Today, when annulling the Council decision about the transger of European airline passenger name records (PNR) to the US, the European Court of Justice made an important decision, highlighting both the weakness of current privacy protection schemes and essential problems in the European institutional set up. While it is not unlikely that privacy concerns, particularly the increasingly problematic lack of state enforced privacy regulation in the US, have guided the Court’s decision, its legal argument is not based on privacy infringement, but on fact that the EU-US agreement fell outside the scope of the European data protection directive. In fact as statewatch.org explains, the privacy plea by the EP has therefore not been considered at all. Statewatch therefore considers the judgment as a phyrric victory for the EP,
“as the agreement will now be replaced either by national agreements, or by a third pillar agreement with the US. Either way the EP has no power over approval of the treaty/treaties or even the power to bring legal proceedings against them. The press may describe this as a victory for the EP or for privacy but they will be mistaken. Moreover, there is a risk that if an EU treaty or purely national treaties are signed with the US that the standard of privacy protection could actually be worse than in the original PNR deal.”
The latter statement, of course, also highlights the dilemma that of institutional Europe’s current make up. If governments want to implement something in the allegedly “securtiy related area”, they will be able to do so, regardless of, say, the European Parliament’s opinion.
For the online edition of the German weekly Die Zeit, Robert Leicht points out another, and possibly the most important reason for the increasing political disregard for privacy concerns (in German): Politicians and their agency executives are simply lacking clear signals from a sufficiently important amount of voters to get out of the data mining business. In fact, he asks, if the negligence with which Europeans (and others) are giving up personal data in the normal course of conducting business is not simply indicating that they are no longer truly concerned about their equivalent of “informational self determination” (a legal construct once established by the German constitutional court as a quasi constitutional right for Germans). He may well be right. This clearly will be an uphill struggle for those who are concerned.