THE EU-CANADA AGREEMENT ON PASSENGER NAME RECORDS (PNR): TURBULENCE AHEAD!

By Antoine Guilmain, Antoine Aylwin and Karl Delwaide

Since 2014, the European Union and Canada have been moving forward with an Agreement concerning the transfer and use of Passenger Name Record (“PNR”) data. Last week, on July 26, 2017, the European Union Court of Justice stated that the envisaged Agreement could not be concluded because it would be “incompatible” with the respect for private life and the protection of personal data within the meaning of the European Union Charter of Fundamental Rights. This does not mean, however, that the Agreement is condemned to remain ad vitamaeternamon the “black list”. While the Opinion questions several rules under the PNR system, it does not question its raison d’être. In other words, the EU-Canada Agreement is currently on the “gray list”, but could still take off…

The transfer of PNR data is intended to ensure the public’s safety and security. The preamble to the envisaged Agreement declares that the Parties are seeking to “prevent, combat, repress and eliminate terrorism” as well as “other serious transnational crime”, and that the sharing of PNR data is “a critically important instrument to pursue these goals”. The PNR system also includes provisions to protect PNR data that contain “personal information”, for example, the passenger’s name and contact information, reservation information, dates of intended travel and itinerary.

In this context, the purpose of the Agreement clearly states that the European Union and Canada “set out the conditions for the transfer and use of Passenger Name Record data to ensure the security and safety of the public and prescribe the means by which the data is protected” (Article 1). Therein lies the heart of the problem: balancing “public security” and “data protection”. The European Union Court of Justice correctly noted that these two components “are inextricably linked”, and are both to be considered “fundamental in nature”.

Public Security: Green Light. The Court observed that public security is an objective “of general interest of the European Union” that is “capable of justifying even serious interferences” with the respect for private life and the protection of personal data. It even states that “the protection of public security also contributes to the protection of the rights and freedoms of others”. Any invasion of privacy would be limited to air travel between Canada and the European Union, and the Agreement would contain provisions to protect PNR data. In those circumstances, everything seems to indicate that interferences under the Agreement are “capable of being justified by an objective of general interest {…} and are not liable to adversely affect the essence of the fundamental rights enshrined in Articles 7 and 8 of the Charter”. These are the words of the Court. Despite this encouraging observation, the PNR Agreement must still comply with a number of conditions on data protection.

Data Protection: Red Light. The Court noted a series of incompatibilities regarding the protection of PNR data, the most important of which are as follows. First, PNR data is not clearly and precisely defined in the Agreement. The expressions “etc.”, “all available contact information”, “any information”, considered too broad, are used. Furthermore, the transfer of “sensitive” data (concerning racial or ethnic origin, religious beliefs, a person’s health or sex life) requires a “precise and particularly solid justification”, which the Court considered to be missing from the Agreement. Moreover, given that the processing of PNR data is generally automated (using predictive algorithms), these methods must be reliable, specific and non-discriminatory. Recent research suggests that the programming of algorithms may be affected by a discriminatory bias. In addition, the retention of PNR data does not appear necessary when passengers have left Canada and no risk (terrorism or serious transnational crime) was identified before or during their stay. Last, air passengers whose PNR data is used or retained must be notified, and an independent supervisory authority should ensure compliance with the Agreement.

Conclusion: Yellow Light. Ultimately, according to the European Union Court of Justice, while the EU-Canada Agreement is in principle acceptable, its current form must be amended to better regulate and protect PNR data. The Court’s reasons are not that far removed from the principles underlying Canadian privacy laws, in particular with respect to necessity or transparency. On another note, the new General Data Protection Regulation expected to enter into force in May 2018 should again highlight the issues and challenges facing any collaboration between the EU and Canada.

For the time being, the European Commission has undertaken to “carefully assess the Opinion and its potential impact”, while engaging “with Canada about ways of addressing the concerns raised by the European Court of Justice”. The Canada-EU Agreement can still be cleared for takeoff if it is amended to comply with the provisions of the Charter of Fundamental Rights of the European Union. Failing such amendments, and barring any treaty revisions, the Agreement cannot enter into force and will be condemned to circle the runway until such changes are made…

By Antoine Guilmain, Antoine Aylwin and Karl Delwaide

Since 2014, the European Union and Canada have been moving forward with an Agreement concerning the transfer and use of Passenger Name Record (“PNR”) data. Last week, on July 26, 2017, the European Union Court of Justice stated that the envisaged Agreement could not be concluded because it would be “incompatible” with the respect for private life and the protection of personal data within the meaning of the European Union Charter of Fundamental Rights. This does not mean, however, that the Agreement is condemned to remain ad vitamaeternamon the “black list”. While the Opinion questions several rules under the PNR system, it does not question its raison d’être. In other words, the EU-Canada Agreement is currently on the “gray list”, but could still take off…

The transfer of PNR data is intended to ensure the public’s safety and security. The preamble to the envisaged Agreement declares that the Parties are seeking to “prevent, combat, repress and eliminate terrorism” as well as “other serious transnational crime”, and that the sharing of PNR data is “a critically important instrument to pursue these goals”. The PNR system also includes provisions to protect PNR data that contain “personal information”, for example, the passenger’s name and contact information, reservation information, dates of intended travel and itinerary.

In this context, the purpose of the Agreement clearly states that the European Union and Canada “set out the conditions for the transfer and use of Passenger Name Record data to ensure the security and safety of the public and prescribe the means by which the data is protected” (Article 1). Therein lies the heart of the problem: balancing “public security” and “data protection”. The European Union Court of Justice correctly noted that these two components “are inextricably linked”, and are both to be considered “fundamental in nature”.

Public Security: Green Light. The Court observed that public security is an objective “of general interest of the European Union” that is “capable of justifying even serious interferences” with the respect for private life and the protection of personal data. It even states that “the protection of public security also contributes to the protection of the rights and freedoms of others”. Any invasion of privacy would be limited to air travel between Canada and the European Union, and the Agreement would contain provisions to protect PNR data. In those circumstances, everything seems to indicate that interferences under the Agreement are “capable of being justified by an objective of general interest {…} and are not liable to adversely affect the essence of the fundamental rights enshrined in Articles 7 and 8 of the Charter”. These are the words of the Court. Despite this encouraging observation, the PNR Agreement must still comply with a number of conditions on data protection.

Data Protection: Red Light. The Court noted a series of incompatibilities regarding the protection of PNR data, the most important of which are as follows. First, PNR data is not clearly and precisely defined in the Agreement. The expressions “etc.”, “all available contact information”, “any information”, considered too broad, are used. Furthermore, the transfer of “sensitive” data (concerning racial or ethnic origin, religious beliefs, a person’s health or sex life) requires a “precise and particularly solid justification”, which the Court considered to be missing from the Agreement. Moreover, given that the processing of PNR data is generally automated (using predictive algorithms), these methods must be reliable, specific and non-discriminatory. Recent research suggests that the programming of algorithms may be affected by a discriminatory bias. In addition, the retention of PNR data does not appear necessary when passengers have left Canada and no risk (terrorism or serious transnational crime) was identified before or during their stay. Last, air passengers whose PNR data is used or retained must be notified, and an independent supervisory authority should ensure compliance with the Agreement.

Conclusion: Yellow Light. Ultimately, according to the European Union Court of Justice, while the EU-Canada Agreement is in principle acceptable, its current form must be amended to better regulate and protect PNR data. The Court’s reasons are not that far removed from the principles underlying Canadian privacy laws, in particular with respect to necessity or transparency. On another note, the new General Data Protection Regulation expected to enter into force in May 2018 should again highlight the issues and challenges facing any collaboration between the EU and Canada.

For the time being, the European Commission has undertaken to “carefully assess the Opinion and its potential impact”, while engaging “with Canada about ways of addressing the concerns raised by the European Court of Justice”. The Canada-EU Agreement can still be cleared for takeoff if it is amended to comply with the provisions of the Charter of Fundamental Rights of the European Union. Failing such amendments, and barring any treaty revisions, the Agreement cannot enter into force and will be condemned to circle the runway until such changes are made…