BRUSSELS An agreement between the European Union and Canada to share airline passenger data that the two sides say is key to fighting terrorism cannot enter into force as currently drafted, an adviser to the top EU court said on Thursday.
The agreement the EU signed with Canada in 2014 foresees the retention and sharing with Canadian authorities of airline passenger data by carriers operating flights between the EU and Canada.
The European Parliament then asked the Luxembourg-based Court of Justice of the European Union (ECJ) to rule on whether the agreement protected people's privacy enough.
In a non-binding opinion to the judges, Advocate General Paolo Mengozzi said certain provisions of the agreement went against the EU Charter of Fundamental Rights.
"The Court should ensure that the proposed measures...reflect a fair balance between the legitimate desire to maintain public security and the equally fundamental right for everyone to be able to enjoy a high level of protection of his private life and his own data," the Court said in a statement.
Opinions from Advocates General are followed by the ECJ's judges in a majority of cases.
The opinion will come as a blow to national governments who have stepped up their arguments for data retention after a spate of militant attacks across Europe in the past year.
"Given the level of the threat, you have to ask what planet some of these lawyers live on. Law enforcement authorities all say we are continually playing catch-up on information flow and analysis, and the ECJ now risks setting back our efforts even further," said Timothy Kirkhope, a conservative member of the European Parliament (MEP).
Mengozzi said the proposed agreement allowed authorities to use the passenger name records data beyond what is strictly necessary for the prevention and detection of terrorist offences and serious transnational crime.
Passenger name records include names, travel dates, itineraries, ticket and contact details, travel agents and other information.
However, he said the agreement would be compatible with EU fundamental rights subject to certain conditions. These include that sensitive data not be collected, that the offences for which data can be retained be listed exhaustively and that the number of targeted persons can be limited to those who can be reasonably suspected of participating in a terrorist offence.
The opinion also bodes badly for a separate commercial data transfer agreement with the United States, Privacy Shield, which replaces a framework struck down a year ago by the ECJ over concerns about mass U.S. surveillance. It is widely expected to be challenged by privacy advocates.
Civil rights groups and liberal politicians welcomed the opinion as a reaffirmation of the importance of privacy even when responding to security threats.
"For years now we have questioned the necessity and proportionality of a massive transfer of European passenger data and the legal basis for this," said Sophie In’t Veld, a Dutch liberal MEP.
"Security measures must be legally sound and stand up in court."
(Reporting by Julia Fioretti, editing by Foo Yun Chee and Hugh Lawson)