Headlines have called the decision a rebuke of the United States and decried the Court for weakening transatlantic airline security. Yet Farrell says the quality of security will remain unchanged, and the decision "is more a slap in the face for the European Parliament and for privacy advocates."
The European court of justice recently ruled that the EU would no longer share passenger information with the United States for passengers on transatlantic flights. What is the reason behind that ruling?
Basically you have a clash of law: European Union privacy law versus U.S. law on aviation security. This puts the airlines in a situation where potentially they have to choose which set of laws to go with, and they end up [going] with the U.S. laws over the European laws because the penalties are much stricter on the U.S. side. The [EU] then begins negotiations with the United States to try to come to some sort of deal with the U.S. about this, which culminate effectively in an agreement under which passenger name record data is provided by airlines coming into the U.S. But some of the more sensitive data which might give information on ethnicity and things like that are to be excluded. Also, there are some promises of the limits in which this information can be used and in particular, how long it can be stored for. Initially the U.S. wanted to store this information for fifty years—the final deal was for the information to be stored for three and a half years.
This deal is done between the commission, the member-states, and the U.S. But the third key player in the EU legislative game is EU parliament, who is effectively left out of it completely. The parliament has institutional concerns about this: It seems like it is being cut out from an important set of issues, and it feels like these are things it needs to have a voice in.
The European Parliament takes initial action, asking the European Court of Justice whether the proposed deal is effectively legal or not. But, the deal goes ahead. Then the European Parliament takes a second action, which is aimed at getting the European Court of Justice to declare the deal is bad and the deal is in fact illegal under various provisions of EU law. This court case goes ahead.
The way the European Court of Justice works is the following: First you get an advocate general issuing a report, which is nonbinding, on how the case ought to be disposed. The [majority] of cases before the European Court of Justice more or less follow these recommendations, and the advocate general issues a ruling. In this instance, the Court issues an extremely short judgment at the end of May, which effectively says this deal is in fact illegal.
This sounds like a victory for the Parliament and a victory for privacy advocates, but that is actually not the way it is going down. For example, the ACLU has come out with a big statement more or less implying that this is a victory; they are factually incorrect about this. The European Parliament has won, but has won on the one part of its argument it did not want to win on. It had a whole bunch of arguments about the basis on which the decision was to be taken in the EU treaty texts on human rights. The court rejected all the human rights provisions and contemplated only on the issue of legal basis. The Court decided that the decision was beyond the powers of the commission and the council. They decided this because the specific part of EU law which governs privacy in fact only applies to privacy in the commercial and private sectors and does not apply to these security issues at all. It is not really a victory for the Parliament, it is not really a victory for privacy advocates, even though some advocates within the U.S. have tried to claim so much.
This has played in some papers as a slap in the face to the U.S. Is it at all an indication of a loss of trust by the EU?
I do not think so. This is one of the problems when you are dealing with EU-U.S. relations. It is a problem with any complicated legal system: Outsiders to the system always see decisions that are being made in terms of them. This is less a slap in the face for the U.S. than it is a resolution of an internal dispute within the European Union. In fact, the way the European Court of Justice has ruled is in a very narrow sense. It has also effectively withheld application of the ruling for another ninety days, which allows the European Commission and the member states to come up with an alternative arrangement on the same legal basis.
The European Commission is currently preparing a proposal, which will then get to the member states. This proposal is effectively going to present a more or less identical deal; the only difference is that it is going to be based on a different article within the European Union treaty text. This will probably get through in time so that the deal effectively is going to continue, from the U.S. point of view, as if nothing actually had happened. This is far from being a slap in the face for the U.S.; it is more a slap in the face for the European Parliament and for privacy advocates.
Are you saying that on a practical level, the quality of airline security on transatlantic flights really will not be affected by this?
Absolutely not. I have seen a couple of alarmist articles in the press suggesting that we were likely to see chaos and a major drop in travel between the EU and the U.S. That is not going to happen. The short-term consequence, from the U.S. point of view, is that there is not going to be very much difference.
The U.S. is going to treat it effectively as being an internal EU dust-up which doesn’t have very many implications for it. I think the interesting implications are long term. This said that a whole variety of issue areas in which privacy intersects with security are now in the legal grey zone within the European Union. This could go in a number of different ways. We could see the continuation of the status quo in which a lot of security cooperation continues to be built between the European Union and the United States without very much attention being paid to Parliament, without very much attention being paid to internal democratic legitimacy in the European Union. We could also see, as an alternative, a backlash effect in which pressures begin to build up in the European Union to bring this new set of relationships under the supervision of some sort of increased democratic authority.
Is there anything that American officials can do to promote their interests in that process?
There is not much they can do. Probably there won’t be much they want to do. This is going to be resolved as a more or less internal matter within the European Union where the EU is almost certainly going to reenact the agreement under a different legal basis.
One of the interesting questions in this is why the United States is willing to come to a deal with Europeans in the first place. If you look at the situation back in 2003 and 2004, the United States effectively had all the cards in its hand. The airlines were basically saying that they were prepared to cooperate with U.S. law. The Europeans were in an extremely weak bargaining position; the United States was in a relatively strong bargaining position. Nonetheless, the United States was prepared to make some real concessions. The United States has recognized there is a need to build up a long-term relationship with the Europeans in this set of issues. And one of the ways they need to do this is to be more sensitive to the particular European sensitivities on many of these issues and to make concessions even when concessions might be necessary in the short term in order to build up the right kind of long-term relationship.
Back to the agreement that was overturned. What exactly was the information being shared on passengers? What kind of information is likely to be shared in the new agreement?
The new agreement is going to be identical to the existing agreement. The only possible revision is that the new agreement has to be unanimously approved by the member states. It could be that some individual member state or small coalition of member states may have some problems with the existing agreement and may use this to renegotiate it. But certainly I have not heard any implication that is likely to be in the cards.
With regards to the first question, the passenger record data is between thirty and sixty fields of information. Some of which are pretty straight forward stuff like names. Others could possibly be used to reveal information about passengers’ religion. There is one piece of information, whether or not a passenger has ordered a kosher or halal meal while traveling, clearly something that can be used to infer whether the passenger is likely Jewish or Muslim. The final deal was reached so some of the more sensitive fields of information, such as those that can be used to identify an individual’s religion, are being removed. The U.S. agreed that airlines did not have to provide this more sensitive information to U.S. authorities before landing.