PARIS - The European Union's highest court ruled Tuesday that the Union had overstepped its authority by agreeing to give the United States personal details about airline passengers on flights to America in an effort to fight terrorism.
The decision will force the two sides to renegotiate the deal at a time of heightened concerns about possible infringements of civil liberties by the Bush administration in its campaign against terrorism, and the extent to which European governments have cooperated.
The ruling gave both sides four months to approve a new agreement, and American officials expressed optimism that one could be reached. But without an agreement, the United States could take punitive action, in theory even denying landing rights to airlines that withhold the information.
That could cause major disruptions in trans-Atlantic air travel, which accounts for nearly half of all foreign air travel to the United States.
The European Court of Justice, based in Luxembourg, found that the European Commission and the European Council lacked the authority to make the deal, which was reached in May 2004.
Specifically, the court said passenger records were collected by airlines for their own commercial use, so the European Union could not legally agree to provide them to the American authorities, even for the purposes of public security or law enforcement.
The agreement, which took 18 months to negotiate and was to last through 2007, gave the American authorities access to 34 categories of information about passengers on all flights from the 25 nations in the union. The data is made available as passengers board in Europe.
But the European Parliament challenged the agreement in court on two points: The parliament was not consulted when the accord was reached, under intense pressure from the Bush administration, and it objected to the extent of personal data to be turned over including names, addresses, phone numbers, itineraries and payment information, including credit card numbers.
Privacy advocates said the agreement violated civil rights, but the United States said the information helped identify the patterns of suspicious travelers. The court did not rule on the privacy question, focusing instead on the scope of European Union's authority.
"The European Court is saying, yes, the European Parliament was right, that the data transfer agreement is illegal," said Graham Watson, a British member of the parliament and chairman of the Alliance of Liberals and Democrats for Europe. "What will now be needed is some pretty tough talking to get a new agreement in which our concerns about privacy are properly addressed."
In Washington, Jarrod Agen, a spokesman for the Department of Homeland Security, said privacy was not really the issue, because his department could obtain the same information by questioning the passengers on arrival.
But, he added, security would be strengthened by having the information provided in advance.
For now, he said, "the planes will continue to fly and the security data will continue to be exchanged."
"There won't be any lowering of the data protection standards, or effect on passengers, or disruption to air traffic in the near term," he added.
In the past, the United States has warned that European airlines could be fined or lose American landing rights if they failed to make the data available.
But an American official in Brussels, who spoke only on condition of anonymity because he was not authorized to discuss the matter, said Washington would seek a diplomatic arrangement with the European Union that respected the ruling without disrupting air travel.
A spokesman for the European Commission, Johannes Laitenberger, told reporters in Brussels that the European Union remained "committed to the fight against terrorism, while respecting fundamental human rights such as the right to privacy."
Europeans are by far the largest single class of visitors to the United States. In 2004, the most recent data available, 9.6 million European Union citizens entered the United States, according to a Department of Commerce survey.
In the nearly five years since terrorists hijacked American passenger planes and crashed them into the World Trade Center and the Pentagon, governments on both sides of the Atlantic have expanded their powers of surveillance, tipping the balance of civil liberties in favor of safeguarding against attacks, at the expense of protecting individual privacy rights.
But critics of the deal to share passenger data said rights violations from Iraqi prisons and Guantánamo Bay, to secret C.I.A. flights of terrorism suspects over Europe have tainted other antiterrorism efforts.
Last month, for instance, investigators for the European Parliament said several European countries had been aware of, perhaps even complicit in the practice known as rendition, in which the Central Intelligence Agency abducted terrorism suspects and took them to countries that use torture.
"People are very much concerned about the direction that the Bush administration has been taking in these matters," Mr. Watson said.
European civil liberties groups were outraged when the European Union signed the accord two years ago, arguing that it did not ensure the privacy protection that exists under current laws in the Union.
The United States did agree to restrict access to the data to certain American agencies, and limited the time such data could be stored to three and a half years. But European civil libertarians say Washington has failed to safeguard such information against misuse.
Opponents cited Congressional testimony in February by the director of the United States Transportation Security Administration, Kip Hawley, who said his agency could not guarantee that the privacy of passengers' personal information was fully protected.
A recent episode involving the theft of names and Social Security numbers of 26.5 million American veterans from the home of a Veterans Affairs employee has raised further doubts about the care with which the government treats personal data.
Sophie in 't Veld, a Dutch member of the European Parliament and a vocal opponent of handing over the passenger data, said that the first evaluation of the agreement's effectiveness in fighting terrorism was completed in March but that the report had been kept confidential by the European Union and the United States government.
"The one question that has never been answered is, does it actually work?" said Ms. in 't Veld. "How many terrorists did they catch? How many international criminals? How many attacks did they prevent? And how many mistakes were made? We do not know because this information has never been made public. It is outrageous."
European legislators said they were disappointed that the European Court did not direct the Commission and the Council to give the parliament joint oversight in approving any new accord. But they hoped that their concerns would be brought out in the new negotiations.
European airlines reacted with caution to the ruling. Though the accord officially remains in effect for the next four months, some said they were seeking advice from their governments on how to proceed.
"This is an extraordinary situation to be in," Paul Charles, a spokesman for Virgin Atlantic Airways, told Bloomberg News.
Air France-KLM, Europe's largest airline, said it would continue to provide the American authorities with the passenger records. "We will still operate under the current situation for now," said a spokesman, Samuel Coulon.
Peter Hustinx, who oversees privacy issues for the European Union, said that until a new agreement was reached, airlines were facing some legal uncertainty if they continued to send passenger data to the American authorities.
"I expect the U.S. government will continue to want the data, and airlines will want to share," Mr. Hustinx said. "But they may face challenges by individual citizens or even from national data-protection authorities."
Copyright 2006 The New York Times Company