Citizens should be conscious of their rights, some of which were mentioned above, to be able to defend them when they think that a Member State is not respecting them. They should also know that they are entitled to defend their rights acquired through European law. They can do so by taking their case to the national courts, which can either issue a ruling or turn to the Court of Justice for a preliminary ruling [see e.g. Case C-50/00], or by simply and inexpensively lodging a complaint with the Commission or a petition with the European Parliament [Articles 24 and 227 TFEU, ex Articles 21 and 194 TEC). The Parliament has a Committee on Petitions which examines the complaints of citizens, mainly relating to social security, the recognition of professional qualifications or environment protection [Parliament Resolution]. If the complaint concerns instances of mismanagement in the activities of the European institutions or bodies, the citizen may address himself or herself to the Ombudsman appointed by the European Parliament (Articles 24 and 228 TFEU, ex Articles 21 and 195 TEC) [Decisions 94/114, 94/262 and 2002/262, see section 4.1.3].

Regardless of whether they are lodged with it or with the Parliament, the Commission is obliged to examine the grievances of citizens, which number around one thousand per year. Sometimes they are not justified and the Commission must explain to the citizen why this is the case. Not infrequently, however, they are justified and the Commission must address the Member State in question and ask it for explanations. If it does not get a good answer it must formally ask the Member State to correct its legislation or administrative practices which are causing injury to one or several citizens either of the State in question or of another Member State. If the Member State does not come into step with European law as requested by the Commission, the latter must take the State to the Court of Justice, which will give a final ruling on the obligations of the Member State. According to the Court, the Member States are obliged to compensate for damage caused to individuals by violations of European law attributable to them [Joined Cases C-6/90 and C-9/90] , particularly if certain conditions are satisfied: the rule of law infringed has been intended to confer rights on individuals, the breach is sufficiently serious, and there is a direct causal link between the breach of the obligation and the loss or damage sustained by the injured parties [Case C-470/03].

It appears that the citizens of the European Union have powerful means at their disposal to obtain justice under European law. They are sometimes more favoured than if they were just citizens of an individual State, for they can go beyond national judicial bodies to international ones in order to defend their rights and interests. However, in order to defend these rights, they must be aware of them. The fact is that the vast majority of the citizens of the Member States are not aware of their rights as citizens of the European Union. The task of informing them therefore falls both to national and European authorities, which are not very active in this area. The information deficit, examined in the following chapter [see section 10.1.2], weakens the defence of citizens' rights. On the contrary, the multinational human networks, which are growing in number and influence in the Union, may, among other things, defend the rights of citizens of different Member States [see section 9.4].

With the emergence of information systems spanning the entire internal market, the European Union has increasingly to concentrate on the protection of the personal data of its citizens. Article 16 of the TFEU (ex Article 286 TEC) states that everyone has the right to the protection of personal data concerning them. The European Parliament and the Council, acting in accordance with the ordinary legislative procedure, shall lay down the rules relating to the protection of individuals with regard to the processing of personal data by Union institutions, bodies, offices and agencies, and by the Member States when carrying out activities which fall within the scope of Union law, and the rules relating to the free movement of such data [see also sections 17.3.5 and 17.3.6]. Thus a Directive aims at the development of the information society and the service sector in the EU, while guaranteeing individuals a high level of protection with regard to the processing of personal data (safe harbour privacy principles) [Directive 95/46]. Accordingly, it imposes obligations on data controllers such as public authorities, companies and associations, and establishes rights for data subjects, such as the right to be informed of processing carried out, the right of access to data and the right to ask for data to be corrected. In any event, the Directive prohibits the processing of sensitive data, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or state of health, except in certain circumstances that are exhaustively listed, in particular when the data subject has given his explicit consent or where a substantial public interest requires such processing (e.g. medical or scientific research). European institutions or bodies must also protect the fundamental rights and freedoms of individuals, and in particular their right to privacy with respect to the processing of personal data [Regulation 45/2001]. An independent supervisory body, the European Data Protection Supervisor, monitors the application of the relevant rules [Decision 1247/2002].

US anti-terrorism legislation establishes that air carriers operating passenger flights to or from the United States must make passenger name record (PNR) information available to the US Customs Service upon request. PNR is a data record of each passenger's travel requirements which contains all information necessary to enable reservations to be processed and controlled by the booking and participating airlines. Although the US measures potentially conflict with EU and Member States' legislation on data protection, and in particular with Directive 95/46 [see section 17.3.6], the EU and the USA reached an agreement providing a legislative framework enabling air carriers to transfer passenger data to the US authorities and allowing the latter access to data held by the European authorities on EU territory, while respecting the principles laid down in the Charter of Fundamental Rights of the European Union [Decision 2012/472 and Agreement].