Case law: Parliament v. Council (PNR)
The purpose of this new series is to show actually how the relevant law should be applied in order to properly balance the right to free access of public information, free flow of information and the right to Privacy and Personal Data protection.
The series will balance both the applicability of Data Protection law in the private and public sector, focusing mostly on the Directive 95/46/EC (private sector) and Regulation 45/2001/EC (rights to data protection of individuals working with/for EU Institutions and bodies).
C-317 and 318/04, Parliament v. Council (PNR), 30.5.2006
Action for annulment by EP of Council Decision 2004/496/EC on conclusion of agreement between EU and USA on processing and transfer of PNR data and on
adequacy decision on data transferred to USA, both of which were adopted on the basis of Directive 95/46.
Appropriate legal basis for EU /US agreement to transfer PNR data:
• Adequacy decision: Requirements for transfer were based on a statute enacted by the USA in November 2001 and implementing Reg.s adopted thereunder, which concern enhancement of security and conditions under which persons may enter and leave the USA, fight against terrorism, and fighting transnational crime. Thus, transfer of PNR data is processing concerning public security. Even though PNR data are initially collected in course of commercial activity, the processing addressed in adequacy decision concerns safeguarding of public security and law enforcement. Fact that data collected by private operators for commercial purposes and they arrange for transfer of data to third country does not prevent that transfer from being regarded as processing excluded from directive’s scope. Thus, it falls within the first indent of Article 3(2) of directive, which excludes from Directive’s scope DP in the course activities provided form by Titles V and VI of the EU Treaty. Thus decision on adequacy annulled.
• Agreement: Article 95 (internal market) in conjunction with Article 25 of the directive (transfers to third countries ensuring adequacy) do not justify Community competence to conclude Agreement. Agreement relates to same transfers as adequacy decision, and thus processing operations are outside scope of Directive. Council decision approving conclusion of agreement between EU and US on processing of PNR data is annulled.
Credits and acknowledgment go to Laraine Laudati, OLAF DPO.
Stay tuned for the case law.
Any questions can be submitted to: email@example.com
Additional information can be found at: www.e-crimeexppert.com
What do you think about the findings? Do you think that the applicant was right?
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.
- @k3rstin Hi Kerstin. Im fine thank you. Still in Brussels. Can we collaborate on any project/assignment? Best regards, Dan. 1 year ago
- 6 Essential Tips on How to Prevent Online Shopping Fraud wp.me/p1N1s0-jD 3 years ago
- Cyberbullying wp.me/p1N1s0-jz 3 years ago
- 10 Ways to Prevent Your Identity From Being Stolen wp.me/p1N1s0-jv 3 years ago
- Infographic-Privacy and Security on Facebook wp.me/p1N1s0-jp 3 years ago