Appearance before the House of Commons Standing Committee on Transport, Infrastructure and Communities on Aviation Safety and Security
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
May 11, 2010
Statement by Chantal Bernier
Assistant Privacy Commissioner of Canada
(Check against delivery)
Good morning. My name is Chantal Bernier. I am Assistant Privacy Commissioner for the Privacy Act.
I am pleased to be here today to participate in the Committee’s examination of Aviation Safety and Security. I would like to share with you today the approach of the Office of the Privacy Commissioner in addressing privacy in the context of aviation security and apply this approach specifically to the Passenger Protect Program and Secure Flight. While I do not propose to discuss the issue of body scanners, I will be happy to answers questions in that regard.
Let me start with this premise: privacy and security do not have to be at odds. In fact, they must be integrated and they even converge: the protection of privacy dictates that the collection of personal information be minimal; at the same time, the effectiveness of security rests on the collection of only the information that is relevant.
The Canadian Charter of Rights and Freedoms, the Privacy Act and the Personal Information Protection and Electronic Documents Act, together with the case law that interprets them, provide the basis for integrating privacy and security. It may be summarized in the following four principles:
- The right to privacy is a fundamental right that cannot be infringed unless it is demonstrably necessary for the public good.
- It follows that the collection of personal information can only occur when it is proven necessary and it must be proportionate to that necessity.
- That necessity must be assessed on an on-going basis by verifying that the collection of personal information is indeed effective and necessary in relation to the identified necessity.
- It must also be demonstrated that there are no less privacy invasive alternatives to meet that necessity.
When the collection and use of personal information are justified under of human rights law, privacy protection is assured by strict management of personal information according to the rules of personal data protection. We have audited the Passenger Protect Program from this perspective.
The Passenger Protect Program
Our Office has taken an active interest in the Passenger Protect Program since its inception.
Most recently, in the fall of 2009, we issued an audit report on the Passenger Protect Program and its Specified Persons List, commonly called the “no-fly list”.
Our audit focussed on the issue of whether Transport Canada has adequate measures in place to protect the personal information within its control. We found that these measures were generally adequate; however, we made recommendations to improve the privacy safeguards of the Program.
In particular, we recommended that
- The Transport Canada official who is designated to add or remove names from the List be provided with more information before a final decision is made;
- Transport Canada strengthen the technological information security safeguards to protect the List; and
- Transport Canada improve its oversight of air carriers to ensure they protect the information on the List.
All these recommendations are being or have been implemented. However, we remain concerned by the difficulty of ensuring that foreign carriers are not disclosing information on the List to their governments or other parties.
This lens ensures that we both respect the right to privacy in analyzing security measures and that we duly take into account the security needs that must be met.
I also want to comment on the American Secure Flight Program. As a U.S. government program, this is outside our jurisdiction. However we have looked carefully at this program, including the Privacy Impact Assessment prepared by the Department of Homeland Security (DHS), because it will, when fully implemented, have an impact on Canadian travellers.
From a Canadian perspective, the most controversial aspect of Secure flight is that it will apply to flights to and from Canada that fly through American airspace. This means, for example, that American authorities will have the ability to prevent someone in Canada from boarding a flight to Mexico.
We are not questioning the American government’s authority to implement such a program – international law is clear that a State’s sovereignty extends to its airspace, but we do need to understand how it may affect Canadian travellers.
I would like to highlight some of the significant aspects of the program:
- Air carriers will be required to provide DHS not only with basic identifying information – name, date of birth and gender – but also, “if available”, additional information such as passport information and itinerary information; since this information will always be available for international flights from Canada flying over the U.S. airspace, that full information will always be provided;
- Although the DHS PIA is somewhat unclear on this, our understanding is that information collected can be disclosed and used for purposes other than aviation security, such as law enforcement and immigration purposes;
- DHS will retain this information for as long as seven days after the journey has been completed even for individuals who are not a match; for seven years for potential matches and 99 years for confirmed matches;
- A redress mechanism exists to resolve false positives but will take 50 to 60 days on average, thus, in effect, cancelling travel plans.
One important difference between Secure Flight and the Canadian program is that the responsibility for checking passengers against the no-fly list will shift from airlines, as is the case now, to DHS. This brings both privacy safeguards and privacy risks: it is intended to lead to greater accuracy and therefore fewer false positives – for example, a similar name but the wrong person – and it eliminates the concerns that air carriers will misuse or inappropriately disclose the list. As I mentioned earlier, this was a concern we raised in our audit of the PPP.
On the other hand, this means that DHS will collect personal information of Canadian travellers, This is not without risk.
We understand that the Canadian Government attempted to have Canadian overflights exempted from Secure Flight. Unfortunately, the Government was unsuccessful except for flights between two Canadian cities. We also understand that the Government of Canada, by way of a Diplomatic Note, stated that protection of the privacy of Canadians “was of critical concern” in relation to Secure Flight. We urge the Canadian Government to continue to negotiate with American authorities to minimize the impact of Secure Flight, and take the following measures:
- Negotiate the collection of minimal personal information, strictly as necessary to ensure proper identification of individuals and avoid false positives;
- Question the retention periods of seven days for no match and seven years for potential matches to fulfill the commitment from the U.S. to collect personal information only as necessary for airline security.
- Negotiate robust and accessible redress mechanisms for Canadians to minimize the impact of an erroneous match;
- Implement measures to support Canadians availing themselves of the DHS redress mechanism.
- Inform Canadians of the exact scope of personal information that will be collected by DHS on them under Secure Flight.
- Clarify Canadian law on the conditions for disclosure of personal information by airlines to DHS to ensure public debate and legal certainty.
In closing, I want to emphasize the point I made earlier about the importance of integrating privacy into aviation security measures. If we can do so, both security and privacy will be enhanced.
I will be happy to take your questions.
Report a problem or mistake on this page
- Date modified: