorism within our borders
seems closer than ever. Now, it would seem this Directive is gaining some traction.
After the shooting at Charlie Hebdo and in Paris the Commission pushed the Directive
towards the European Parliament again for a vote in December 2015. This vote has yet to take
place as Member States and commissions are still examining it. Many of the provisions in the
PNR-Agreement are similar to what is in this proposed PNR-Directive. A draft of
amendments has been drawn up by the European Parliament which appears to try and limit
the scope of the PNR-Directive’s provisions.
The Directive’s scope is aimed at all Member States of the European Union and the people
residing within. It seeks to collect data from all travelers travelling within the European Union
and those travelling from third countries in order to stop transnational crime and to prevent a
possible terror attack.
This is ambitious to say the least and requires a lot of data to be processed. It is therefore
important to examine the relevant differences between the provisions of the PNR-Agreement
and the PNR-Directive to see whether or not there would be a more serious interference with
the right to respect for private and family life when it’s implemented with its current text
since it’s aimed at such a broad scope of travelers.
4.2. The relevant differences
The list of data that can be collected in the Annex of the PNR-Directive is largely the same as
that of the PNR-Agreement, except for item number 12 which states:
“General remarks (including all available information on unaccompanied minors under 18
years, such as name and gender if the minor, age and language(s) spoken, name and contact
details of guardian on departure and relationship to the minor, name and contact details of
guardian on arrival and relationship to the minor, departure and arrival agent”.
Whereas the similar provision in the PNR-Agreement states:
“General remarks including Other Supplementary Information (OSI), Special Service
Information (SSI) and Special Service Request (SSR) information”.81
81
PNR-agreement ANNEX item 17.
Page | 38
This item is not defined further in the PNR-Agreement, however it would seem the PNR-
Directive aims to use the General remarks to not only expand the scope of data that can be
collected but to also specifically and explicitly target child trafficking.
Article 2 of the PNR-Directive contains a list of definitions that are applicable to the
provisions the directive contains. Unlike the PNR-Agreement the PNR-Directive contains an
explicit definition of ‘serious crime’, but misses the definitions of processing and sensitive
data. In addition to that, the PNR-Directive refers to national law and Council Framework
Decision 2002/475/JHA for the definition of terrorism and omits the clause about
transnational crime including a crime committed in one country and the location of the
offender in that country with the intention to travel to another.
In contrast to the PNR-agreement, the PNR-Directive does not speak of one centralized body
that stores, analyzes and transmits the results of the PNR-data to the competent authorities.
The PNR-Directive speaks of the creation of multiple new competent authorities created by
two or more Member States. This new competent authority is referred to as the “Passenger
Information Unit” (PIU), and must reside on the territory of one of the Member States that
was part of its creation.82
The data is still collected by the air carriers and they transfer this data straight to the PIU.
From the text of the PNR-Directive it would seem this happens without prior review of the
data by the air carriers as it is the obligation of the PIU to immediately delete all data
collected that goes beyond the scope of the list in the Annex upon receipt.83
The PNR-Directive contains detailed purposes for the processing of PNR-data, namely to
process it against pre-determined criteria, to compare the collected data against relevant
databases (both national and international) and national mirrors of Union databases, to
respond to duly reasoned requests by competent authorities to provide PNR-data in specific
investigations and for the purpose of updating or creating new criteria to carry out new
assessments in order to identify any persons who may be involved in a terrorist offence or
serious transnational crime.84
As to the competent authorities that are allowed to access the data from the PIU, the selection
of who this may be is entirely up to the discretion of the Member States. This is contrary to
the PNR-Agreement where access is somewhat limited to authorities that fall under the scope
of the offences defined though that limitation is also broad and requires more definition.85
Unlike in the PNR-agreement there are detailed outlines governing the obligations on air
carriers and how and where they are to transfer the data in the case of multiple layovers
during a flight. It also regulates which air carrier is to transfer data where a flight is code-
shared and the means by which the data ought to be transferred. The PNR-Directive also
imposes the obligation on Member States to create national law which imposes dissuasive,
82
PNR-Directive article 3. 83
PNR-Directive article 6 jo. 7. 84
PNR-Directive article 4. 85
PNR-Directive article 5.
