Privacy implications on Division 16 of Bill C-45, The Jobs and Growth Act 2012, pertaining to electronic travel authorization

Submission to the House of Commons Standing Committee on Citizenship and Immigration

November 16, 2012

Mr. David Tilson, MP
Chair of the Standing Committee on
   Citizenship and Immigration
131 Queen Street – 6th floor
House of Commons
Ottawa, Ontario
K1A 0A6

Dear Mr. Tilson:

Thank you for the opportunity to make a written submission to the Citizenship and Immigration Committee on Division 16 of Bill C-45, The Jobs and Growth Act 2012.  My Office has a longstanding interest in the proposal outlined in Division 16, and I welcome the opportunity to provide you and the Committee with our views.

Division 16 of Bill C-45 amends the Immigration and Refugee Protection Act by introducing a requirement that all foreign nationals intending to travel to Canada first obtain an “electronic travel authorization” from Citizenship and Immigration Canada (CIC).

The amendments in Division 16 – a new subsection 11.1(1.01) and a new subsection 89 (2) – provide legislative authority for a program involving  the collection, use and potential disclosure to international partners of large amounts of potentially sensitive personal information about millions of individuals travelling to Canada.

The eTA Program

As we understand it, electronic travel authorizations (or eTA) will serve a function similar to a visa for travellers from countries which Canada does not currently maintain a visa requirement.  In other words, the new eTA process in our country will represent a significant new collection of information for travellers coming to Canada from visa-exempt countries (for example, most of the European Union).  Individuals will be required to fill out a web form before they buy a plane ticket so that background checks can be conducted.

The eTA system is modelled on a system adopted by the United States with the establishment of the Electronic System for Travel Authorization (ESTA) in 2007, in conjunction with the Western Hemisphere Travel Initiative ().  In both the eTA and ESTA systems, the stated long-term goal is to enable eligibility screening on the basis of secure, verifiable identity documents in advance of individuals gaining entry.  From what our Office has been able to establish, the eTA initiative is designed to harmonize Canadian screening methodology with the U.S. to ensure that both countries employ a common approach to screening travellers.

According to the Government, the eTA initiative will allow CIC and Canada Border Services Agency (CBSA) to conduct eligibility screening on passengers prior to the passenger purchasing a ticket.  As we understand it, Canada and the U.S. continue to negotiate terms around information-sharing in this context.  Some of the data points collected include family name, date of birth, country of citizenship, country of birth, country of residence, gender, email addresses and telephone numbers and passport number.  There are also highly sensitive questions about exposure to communicable diseases, physical or mental disorders, substance abuse and criminal history.

Statutory Basis for the Program

The amendments in question state that “a foreign national must, before entering Canada, apply for an electronic travel authorization required by the regulations by means of an electronic system, unless the regulations provide that the application may be made by other means.  The application may be examined by the system or by an officer and, if the system or officer determines the foreign national is not inadmissible and meets the requirements of this Act, the authorization may be issued by the system or officer.”  All other details about the system are deferred to later stages of regulation-making.

Our understanding is that these proposed changes are being driven by the Canada-U.S. Perimeter Security and Economic Competitiveness Action Plan, and a commitment to harmonize screening methods set out under the existing U.S. model mentioned above, the ESTA.  Generally, this approach to screening is to use a traveller’s information well in advance to approve or deny boarding overseas. 

We do not expect a Privacy Impact Assessment (PIA) for some time as full implementation is not a firm commitment under the Action Plan until 2015-2016.  However, this PIA should be submitted to our Office well in advance of implementation of the eTA system, in keeping with the requirement of the Treasury Board Secretariat (TBS) Directive on Privacy Impact Assessment.     

Need for Greater Transparency and Scrutiny

One of my Office’s concerns about the eTA program is its lack of transparency and the degree to which the details of the program are deferred to regulation.  Fundamental questions about the eTA program such as which data elements are to be provided to CIC, how this information can be used, and how long it is retained are not set out in statute as we believe they should be.  To a large degree, these matters have been shaped behind closed doors, most notably through arrangements with the U.S. rather than through open and public debate.

Under the eTA program, the personal information of individuals coming to Canada – be it as tourists, to visit family, or for business – will be retained for up to 15 years.  We believe that the Government of Canada should be more transparent about how it uses personal information collected from individuals travelling to Canada; it should ensure that new proposals to expand the use of this personal information are carefully scrutinized and that existing programs are regularly assessed to determine if they are necessary and effective. 

There is also a lack of clarity about how the eTA program would interact with other existing or planned programs for the sharing of personal information for border and immigration control.  For example, from an oversight perspective, it would be important for members of the Committee to understand precisely how Canada’s newly expanded API/PNR program under CBSA, Public Safety Canada’s Passenger Protect Program or the recently launched Canada-U.S. Exit-Entry program would work with the eTA program.  The extent of information-sharing between federal agencies, and the purposes for which that information can be used, would also be important to understand. 

In our June 2011 submission to government during consultations on the Canada-U.S. Beyond the Border Declaration, we argued that ongoing transparency and openness are critical, that the highest legal standards should prevail, and that specialized privacy training programs should be considered for Canadian officials applying new screening measures.  These are relevant recommendations for the new eTA initiative.  Clear controls, limitations on use and robust oversight functions for the expanded Canada-U.S. information-sharing that is contemplated in the Perimeter Security Action Plan appear to be largely absent from current information available to Parliamentarians and the Canadian public.

Conclusions

In summary, in relation to the eTA program, our Office would like to reiterate the following recommendations.  First, that a PIA on the eTA program be conducted well in advance of implementation.  Second, as public transparency is a critical principle for such a broad-based program, we recommend that the specific data elements, uses and retention periods for the program be codified in statute.  Third, clarity is needed around the interaction of eTA with Canada’s other numerous existing traveller monitoring programs, the extent of information-sharing between them and the purposes to which the information will be used as all are critical elements for the proper exercise of Parliamentary oversight.  Fourth, and finally, CIC should implement proactive privacy training and policies for the proper controls on access and use of the new eTA system.

Thank you for the opportunity to provide our views.

Sincerely,

(Original signed by)

Jennifer Stoddart
Privacy Commissioner of Canada

cc: Julie Lalande Prud'homme, Clerk of the Committee (CIMM)

Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.

Note

Date modified: