BELGIAN IMPLEMENTATION OF THE PNR DIRECTIVE IS NON-COMPLIANT WITH EU LAW – CONCLUSIONS FOR THE AVIATION SECTOR AGAINST THE BACKGROUND OF THE POLISH LEGAL ORDER
The Directive of 27 April 2016 on the use of Passenger Name Record (PNR) data for the prevention, detection, investigation, and prosecution of terrorist offenses and serious crime was implemented in the Polish legal system on 9 May 2018 when the Act on the Processing of Passenger Name Record Data was adopted. Activities performed by the Border Guard under the act were heavily criticized by the aviation industry, which led to the entry into force on 7 February 2022 of the amendment to the Act.
On 21 June, the Court of Justice ruled that the Directive is compatible with EU law, but the Belgian implementation is not.
This is all the more important that the scope of certain aspects of the Polish implementation is much broader than of the Belgian one, and provides legal grounds for the aviation industry to obtain favorable court judgments (obviously only for appeals filed against decisions and for further complaints lodged to an administrative court).
THE RULING OF THE COURT OF JUSTICE CHANGES THE CURRENT LEGAL PERSPECTIVE OF THE PNR REGULATION. HERE ARE THE KEY CONCLUSIONS:
- The Court confirmed the compatibility and validity of the PNR Directive with EU law.
- However, the transfer, processing, and storage of PNR data must be limited to activities that are strictly necessary to fight terrorism and serious crime.
- In this regard, the Directive should be interpreted restrictively.
- Where there is a real terrorist threat, a Member State may apply the Directive to all flights within the EU; where there is no such threat, the Directive may be applied restrictively to selected routes or travel patterns.
- Belgium implemented the PNR Directive by the Act of 25 December 2016 in a way that infringes the right to respect for private life and protection of personal data guaranteed under Belgian and EU laws.
- The regulation requiring the transfer and processing of PNR data on all flights within the EU is non-compliant.
WHAT THIS MEANS FOR OPERATORS FLYING TO POLAND SINCE 2018
- The Polish implementation of the Directive does not distinguish between types of flights. There are no subdivisions of routes or analyses of terrorist risks, either. The obligation to transmit data applies to each route and flight, which may now be successfully challenged in administrative and judicial proceedings.
- The ruling will have no legal effect on entities that have not challenged the decisions and rulings of the authorities in Poland in the examined cases. June 2022 LEGAL ALERT
- For operators who decided to appeal against decisions imposing administrative penalties for infringements of the Act in Poland, issued by the Commander-in-Chief of the Border Guard, the CJEU ruling augurs well for court proceedings.
- It will be possible to challenge proceedings scheduled to be resumed from the beginning of February 2024 precisely on the grounds of non-compliance with the regulation of the EU legal order. However, it will be necessary to raise these circumstances in the proceedings.
If you have any questions related to any of the topics above, please contact an expert in aviation law, transport & logistics Jadwiga Stryczyńska.
The alert can be downloaded HERE.