A deal allowing airlines to hand over confidential passenger data to the United States has been struck down by Europe's highest court, in a move which could result in chaos for transatlantic air travel.
The decision came after complaints that an agreement allowing American officials access to 34 different pieces of passenger information - from credit card details to phone numbers - breaches personal privacy.
The European Court of Justice yesterday threw out the deal, negotiated to satisfy US anti-terror measures, objecting to its legal basis. The court gave the European Union until 30 September to find an alternative solution, leaving officials with a desperate race against the clock to try to resolve the legal muddle.
If they fail, airlines may have to choose between defying the US authorities - and being fined or having flights turned back - or leaving themselves open to legal action in Europe.
Disputes over passenger records date back to the aftermath of the 9/11 suicide hijackings in the US, when the American authorities demanded more stringent security standards.
After several European aircraft were turned back because of their failure to supply passenger data, the European Commission helped negotiate the new deal, which came into force in May 2004. It obliges airlines to transmit information electronically within 15 minutes of flights embarking for the US. Details include the names of all travellers, all contact details, telephone numbers, addresses, e-mails, payment information, bank numbers and credit card data.
Though minor concessions were won, the European Parliament challenged the measure in court, arguing that the US offers insufficient data protection guarantees. In fact yesterday's ruling did not criticise passenger-name record transfers or raise objections on the grounds of human rights or privacy. Instead it took issue with the technicalities behind the law.
The court ruled that this was inappropriate since the law did not apply to information collected for security purposes.
The European Commission will now look for a way to put the agreement on a different legal footing. One possibility is to use article 24 of the EU's governing treaty, which allows for EU foreign policy agreements with individual states or international organisations. An alternative is to go ahead under justice and home affairs legislation.
Such accords might not be impossible to agree within the three-month timescale, particularly since all governments would have to agree - including nations such as France, where national parliaments are very hostile. Failing that, EU governments might strike bilateral deals with the US, though whether these would contravene European law remains unclear.
Plunged into legal limbo, some airlines are alarmed at the possibility of being hit by bans or fines from the US side of up to $6,000 (£3,200) per passenger if they fail to hand over electronic passenger records.
They may also face domestic sanctions from national data protection authorities in countries such as the Netherlands for transferring the data.
Officials on both sides of the Atlantic sought to play down the crisis. Johannes Laitenberger, a spokesman for the European Commission, emphasised the court's judgment was only about the agreement's "legal basis", and not its content.
Stewart Baker, an assistant secretary at the US Homeland Security Department, called it a "resolvable issue".
BA, whose most profitable business comes from transatlantic flights, said it was "disappointed" by the ruling but suggested that data could be transmitted in any event. It said: "We have been liaising with Government in advance of the ECJ ruling and understand that the UK data protection legislation does not prevent British Airways from providing passenger data to the US authorities."
Sarah Ludford, the Liberal Democrats' European Justice spokeswoman in the European Parliament, suggested any new regime could be tested in the European Court. "I am disappointed that the court did not go on to examine our data protection concerns. MEPs will now be equally robust if the EU-US agreement is now replaced withbilateral agreements with similarly inadequate safeguards against misuse of personal data." She added: "We have been concerned from the beginning that the US regime is not strict enough. Our fears have been reinforced by the outcome of a review, the results of which were reported to us in March in secret."
Richard Ashworth, a Tory MEP for south-east England, said: "If a new agreement cannot be reached with the US government, our passengers, after flights of eight hours or more, could face chaotic queues on arrival in the US while waiting for their details to be checked."Reuse content