[IP] EU Court Blocks Air Passenger Data -- more info

To: ip@xxxxxxxxxxxxxx
Subject: [IP] EU Court Blocks Air Passenger Data -- more info
From: David Farber <dave@xxxxxxxxxx>
Date: Tue, 30 May 2006 13:38:23 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <598585EF-979C-43B2-A4E0-93B2D8AF3852@xxxxxxxxxxx>
Reply-to: dave@xxxxxxxxxx



Begin forwarded message:

From: Joel Reidenberg <reidenberg@xxxxxxxxxxx>
Date: May 30, 2006 1:06:33 PM EDT
To: dave@xxxxxxxxxx
Subject: EU Court Blocks Air Passenger Data

Dave,

Yesterday, the European Court of Justice threw out the 2004 agreementbetween the US Dept. of Homeland Security and the Council of the EUthat allowed the US government to gain access to European airlinepassenger data. The Court ruled that the Council could not declarethat the promises made by the US provided 'adequate' privacy becausethe Council had no legal authority under the Directive on dataprivacy to address public security and state security matters. TheCourt never reached the substantive issues and did not addresswhether the protections promised by the US would be sufficient underEU standards. Nevertheless, the Court allowed the PNR transfers tocontinue until September 30, 2006 as a transition period.


The decision presents a few scenarios:

- the US and the EU could negotiate a data privacy treaty (unlikely)

- airlines in Europe will scramble to find a way to comply with theDHS mandate and the US government will need to negotiate individuallywith each national Data Protection Authority in Europe (possible, butunattractive)- airlines and US government will search for the most flexible dataprotection agency to authorize transfers and then route and managethe PNR through a central headquarters location where theorganization can be qualified as a "controller" in that DPA'scountry (most likely). This might work because, under EU law, thelaw of the place where the controller is located governs treatment ofthe data. The European Court's decision indicates that this locationwould have exclusive jurisdiction to permit the data flow to theUS. If the US government then secures an agreement from that localdata protection agency, the PNR could be sent to the US withoutimpediment from other EU countries.


Regards,

Joel



Recent papers:

Technology and Internet Jurisdiction, 153 Univ. Penn. L. Rev. 1951(2005) http://ssrn.com/abstract=691501

Opportunities and Obstacles for the Simplification of InternationalData Privacy Rules, Proc. of 27th International Conf. of DataProtection Commissioners (Sept. 2005)

http://www.privacyconference2005.org/fileadmin/PDF/reidenberg.pdf


**********************************************
Joel R. Reidenberg
Professor of Law and Founding Director
Fordham Information Law & Policy Center
Fordham University School of Law
140 West 62nd Street
New York, NY 10023
Tel: 212-636-6843
Fax: 212-636-6899
Email: reidenberg@xxxxxxxxxxx
Web: http://reidenberg.home.sprynet.com

**********************************************


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] JPEG patent invalidated
Next by Date: [IP] more on The Economist: How to weave a cloak that makes you invisible
Previous by thread: [IP] JPEG patent invalidated
Next by thread: [IP] Let the Public Decide Broadcasting Treaty's Fate!
Index(es):
- Date
- Thread