Page | 39
effective and proportionate penalties against air carriers who do not transmit the data as
required by the directive. 86
The PNR-Directive also enables the PIU to request access to specific PNR-data kept by the
PIU positioned in another Member State. They may request the data to be completely
unmasked in exceptional circumstances, for example in response to a specific threat or a
specific investigation or prosecution related to terrorist offences or serious crime. 87
Another relevant difference concerns the provision concerning transfer of data to third
countries. The PNR-Directive points towards the conditions laid down in article 13 of the
Council Framework Decision 2008/977/JHA and states further that transfers to third countries
must be necessary for the purposes specified by the directive and if the third country agrees to
only transfer data for further processing if it is for those same purposes, whereas the PNR-
Agreement states that these kinds of transfers are only allowed if the third country has
safeguards equivalent to what is described in the agreement.88
The retention period consists of 30 days after it has been transferred by the PIU. After this
period has expired, that data is retained for a further five years during which the data is
anonymised of all elements that could lead to the identification of the individual behind the
data and would only be accessible to a limited number of personnel. Thus the total retention-
period consists of 5 years and 30 days and is similar to what has been laid down in the PNR-
Agreement. 89
The retention of positive ID-results are not regulated explicitly in the PNR-Agreement so one
can assume that the period this data can be retained is also 5 years. In the PNR-Directive it is
3 years after the match has been proven to be negative after review by non-automated means
and are stored only to avoid false positives in the future, otherwise this data is also subject to
the maximum retention period of 5 years.90
Furthermore, the PNR-Directive explicitly sums up the kind of information that could serve to
identify the passenger to whom the PNR-data relates to which should be filtered and masked
out. The PNR-Directive also states that individuals have a right to compensation besides the
right to access, correction and judicial redress. The PNR-Directive also explicitly calls for the
immediate deletion of sensitive data, which is not the case in the PNR-Agreement.91
Finally, the transparency obligation in the PNR-Directive goes further than the PNR-
Agreement in the sense that it should include the retention-period, the possible use of that data
and the possibility that the data is exchanged with the competent authorities.92
86
PNR-Directive article 6. 87
PNR-Directive article 7. 88
PNR-Directive article 8. 89
PNR-Directive article 9. 90
PNR-Directive article 9 (4). 91
PNR-Directive article 9 (2). 92
PNR-Directive article 11 (5).
Page | 40
4.3. Conclusion
The PNR-Directive is not fundamentally different from the PNR-Agreement. It does however
contain differences in that it gives more detailed explanations what the reasoning behind
certain provisions and what this provision entails.
It also tries to take PNR several steps further than the PNR-Agreement and leaves a few
things up to the full discretion of the Member States without specifying any objective criteria.
It further calls for the creation of PIU’s, which are created by two or more Member States,
whereas the Canadian Competent Authority is part of the Canadian Government.
Page | 41
Chapter 5: How do the differences influence the examination of the Directive in light of
the fundamental right to privacy in the ECHR and the Charter?
5.1. Introduction
In chapter 3 an examination was made of the different privacy aspects covered by the ECHR
and the Charter in light of the PNR-Agreement. In this chapter the same will be done for the
PNR-Directive.
5.2. Examination of the possible influence of the differences
The PNR-Directive allows for allows for the bulk and indiscriminate collection data. In the
Annex the collection categories are open and the PNR-Directive lacks objective criteria for
the collection.
This list of PNR-data that can be collected is not exhaustive in its meaning because of the
open categories that appear to have no real limit. This, like with the PNR-Agreement, invites
the bulk collection of data and contravenes the Digital Rights Ireland-judgment which stated
that data should only be collected for specific purposes or of specific persons that could be
involved in a criminal activity.93
The PNR-Directive has a data retention period of 30 days where the data is unmasked, which
is followed by a period of 5 years retention of the masked data. However, the European Data
Protection Supervisor (EDPS) in his second opinion on the PNR-Directive states that even
when that data has been masked, it could still identify the person behind it and that the
Commission has shown no evidence for the need to keep the data for an additional 5 year
period.94
In the Digital Rights Ireland-case it was stated that, in order to comply with the
requirement of proportionality and article 8 of the Charter, the retention period has be based
on objective criteria to ensure it is limited to what is necessary.95
The PNR-Directive does not
give any indication on what criteria the retention period has been based and the EDPS has
made it clear in his second opinion that the European Commission has not presented any
evidence to justify the length of the retention period. Thus, one can say that the retention
period contravenes the fundamental right of article 8 of the Charter.
