On July 26, 2017, the Court of Justice of the EU (CJEU) published Opinion 1-15 (the “Opinion”) on the proposed agreement between the European Union and Canada on the transfer and processing of passenger name record (“PNR”) data (the “Agreement”). The Agreement was signed in 2014, but the CJEU was asked to determine whether it was compatible with EU data protection law before it is approved by the European Parliament.
The Opinion concluded that a number of provisions relating to the transfer of PNR data – particularly sensitive data – are incompatible with the EU Data Protection Directive (Directive 95/46) and the fundamental rights to privacy and data protection, and the protection against discrimination, under Articles 7, 8 and 21 of the EU Charter of Fundamental Rights (the “Charter”), meaning the Agreement must be renegotiated before it enters into force.
Notably, the CJEU’s opinion was consistent with its recent judgments concerning data transfers to “third countries” (outside the EEA) in Schrems and Tele2/Watson.
Continue Reading CJEU: EU-Canada proposed agreement on the transfer of Passenger Name Record data does not conform to EU data protection law standards