33.
The Respondents point to Parliament v Council, to which we have referred in
paragraphs 22(i) and 30 above, which appears to be a judgment on all fours
with this case and to point to the opposite conclusion than that reached by the
Grand Chamber in Watson. As set out above, the processing operations in
question in that case consisted (paragraph 56) of the transfer of PNR data to
the United States Department of Customs Border Protection (“CBP”) which
constituted “processing operations concerning public security”, and hence
within Article 3(2) and outside the ambit of the DPD (and consequently also
the EPD). Mr de la Mare for the Claimant sought to explain the decision by
asserting that the data supplied were not required by the carriers for their
commercial purposes, i.e. that they had data which was required for their
commercial purposes, which they retained and did not supply, and also had
data which was not required for their commercial purposes, which they did
supply, hence outside the DPD/EPD. But it is clear that this is not a correct
analysis, and is a misreading of paragraph 57 of the Judgment, and in
particular the last sentence. It is not arguable, because the PNR data, which
are fully described in paragraph 27 of the Judgment, did plainly include data
required by the carriers for their commercial purposes. After recording, at
paragraph 55, the fact that the decision concerned PNR data transferred to
CBP, the Grand Chamber states, in paragraph 57, that its decision concerned
(our underlining) “not data processing necessary for a supply of services, but
data processing regarded as necessary for safeguarding public security”.
What the Court is plainly stating is that in relation to data, all of which was
required for the carriers’ commercial purposes, the data processing required
for the supply to CBP was processing required not for the supply of services
Page 33