In the case of the retention of data that led to a false positive ID the retention period is listed
as 3 years. However, if the underlying data has not been deleted, this could be extended to 5
years. This clause stumbles across the same block as the normal retention period, namely that
there is no evidence that this amount of time to retain data is effective and that it is limited to
what is necessary. Therefore, this retention period where the authorities have permanent
access hardly seems compatible with the requirements of necessity and proportionality and
the safeguards to prevent the stigmatization mentioned in Chapter 3.
93
ECJ, 16 May 2014, no. C-293/12 and C-594/12, ECLI:EU:C:2014:238, para. 59. 94
Second Opinion on the proposal for a Directive of the European Parliament and of the Council on the use of
Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences
and serious crime, para. 24. 95
ECJ, 16 May 2014, no. C-293/12 and C-594/12, ECLI:EU:C:2014:238, para 64.
Page | 42
The PNR-Directive leaves the determination of what constitutes a competent authority up to
the discretion of the Member States. However, the PNR-Directive does not contain any
objective criteria to determine the limit of the access these competent authorities would enjoy
and the subsequent use of that data, nor does it provide explicitly that PNR-data may not be
used beyond the strictly defined purposes. This is necessary, because, as mentioned in chapter
2 and the Digital Rights Ireland-case, the seriousness of the interference with the right to
privacy and protection of personal data is not to be underestimated.96
In the text of the PNR-Directive it has phrases such as “immediate and serious threat to public
security” and “serious transnational crimes” to describe the purposes for which PNR-data can
be collected and used by the competent authorities.97
It never mentions that the use of PNR-
data is strictly limited to the purposes of PNR or lays down any conditions to limit further
access.
Also, the PNR-Directive aims to analyze PNR-data for updating or creating new criteria to
carry out assessments.98
One can wonder if this is proportional to the material objective of the
PNR-Directive.
However, the PNR-Directive also creates the PIU’s and allows national data protection
officers to be appointed to work there and gives individuals the opportunity to go to the data
protection officer of their choosing.99
This is a safeguard that is not afforded by the PNR-
Agreement and affords more security to the data that is processed by the PIU’s.
These PIU’s can transfer data amongst themselves when requested and this data will only be
unmasked under “exceptional circumstances”. The PNR-Directive then proceeds to state that
examples of these circumstances include a specific threat or investigation.100
This is still quite
vague, since the definition of a specific threat hasn’t been given, nor does it state in what
stage of the investigation and what objective criteria are in place for the data transfer to the
requesting authority.
In addition to the PIU’s, various national authorities are allowed to have access and take
action such as a further analysis of the PNR-data. PIU’s can also contain staffers from other
competent authorities who hail from the Member States united within. Hence, the true
composition of the staff of a PIU has no clear definition and creates a broad reach of people
who are allowed to have access. It appears the PNR-Directive leaves room for arbitrary
expansion of those who will have access.
As mentioned in Chapter 2 both the ECtHR and ECJ have emphasized that access to data by
competent national authorities must rely on prior review by a judicial authority or another
96
ECJ, 16 May 2014, no. C-293/12 and C-594/12, ECLI:EU:C:2014:238, para. 60. 97
For example: PNR-Directive article 4 (2) subsection a. 98
PNR-Directive article 4 (2) subsection d. 99
PNR-Directive article 3 jo. 10 (5). 100
PNR-Directive article 7.
Page | 43
independent administrative body to limit access and use of the data only for the purpose of the
pursued objective.101
Where the transfer of data to third countries is concerned, there is no explicit mention of the
need for that country to have the same standard of data protection as the European Union. The
PNR-Directive simply refers to Council Framework 2008/977/JHA. The EDPS has found this
to be insufficient since this Framework has its shortcomings, especially when it comes to the
rights of data subjects and transfers to third countries. The EDPS states in his second opinion
that a higher standard should be developed. 102
Unlike the PNR-Agreement the PNR-Directive explicitly states that all sensitive data is to be
deleted upon receipt. It also contains a clearly defined check for the fairness and lawfulness of
the processing. This is a good addition that the PNR-Agreement did not have and offers some
security to travelers. However, it is not hard to abide by the lawfulness if the law the
processing is based on is vague and broad in every other sense, it would have been a good
idea to base this provision of Directive 95/47/EC to ensure proper protocols.
The PNR-Directive takes the data collection for PNR a few steps further than the PNR-
Agreement and tries to make up for this by adding more details and definitions, but appears to
essentially have the same problem: proportionality.
The current text of the proposed PNR-Directive seems to ignore the ECJ in the Digital Rights
Ireland-case and article 8 ECHR, causing a serious infringement on this right as laid down in
articles 7 and 8 of the Charter because it simply goes too far.
5.3. Extended PNR in relation to air carriers and third party businesses
The PNR-Directive obligates air carriers to absolutely comply with the transference of the
PNR-data as outlined by the PNR-Directive.
Member States must impose (proportionate) sanctions on air carriers who do not comply with
this obligation. Nonetheless as the current text of the PNR-Directive stands, it could lead to
conflicting duties for the air carriers that collect the PNR-data themselves and any third party
business that does this for them.
When processing data the European Union has legal standards that must be applied and many
Member States have added standards that air carriers and third party businesses must adhere
to before they may process data. These standards must also apply to those the data is
transferred to. As mentioned earlier, the precise composition of PIU’s remains undefined and
there continue to be questions regarding exactly which authorities will have access to the
PNR-data.
101
ECJ, 16 May 2014, no. C-293/12 and C-594/12, ECLI:EU:C:2014:238, para. 62. 102
Second Opinion on the proposal for a Directive of the European Parliament and of the Council on the use of
Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences
and serious crime, para.57-58.
Page | 44
Another difficulty can be found in the fact that PIU’s can be composed of two or more
different Member States, but only operate on the territory of one of them. The territory could
be a defining point in regards to the regulated access to the information.
Therefore, air carriers, and other PNR-data collection agencies in their employ, cannot ensure
that the PIU they are transferring the PNR-data to has adequate safeguards in place to limit
the access to those who are strictly authorized to have it. They also cannot take time to
consider the data they are transferring to see if it can be deemed as “strictly necessary”.
Furthermore, air carriers are to inform passengers that the PNR-data will be transferred, but
cannot do anything if that passenger protests against this, not even limiting the data that is to
be transferred according to the wishes of the passenger.
Services such as protonmail, where one can enjoy a fully private e-mail service, are gaining
popularity amongst people who are realizing the value of privacy. Thus, a unique selling point
for air carriers could be the assured proper handling of PNR-data and the passenger’s privacy.
PNR should therefore be handled using Binding Corporate Rules (BCRs) and model
contracts, such as better regulated Open Skies Agreements. Open Skies Agreements are
contracts between air carriers and airports, usually meant for the exchange of information and
commercial interests. These agreements are currently unregulated, but could be regulated and
expanded to include PNR-data transfers to the proper authorities under supervision of the
national data protection officers.
In this instance, there can be EU guidelines regulating the contents of the agreement, but it
would be up to the air carriers to arrange their service. These agreements can be put under
scrutiny of the national data protection officers.
In the case of BCRs it would be a more efficient way to regulate who ought to have access to
the collected data sets and what privacy requirements should be met. BCRs could also create a
structure of communication within the corporation of the air carriers and the government,
allowing for proper oversight and independent review. Through BCRs, easier and transparent
access to the collected data sets by individuals, as described in Chapter 3, could also be
implemented with the proper safeguards.
Since the downfall of the Safe Harbour-Agreement, many companies have used model EU
data transfer contracts when there is a need to transfer data to the United States. This was
already a common practice for other third countries where data transfers are concerned to
ensure an adequate level of data protection and to establish liability in cases where the
conditions have been violated.
5.4. Conclusion
Both the PNR-agreement and the PNR-Directive do not adhere to the requirement of
proportionality since they do not limit themselves to what is strictly necessary to achieve the
material objective.
Page | 45
The PNR-Directive seems to completely ignore the Digital Rights Ireland-case and the
limitations imposed by articles 7 and 8 of the Charter and article 8 of the ECHR. The PNR-
Directive obligates Member States to impose sanctions on air carriers that do not transfer data.
The air carriers are thus stuck delivering various PNR-data sets without being able to fulfill
their own obligations of limiting the collection to what is strictly necessary.
It would be a unique selling point to assure the proper data is handled by the proper
authorities. This could happen if PNR-transfers were handles according to Binding Corporate
Rules and model contracts such as Open Skies Agreements. These agreements could be
regulated to include the PNR-transfers and negotiated access by the proper authorities.
Page | 46
Chapter 6: Conclusion
The PNR-Directive and the PNR-Agreement make serious infringements on the right to
respect for private and family life.
