Appearance before the House of Commons Standing Committee on Public Safety and National Security for a briefing on the Passenger Protect Program and the U.S. No-Fly List

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

April 29, 2010
Ottawa, Ontario

Statement by Chantal Bernier
Assistant Privacy Commissioner of Canada

(Check against delivery)

Good morning. My name is Chantal Bernier. I am Assistant Privacy Commissioner for the Privacy Act and I am accompanied by Carman Baggaley, a senior policy advisor with our Office.

We are pleased to be here today to discuss the implications of certain Canadian aviation security measures in relation to privacy. We commend you for addressing this issue. One can argue that the challenge of integrating privacy and security comes to a head most acutely in the context of aviation security. Aviation security measures affect us all and they put our personal information in the hands of the most powerful authorities in the land. The risk for misuse that comes with any collection of personal information is all the more consequential in this context.

The one message I would like to leave with you today is this: effectiveness of security and protection of privacy are not at odds. In fact, they both reside in a streamlining of collection of personal information to what is strictly relevant and necessary.

To apply this approach, we must look at Canadian values as enshrined in the Canadian Charter of Rights and Freedoms as well as in the Privacy Act.

On the basis of these documents, as well as on the basis of the case law that interprets them, some criteria emerge to define how far the government can go in limiting privacy in the interest of security.

These criteria may be summarized in four main points:

  1. The right to privacy is a fundamental right that cannot be infringed unless is it demonstrably necessary in the interest of the public good.
  2. It follows that the collection of personal information can only occur when it is proven necessary and it must be proportionate to that necessity.
  3. That necessity must be assessed on an on-going basis by verifying that the collection of personal information is indeed effective and necessary in relation to the identified necessity.
  4. It must also be demonstrated that there are no less privacy invasive alternatives to meet that necessity.

This lens ensures that we both respect the right to privacy in analyzing security measures and that we duly take into account the security needs that must be met.

I will apply this lens to two aviation security measures currently in use: firstly, the Advanced Passenger Information Program and Passenger Name Record; and secondly, the Passenger Protect Program.

1. Advanced Passenger Information Program and Passenger Name Record

Airlines are required to provide the Canada Border Services Agency with passengers’ personal information in advance of their arrival in Canada, as well as the passenger name record, which shows the passenger’s travel itinerary. In both cases, this information is retained in the Passenger Information System, or PAXIS, for a minimum of three and half years.

Our Office expressed concerns about the program from the beginning, and in response the following privacy controls were incorporated into the program:

  • The retention period for the personal information was reduced to what was deemed strictly necessary;
  • We obtained that a progressive depersonalization process is implemented so that after 72 hours the information on a passenger’s identity is separated from his or her travel information;
  • And finally, the use of the personal information is limited strictly to the fight against crime and protection of national security.

Although we are satisfied with these changes, the necessity of collecting such personal information and the safeguards required to protect the information still need to be reviewed.

2. Passenger Protect

Our Office has also taken an active interest in the Passenger Protect Program since its inception. Most recently, in the fall of 2009, we issued an audit of the Passenger Protect Program and its Specified Persons List, commonly called “no-fly list”.  

Our audit found that Transport Canada generally uses adequate measures to protect the personal information within its control. However, we made recommendations to improve the privacy safeguards of the Program.

In particular, we recommended that 

  • The Transport Canada official who is designated to add or remove names from the list be provided with sufficient information before a final decision is made;
  • Transport Canada strengthen the technological information security safeguards to protect the List.
  • Transport Canada improve its oversight of air carriers to ensure they protect the information on the List.

All these recommendations are being or have been implemented. However, we remain concerned by the difficulty to ensure that foreign carriers are not disclosing information on the List to their governments or other parties.  

Finally, I know you are also interested in Secure Flight. On this matter, I will only say that it is a U.S. government program, therefore outside our jurisdiction. We will review, however, Canadian measures in response to Secure Flight.


In closing, I wish to stress the importance of integrating privacy into aviation security measures, to the benefit of both security and privacy, by limiting collection of personal information to what is strictly necessary and justified in a free and democratic society.

I will be happy to take your questions.

Date modified: