LUXEMBOURG: The collection of passenger flight data in the European Union must be limited to what is absolutely necessary, the bloc's top court found on Tuesday.
Under the EU's Passenger Name Record (PNR) Directive, aimed at combatting terrorism and serious crime, countries must collect the data of passengers entering and leaving the EU. This may also apply to flights within the bloc, dpa news agency has reported.
The European Court of Justice (ECJ) said in a statement that respect for fundamental rights requires that the powers provided for by the PNR Directive be limited to what is strictly necessary.
The ECJ was ruling on a 2017 data privacy complaint brought against Belgium's application of the EU law by the Ligue des droits humains (LDH), a Belgian citizen's rights organisation.
LDH claimed that the regulation infringed data protection rights and the right to privacy under Belgian and EU law.
The ECJ on Tuesday ruled that the collection, transfer and processing of passenger data must be restrictively implemented and limited to terrorist offences and serious crime having an objective link, even if only an indirect one, with the carriage of passengers by air.
A blanket application of the data collection rule within the bloc also violates EU law, the ECJ found, and may only be implemented by an EU member state for a genuine and present or foreseeable terrorist threat.