bg es cs da de et el en fr hr ga it lv lt hu mt nl pl pt ro sk sl fi sv

By contrast, a generalised and undifferentiated retention of PNR data in a non-anonymised form can be justified only where there is a serious, actual and present or foreseeable threat to the security of the Member States, and only on condition that the duration of such retention is limited to what is strictly necessary.

Furthermore, the transfer of data appearing under the heading ‘General remarks’ laid down by the PNR Directive does not meet the requirements of clarity and precision required by the Charter.

The use of PNR data is an important element in the fight against terrorism and serious crime. To that end, the PNR Directive 1 requires the systematic processing of a significant amount of data relating to air passengers entering and leaving the European Union. In addition, Article 2 of this directive provides Member States with the possibility to apply the directive to intra-EU flights also. The ‘Ligue des droits humains’ (Human Rights League) (LDH) is a not-for-profit association which filed an action for annulment with the Cour constitutionnelle (Constitutional Court, Belgium) in July 2017 against the Law of 25 December 2016 which transposed the PNR Directive and the API Directive 2 into Belgian law. According to the LDH, this Law infringes the right to respect for private life and to the protection of personal data, guaranteed under Belgian and EU law. It criticises, first, the very broad nature of the PNR data and, second, the general nature of the collection, transfer and processing of those data. In its view, the Law also infringes the free movement of persons in that it indirectly re-establishes border controls by extending the PNR system to intra-EU flights. In October 2019, the Belgian Constitutional Court referred ten questions to the Court of Justice for a preliminary ruling on the validity and interpretation of the PNR Directive and the API Directive, but also on the interpretation of the GDPR. 3 In his Opinion delivered today, Advocate General Giovanni Pitruzzella states, first of all, that, where measures involving interferences with the fundamental rights established by the Charter of Fundamental Rights of the European Union (‘the Charter’) originate in a legislative act of the European Union, the onus is on the EU legislature to set out the essential elements which define the scope of those interferences. He then points out that provisions requiring or permitting the communication of personal data of natural persons to a third party, such as a public authority, must be classified, in the absence of consent on the part of those natural persons, and irrespective of the subsequent use to which the data in question are put, as an interference with their private life and as an interference with the fundamental right to protection of personal data. 4 Such interferences can be justified only if they are provided for by law, if they respect the essential content of those rights and, in compliance with the principle of proportionality, if they are necessary and meet effectively objectives of general interest recognised by the European Union or the need to protect the rights and freedoms of others.