Both the PNR-Agreement and the PNR-Directive are not specific enough in their scope,
leading to serious privacy concerns and legal uncertainties. This in turn affects the well-being
of travelers who may feel like Big Brother is watching and out to get them, which could harm
his or her self-development as a human being and affect their choices.
The PNR-Agreement and the PNR-Directive are not proportionate to the material objective of
the data collection. It does not limit itself to what is strictly necessary and thus invites bulk
data collection. This has been proven to not be helpful to criminal investigations, since it
would make finding a terrorist like finding a needle in a pile of paperclips using a super
magnet.
After the Digital Rights Ireland and the Safe Harbour cases one cannot maintain there has
been no explicit statement concerning the undesirable nature of bulk data collection and the
need for objective, specified and adequate collection criteria. These are not offered in either
the PNR-Agreement or in the PNR-Directive.
It is imperative that data-transfers for surveillance reasons are subject to oversight by an
independent authority and adequate safeguards against abuse, such as properly specified
categories of PNR-data sets to keep collection to what is strictly necessary and retention
periods that are based on objective criteria. The current legislative texts, both for the PNR-
Directive and PNR-agreement do not seem to offer this.
The official conclusion of the Attorney General in regards to the PNR-Agreement is expected
in September 2015. It would not be surprising if a similar conclusion will be drawn.
In conclusion, the PNR-Agreement’s and the PNR-Directive’s relation to the fundamental
right to private and family as laid down by article 8 ECHR and articles 7 and 8 of the Charter
is one of violation and contravention to the criteria that have been set out to protect that right
by the ECJ and the ECtHR.
Page | 47
List of sources and references
Literature
Books
Fennell 2015
S. Fennell, ‘Privacy Wetgeving – inclusief voorgestelde meldplichten, boetes en concept
algemene verordening gegevensbescherming’, Amsterdam: Wolf Productions 2015.
Kuhelj 2010
A. Kuhelj, ‘The Twilight Zone of Privacy for Passengers on International Flights between the
EU & USA’, University of California Press 2010 Vol. 16:2, p. 383-436.
Boehm & Cole 2014
F. Boehm & M. D. Cole, ‘Data Retention after the Judgement of the Court of Justice of the
European Union’, Münster: University of Münster press 2014.
Journals
Zwenne 2015
G.J. Zwenne, ‘De onbestaanbare olifant: gedachten over Big Data en de Privacywet’,
Internetrecht 2015, p. 142-147.
Dimitrova 2015
D. Dimitrova, ‘(Un)Safe Harbor? Principes voor gegevenstransfers ongeldig verklaard door
Hof van Justitie van de Europese Unie’, Privacy en Informatie (P&I) 2015, p. 222-224.
Kindt 2015
E.J. Kindt, ‘Transatlantische gegevenstransferten: vertrouwen zoek’, Computerrecht 2015, p.
51-52.
Taeymans 2015
D. Taeymans, ‘Artikel 29 Werkgroep over PNR’, Computerrecht 2015, p. 102.
Balfour 2009
J. Balfour, ‘EC external aviation relations: The Community’s increasing role and the new
EC/US agreement’, CMLR 2008, p. 443-463.
Patton 2008
C. Patton, ‘No Man’s Land: The E.U.-U.S. Passenger Name Record Agreement and what it
means for the European Union’s Pillar Structure’, George Washington Law Review 2008
Vol. 40, p. 527-552.
Advice and Studies
Boehm & Hornung 2012
F. Boehm & G. Hornung, Comparative study on the 2011 draft Agreement between the
Page | 48
United States of America and the European Union on the use and transfer of Passenger Name
Records (PNR) to the United States Department of Homeland Security, Luxembourg 2012.
Korff & Georges 2015
D. Korff & M. Georges, ‘The Consultative Committee of the Convention for the protection of
individuals with regards to automatic processing of Personal Data: Passenger Name
Records, Data Mining and Data Protection: the need for strong safeguards’, Strassbourg
2015.
Steur 2015
G.A. van der Steur, ‘Voortgang Besluitvorming PNR Richtlijn’, Den Haag 2015
Jurisprudence
European Court of Justice
ECJ 16 May 2014, no. C-293/12 en C-594/12, ECLI:EU:C:2014:238.
ECJ 31 Januari 2012, no. C-130/10, ECLI:EU:C:2012:50.
