Privacy implications of clauses in Bill C-45, The Jobs and Growth Act 2012, pertaining to advance passenger information and passenger name records (API/PNR)
Submission to the House of Commons Committee on Public Safety and National Security (SECU)
November 7, 2012
Mr. Kevin Sorenson, MP
Chair of the Standing Committee on Public Safety
and National Security
131 Queen Street – 6th floor
House of Commons
Ottawa, Ontario K1A 0A6
Dear Mr. Sorenson,
Thank you for the opportunity to make a written submission to the Public Safety and National Security Committee on Division 12 of Bill C-45, The Jobs and Growth Act 2012. My Office has a longstanding interest in the program affected by Division 12, and I welcome the opportunity to provide you and the Committee with our views.
Division 12 of Bill C-45 amends the Customs Act with respect to the requirement that operators of transportation “conveyances” provide “prescribed information” to the Canada Border Services Agency (CBSA).
The two amendments in Division 12 – a new subsection 12.1(1) and a small change to subsection 107.1 (1) – appear to be very minor but they relate to a program that involves the collection, use and disclosure of large amounts of potentially sensitive personal information about passengers arriving in Canada.
The API/PNR Program
This program involves two distinct but related types of information. Advanced Passenger Information (API) consists of the “biographical” information found in a passport or travel document. Passenger Name Record (PNR) information consists of data typically found in a reservation system: information about the flight or trip in question such as itinerary information, the manner in which the ticket was paid for, the number of bags checked, seat information and various dates (when the ticket was issued, date of travel, date when PNR was created).
API is essentially static; PNR information changes from trip to trip. PNR information is potentially much more revealing because it provides information about travelling companions, who purchased the ticket, and it can include special meal requests and other information from which religion, ethnicity or health status can be inferred. PNR is used by border officials specifically because it can be used to create profiles and draw inferences. Ultimately, exchange of this sensitive API/PNR information is negotiated at the bi-lateral or multi-national state level, between countries.
Amendments to the Program
The amendments in question state that, in addition to providing information about persons “on board a conveyance,” carriers will be required to provide information about persons “expected to be on board” a conveyance.
This would appear to be designed to require carriers to provide information to the CBSA even earlier than is currently the case, and include information about individuals who cancel their travel at the last minute.
Our understanding is that these proposed changes are being driven by the Canada-US Perimeter Security and Economic Competitiveness Action Plan, and possibly by the ongoing negotiations between Canada and the European Commission on a new PNR Agreement. Generally, the new approach to screening decisions is to use advance passenger information to approve or deny boarding overseas.
Concerns with the Program
One of my Office’s consistent concerns about the API/PNR Program is the lack of transparency and the degree to which the details of the Program are contained in Regulation and are negotiated secretly with other countries.
Fundamental questions about the API/PNR Program such as the data elements that are provided to CBSA, how this information can be used, and how long it is retained is not set out in statute. To a large degree, these matters have been shaped by secret negotiations with other jurisdictions, most notably with the European Union rather than through open and public debate.
A new PNR Agreement is currently being negotiated with the European Commission. Based on the Agreement between the EU and US that was approved earlier this year, we are concerned that, under a new Agreement, the amount of information provided to CBSA will increase, it will be used for more purposes, and it will be retained longer.
There is also a lack of transparency about how the API/PNR Program interacts with other air security programs, most notably the Passenger Protect (no fly) Program.
Our office is not alone in raising concerns about the growing use of passenger information by states. In an Opinion issued before the EU-US Agreement was approved, Peter Hustinx, the European Data Protection Supervisor, criticized the draft agreement on the grounds that the retention period was "clearly disproportionate" and he recommended that the use of the data should be limited to combating terrorism or a well-defined list of serious international crimes. .../3
In 2007, at an international conference hosted by the Office of the Privacy Commissioner of Canada, a resolution was adopted by the assembled data protection and privacy commissioners on the use of passenger information. The resolution contained several recommendations that are still relevant today. The resolution called on governments to ensure that all proposals to use passenger data are:
- demonstrably necessary to address a specific problem;
- demonstrably likely to address the problem;
- proportionate to the security benefit;
- demonstrably less privacy invasive than alternative options; and
- regularly reviewed to ensure the measures are still proportionate.
I believe that this is still sound advice today.
Conclusion
The fundamental change in the program which these provisions allow for is the collection of API/PNR data well in advance of an individual’s actual travel. In addition, the various security information sharing agreements that Canada now has in place means that this information will not simply be for our own government's use.
We believe that the Government should be more transparent about how it uses passenger information; it should ensure that new proposals to expand the use of this information are carefully scrutinized and that existing programs are regularly assessed to determine if they are effective.
Thank you for the opportunity to provide our views.
Sincerely,
(Original signed by)
Jennifer Stoddart
Privacy Commissioner of Canada
cc: Andrew Bartholomew Chaplin, Clerk of the Committee (SECU)
- Date modified: