A European Union judge says an EU agreement to exchange air passenger information with Canada to combat terrorism should be revised because parts of it would infringe on people’s rights.

Advocate General Paolo Mengozzi said in a legal opinion that the deal signed in 2014 should not enter force in its current form.

The agreement was referred to the EU’s Court of Justice by the European Parliament over privacy concerns.

Under it, Canadian authorities would have access to the data of European travelers like contact details, credit card and other personal information.

Mengozzi said parts of the agreement go beyond what is strictly necessary to prevent serious crime.

The agreement the EU signed with Canada in 2014 foresees the retention and sharing with Canadian authorities of airline passenger data by carriers operating flights between the EU and Canada.

The European Parliament then asked the Luxembourg-based Court of Justice of the European Union (ECJ) to rule on whether the agreement protected people’s privacy enough.

The opinion will come as a blow to national governments who have stepped up their arguments for data retention after a spate of militant attacks across Europe in the past year.

Mengozzi said the proposed agreement allowed authorities to use the passenger name records data beyond what is strictly necessary for the prevention and detection of terrorist offences and serious translational crime.

Passenger name records include names, travel dates, itineraries, ticket and contact details, travel agents and other information.

The Court said that with an almost ideological determination, the European Commission has proposed and agreed measure after measure to stockpile personal data, creating privacy and security risks for every European at a cost of hundreds of millions of Euro. In relation to PNR, it has a deal with Canada for an arbitrary four-year period, with Australia for five and a half years, fifteen years for the EU-US agreement, and a newly-adopted EU PNR Directive that stores data for four years for serious crime and five years for terrorism. This creates a needless security risk, undermines privacy, and generates huge costs for taxpayers.
However, Mengozzi said the agreement would be compatible with EU fundamental rights subject to certain conditions. These include that sensitive data not be collected, that the offences for which data can be retained be listed exhaustively and that the number of targeted persons can be limited to those who can be reasonably suspected of participating in a terrorist offense.The opinion also bodes badly for a separate commercial data transfer agreement with the United States, Privacy Shield, which replaces a framework struck down a year ago by the ECJ over concerns about mass U.S. surveillance. It is widely expected to be challenged by privacy advocates.

Such legal opinions are not binding but they are respected by the EU court in most rulings. (with AP, Reuters)