PARIS, May 30  The European Union's highest court ruled today that an agreement providing for the transfer of extensive personal data on air passengers to the authorities in the United States was illegal. The decision forces the two sides back to the negotiating table at a time when privacy safeguards are increasingly being debated.

The European Court of Justice, in Luxembourg, overruled a May 2004 decision by the European Commission and the European Council, which represents national governments. The agreement, which took 18 months to negotiate and was set to last through the end of next year, gives American counterterrorism authorities access to 34 different types of information about passengers on all flights that originate from the 25 member states.

The court upheld a challenge to the agreement brought by the European Parliament, which was not consulted when the accord was reached amid intense pressure from the Bush administration following the Sept. 11 terrorist attacks. However, it sidestepped the thorny question of whether the transfers of passenger records  including names, passport details, credit card numbers, addresses and phone numbers  violated the civil rights of European citizens.

Parliamentary opponents of the agreement nonetheless said they were pleased with the ruling.

"The European Court is saying yes, the European Parliament was right, that the data transfer agreement is illegal," said Graham Watson, a British member of the European Union Parliament and chairman of the Alliance of Liberals and Democrats for Europe. "What will now be needed is some pretty tough talking to get a new agreement in which our concerns about privacy are properly addressed."

The court gave the European Commission a four-month grace period, until Sept. 30, to negotiate a new treaty with the United States, during which time passenger records would continue to be provided according to the terms of the original agreement.

"This puts European airlines flying passengers in and out of the U.S. in a real dilemma," said Watson. "Either they violate E.U. law and give the U.S. what they want or the risk the States turning around and saying your airplanes can't come here."

At the Department of Homeland Security in Washington, Jarrod Agen, a spokesman, pointed out that the court's decision specified that the existing system could stay in force through September.

"The planes will continue to fly and the security data will continue to be exchanged," he said. "There wont' be any lowering of the data protection standards or effect on passengers or disruption to air traffic in the near term."

Mr. Agen said that the department's lawyers were still reading the European decision, but that "the court did not take a view on the content of the agreement. It was looking at process of the European Commission in making the agreement with the U.S."

Mr. Agen said that all the information now given by the airlines, within a few minutes of the plane's departure, was information that the United States could obtain by interviewing passengers as they arrived. Security is strengthened by having it in advance, he said.

The information includes the passenger's name, the date of the reservation, date and place of ticket issue, payment details, and use of a travel agent, among other items. The department can use it to look for patterns and identify travelers it finds suspicious, he said.

Europeans are by far the biggest visitors to the United States. In 2004, the most recent year available, 9.6 million European Union citizens entered the United States, according to a Department of Commerce survey of air travelers. That represented 48 percent of all international air travelers entering the country.

European civil liberties groups were outraged when the European Union signed the accord two years ago, arguing that it did not ensure the same degree of privacy protection as exists under European Union law. The United States did agree to restrict access to the data to certain United States agencies and limited the amount of time that such data could be stored. But civil libertarians say Washington has so far failed to adequately safeguard the data against hacking or other misuse.

Opponents cited Congressional testimony in February by the director of the federal Transportation Security Administration, Kip Hawley, who said his agency could not yet guarantee that the privacy of passengers' personal information was fully protected and announced an audit of its system for screening passenger information against a terrorist watch list.

Sophie in 't Veld, a Dutch member of the European Union Parliament and a vocal opponent of passenger data transfers, added that the first evaluation of the agreement's effectiveness in fighting terrorism was completed in March of this year but that the report has been kept confidential by mutual agreement of the union and United States.

"The one question that has never been answered is, does it actually work?" said Ms. in 't Veld. "How many terrorists did they catch? How many international criminals? How many attacks did they prevent? And how many mistakes were made? We do not know because this information has never been made public. It is outrageous."

Parliamentarians expressed hope that their concerns would be taken into account when European Union and American officials sit down this summer to hammer out a new accord. However, they were disappointed that the European Court did not explicitly direct the commission and the council to give Parliament joint oversight in approving any new accord.

"The court has indicated that the commission should put it forward as a security measure, which still means that the Parliament would not have to be consulted," Mr. Watson said. Nonetheless, he said, "I think that it would be very difficult politically for the commission and governments to do this again."

Matthew L. Wald of The Times contributed reporting from Washington for this article.