Canada proposes to follow USA lead on surveillance of travellers

The re-opening of talks between the USA and Canada on transfers of airline reservations (PNRs), and their use by government, also re-opens a long-running debate on this question within Canada.

I’m neither a lawyer nor an expert on Canadian Parliamentary procedure , but for those who are just now beginnning to follow this sotry, here’s my understanding of the state of Canadian travel data privacy law legislation.

Since 1 January 2004, airline reservation data subject to Canadian jurisdiction has been protected by the Personal Information Protection and Electronic Documents Act , which generally restricts its use to the purpose(s) for which it was collected, except with the knowldge and consent of the person(s) to whom the data pertains, guarantees the right of access to information about oneself, and requires any recipient of personal information (whether in the private sector or the government) to agree to the same conditions.

The Canadian Personal Information Protection Act provides the best available model for what a consumer privacy law in the USA ought to, and could, look like. It accords with the emerging international norms of privacy as a human right, and (unlike the USA) satisfies the European Union standard of “adequacy” of data protection, thus permitting airline data to be sent freely (within the conditions set by the law) back and forth between Canada and the EU. So far, so good.

After 11 September 2001, the USA began insisting on access to reservation data for passengers on flights from Canada (and everywhere else in the world) to the USA.

To accommodate these demands — the same ones that have led to the current impasse with the EU — Bill C-44 was enacted 18 December 2001, making an exception from the Personal Information Protection and Electronic Documents Act to allow Canadian airlines to provide foreign governments with “any information … relating to persons on board or expected to be on board the aircraft and that is required by the laws of the foreign state.”

Bill C-44 created an exception only for transfers of data by Canadian airlines, not travel agents or tour operators. So travel agents’ transfers of customer data to USA-based airlines and CRS’s are still in violation of the Personal Information Protection Act . And the information actually being provided by Canadian airlines to the USA government isn’t limited, as Bill C-44 would require it to be, either to persons on board or expected to be on board, or to the information required by USA law. All this, yet USA Secretary of Homeland Security Tom Ridge still “claims”: that, “The Bush administration will respect Canadian sovereignty and privacy laws” even while including Canadians in CAPPS-II .

That’s why, “It’s very important for us to get C-17, which provides us with the legal authority to go further,” Deputy Prime Mininter and Minister of Public Safety and Emergency Preparedness Anne McLellan told Canada Press after her meetings last week with the USA Department of Homeland Security — all but admitting that current travel data practices violate current Canadian law.

What’s this “C-17” she’s talking about? Bill C-17, the Public Safety Act, 2002 is a much more sweeping “security” bill that has provoked controversy since an earlier version was proposed in 2001.

Bill-17 is intended to faciliate implementation of a Canadian counterpart of the CAPPS-II scheme in the USA . “Last spring, the federal government agreed to put strict checks on the use of passenger information in the wake of widespread complaints about Bill C-17…. The bill was passed by the Commons, but not by the Senate before Parliament was prorogued in November.”

Bill C-17 itself contains a schedule of information believed to be included in passenger name records, and subject to being given to USA or other foreign governments. The Canadian government’s official FAQ on Bill C-17 is more apology than explanation, but there’s a useful analysis by the Parliamentary Research Branch of the Library of Parliament of the legislative history of Bill C-17, as last revised 8 May 2003. The description of the debate on the information-sharing provisions highlights the unresolved difference of interpretation as to whether Bill C-17 would provide for access to passenger information only on specific request, or as a “continuous electronic data feed from the airlines regarding all passengers for all flights”.

That analysis also highlights the crucial role played by the then Privacy Commisisoner of Canada in exposing the real intentions of Bill C-17’s backers. For his successor, renewed consideration of Bill C-17 will be one of the first major tests.