Following the terrorist attacks of 11 September 2001, the United States passed legislation providing that air carriers operating flights to, from or across United States territory have to provide the United States authorities with electronic access to the data contained in their reservation and departure control systems, called 'Passenger Name Records' (PNR).
Since the Commission considered that those provisions could come into conflict with Community legislation and that of the member states on data protection, it entered into negotiations with the United States authorities. Following those negotiations the Commission adopted, on 14 May 2004, a decision (the decision on adequacy) finding that the United States Bureau of Customs and Border Protection (CBP) ensures an adequate level of protection for PNR data transferred from the community. On 17 May 2004, the Council adopted a decision approving the conclusion of an agreement between the European Community and the United States on the processing and transfer of PNR data by air carriers established in Member States of the Community to CBP. That agreement was signed in Washington on 28 May 2004 and entered into force on the same day.
In today's judgment, the Court has annulled both decisions.
For the press release, click here.
For full text of the decision, click here.