ECJ 31 Januari 2012, no. C-130/10, ECLI:EU:C:2012:50 (concl. A-G Y. Bot).
ECJ 10 February 2009, no. C-301/06, ECLI:EU:C:2009:68.
ECJ 30 May 2006, no. C-317/04 en C-318/04, ECLI:EU:C:2006:34.
ECJ 30 May 2006, no. C-317/04 en C-318/04, ECLI:EU:C:2006:34 (concl. A-G Léger).
ECJ, 06 October 2015, C-362/14, ECLI:EU:C:2015:650.
European Court of Human Rights
ECtHR 13 June 1978, no. 6833/74 (Marckx v. Belgium).
ECtHR 6 September 1978, no. 5029/71 (Klass and others v. Germany).
ECtHR 26 April 1979, no. 6538/74 (Sunday Times v. the United Kingdom).
ECtHR 26 March 1985, no. 8978/80 (X & Y v. the Netherlands).
ECtHR 26 April 1985, no. 8691/79 (Malone v. the United Kingdom).
ECtHR 26 March 1987, no. 9248/81 (Leander v. Sweden).
ECtHR 7 July 1989, no. 10454/83 (Gaskin v. the United Kingdom).
ECtHR 29 oktober 1991, no. 11274/24 (Andersson v. Sweden).
ECtHR 27 October 1994, no. 18535/91 (Kroon v. the Netherlands).
ECtHR 25 March 1992, no. 13590/88 (Campbell v. the United Kingdom).
Page | 49
ECtHR 28 Januari 2000, no. 21825/93 and 23414/94 (McGinley and Egan v. the United
Kingdom).
ECtHR 16 February 2000, no. 27798/95 (Amman v. Switzerland).
ECtHR 4 May 2000, no. 28341/95 (Rotaru v. Romania).
ECtHR 6 June 2006, no. 6232/00 (Segerstedt-wiberg and others v. Sweden).
ECtHR 29 June 2006, no. 54934/00 (Weber and Saravia v. Germany).
ECtHR 18 November 2008, no. 22427/04 (Cemaletten Canli v. Turkey).
ECtHR 04 December 2008, no. 30562/04 and 30566/04 (S. and Marper v. the United
Kingdom).
ECtHR 27 October 2009, no. 21737/03 (Haralambie v. Romania).
ECtHR 2 February 2010, no. 964/07 (Gheorge Dalea v. France).
ECtHR 18 August 2010, no. 26839/05 (Kennedy v. The United Kingdom).
ECtHR 21 June 2011, no. 30194/09 (Shimovolos v. Russia).
ECtHR, 6 June 2016, no. 37138/14 (Szabó & Vissy v. Hungary).
Parliamentary documents
European Parliament
‘EU Passenger Name Record (PNR) Proposal: an overview’, 2015.
European Court of Human Rights
Research Division of the European Court of Human Rights: National Security and European
Case-Law.
Dutch Parliament
Kamerstukken I 2012/13, 32 669, nr. I.
Kamerstukken II 2015/16, 32 317, nr. 376, p. 1.
Legislation
Agreement between Canada and the European Union on the transfer and processing of
Passenger Name Record (PNR) Data (12657/1/13 REV 1)
Proposal for a Directive of the European Parliament and of the Council on the use of
Passenger Name Record data for the prevention, detection, investigation and prosecution of
terrorist offences and serious crime (COM(2011) 32 Final 2011/0023 (COD)).
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the
protection of individuals with regard to the processing of personal data and on the free
movement of such data (No. L 281/31).
Page | 50
Agreement between the European Union and the United States of America on the processing
and transfer of passenger name record (PNR) data by air carriers to the United States
Department of Homeland Security (DHS) (Trb. 2013, 45).
European Union Agency for Fundamental Rights
Freedom to conduct a business: exploring the dimensions of a fundamental right (2015)
Opinions
Opinion of the European Data Protection Supervisor on the Proposals for Council Decisions
on the conclusion and signature of the Agreement between Canada and the European Union
on the transfer and processing of Passenger Name Record.
Second Opinion on the proposal for a Directive of the European Parliament and of the
Council on the use of Passenger Name Record data for the prevention, detection, investigation
and prosecution of terrorist offences and serious crime (Opinion 5/2015).
Working Party 29, Opinion 01/2016 on the EU-US Privacy Shield draft adequacy decision, 13
April 2016.