Mr. Bill Siksay (Burnaby—Douglas, NDP):
Mr. Speaker, I am very pleased to have the opportunity to speak in the debate on Bill C-42, An Act to amend the Aeronautics Act or, the short title as suggested by the government, the strengthening aviation security act.
We know the government has been very creative in selecting short titles or nicknames for some of its legislation. This is one of the least creative it has come up with. There are probably some other possibilities that should have been considered, certainly from a New Democratic perspective. We might have called this the compromising Canadians' privacy act, or the caving in to
The bill would amend the Aeronautics Act to exempt airlines from the obligations set out in the Personal Information Protection and Electronic Documents Act, or PIPEDA, to allow information in the airlines' control about passengers to be shared with a foreign state.
Currently this information is only shared when a Canadian plane is scheduled to land in a foreign country. However, the bill would expand that to cover any Canadian plane that is due to fly over a foreign country. We are primarily talking about Canadian flights to the
It is also done in the context where we know that the
We know there have very serious problems. The situation that Mr. Arar found himself in was a horrible situation and it arose from this kind of transfer of passenger information to a foreign authority.
The bill does not currently cover flights of Canadian aircraft between Canadian destinations that fly over another country. When I fly back and forth from
By proposing to exempt Canadian airlines from the obligations they must currently meet under PIPEDA, the government is throwing out the key operative principles of PIPEDA, which were established to protect the privacy of Canadians, principles such as accountability, identifying purposes, consent, limiting collection, limiting use disclosure and retention, accuracy, safeguards, openness, individual access and challenging compliance. There are 10 principles and they are outlined in great detail in schedule 1 of PIPEDA.
For instance, the first principle is “Accountability” and is described as:
An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles.
It goes on to outline four subsidiary principles from that one on accountability, relating to how an organization handles the information under its control.
The second principle in schedule 1 of PIPEDA is “Identifying Purposes”, which is explained as
The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
Therefore, there is a requirement around clarity of what is around the sharing of that information.
The third principle in schedule 1 attached to PIPEDA is “Consent”. It says:
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
The fourth principle is “Limiting Collection” of information. It says:
The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
This one goes on to be elucidated with further sub-principles.
The fifth principle, “Limiting Use, Disclosure, and Retention”, is described as:
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.
There are some pretty particular requirements in PIPEDA around that principle.
“Accuracy” is the sixth principle. It says:
Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
Again, it is further elucidated in the schedule.
“Safeguards” is the seventh principle in PIPEDA. It says:
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
Therefore, organizations are required to safeguard and make appropriate arrangements for the protection of that information.
The eighth principle is “Openness”. It says:
An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
The ninth principle is “Individual Access”. It says:
Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
The tenth principle is “Challenging Compliance”. It says:
An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization's compliance.
PIPEDA has a very detailed outline of the kinds of principles that should be part of any process of sharing the personal information of Canadians by organizations in the private sector, which airlines are required to comply with currently. What this law seeks to do is grant an exemption to that schedule for airlines with regard to passenger information.
Instead of developing an agreement with the
PIPEDA outlines some important principles that should be considered and struggled with. It may well be that there is an appropriate compromise to be had in a case of national security, but we will not that out of the process that is elucidated in Bill C-42.
When we look at the current Aeronautics Act, there are a lot of places in the act where the minister has discretion in the name of national security. In that circumstance, where there is a combination of an override of the principles established in our law about the personal information and privacy of Canadians and it is combined with an override by the minister, which is hugely discretionary, there is a huge potential for problems and one that goes much too far, especially when we look at the record of the current government.
The government has shown on many occasions that it is always ready to compromise the rights of Canadians in the name of the fight against terrorism. It seems like we just have to say the “T” word and all kinds of other things are expected to fall away, things that we hold dear. Rather than a careful reasoned approach to coming up with policy around national security and safety sometimes, the government goes to an extreme. We have to look at the situation of the security certificate cases. A provision in the Canadian Immigration Act, which was intended to allow for expedited deportation of non-citizens and non-permanent residents, has been used in some cases for indefinite detention, not the purpose for which it was intended.
When we look at some of the specific cases that have been argued and taken to court, we can see that, even when the government extended and re-issued security certificates in the name of national security and the concerns it had about individuals' attachment or participation in terrorist organizations or terrorist activity, the government did not follow the process very appropriately. It did not review all of the information at hand. It did not make available all of the information that was available. In one particular case it did not update its files on the individual involved.
The concern for security allowed all kinds of other sloppiness to happen in that process. I think it was pretty damning of the former minister of public safety and his actions in regard to the re-issuance of security certificates in the court judgment to which I am referring.
There are problems with how the government has approached the use of information in the situations where it has determined it believes there is a question of national security. We have to make sure that all information is taken into consideration in those cases.
Another example might be the use of full-body scanning at Canadian airports, and more intrusive forms of full-body scanning are on the way. We know that backscatter technology, which has been developed and which is being implemented in some American airports, gives a sharper, more defined image than the very basic image the current technology that is in use here in
It is interesting to look at the example of
Again, it seems as if we jumped on a band wagon to appease our American neighbours and their concerns about safety and security. Why would we do this? That is a good question, why we continue to adopt the American agenda, why we do not take our own particular course and why we do not try to negotiate something different with the Americans.
I think there is a concern with regard to the transfer of data to Americans, that the Americans might prevent Canadian airlines from flying over the
I hope that is not the case. Certainly that idea has been floated. The reality is, as my colleague has pointed out, that there are far more U.S. flights flying over Canada to other destinations without stopping in Canada than Canadian flights flying over the United States to other destinations. In fact it is something like 2,000
So it is a bigger issue, in some sense, for Americans. What is the reciprocity? Are we demanding similar information from the Americans, or do we see any need to do that? Why would we ask for that personal information about American airline passengers? I think that is the real question. If it is something we do not see the need for, why are we kowtowing to the Americans' demand for it?
The European Commission is also looking at this issue, and last month it released proposals for negotiating an agreement with the Americans and other countries regarding the limits on the transfer of passenger name record data, which is the basic information that we are talking about here. It is the information that airlines collect about us when we fly.
We have to wonder why it would be necessary for airlines to share, for instance, what kind of meal we ordered on the plane, and if we are ordering a special meal of some kind, how this is appropriate or is any kind of information that is necessary to national security or a national security arrangement.
As I mentioned, last month the European Commission outlined some principles that any PNR, passenger name record, agreement should observe.
I want to go over them so we can see what the Europeans are demanding in their agreement with the
They are pointing out that decisions having adverse effects on passengers must never be based on an automated processing of passenger name record data. A human being must be involved before a passenger is denied boarding. This is their attempt to avoid racial and religious profiling of passengers.
I think that is a very crucial one, that this just cannot be some computer generated process but that actual real people must be involved when there is a negative decision involved.
The Europeans are also seeking to have in the agreement that third countries must ensure a high level of data security and an effective independent oversight of the authorities that use PNR data. They are also saying that PNR data cannot be stored longer than necessary to fight terrorism and third countries should limit who has access to the data gradually during the period of retention.
They are also saying that PNR data may be shared by the third country with other countries, in a process called onward transfer, only if those countries respect the standards laid down in the PNR agreement between the European Union and the third country and only on a case-by-case basis.
I think this is a really crucial aspect of this. What happens with the information about Canadians that is provided to, say, the
The second principle that the Europeans are using in terms of negotiating these agreements is the modalities of transfer of the PNR data, which aim to provide legal certainty to air carriers and keep costs at an acceptable level. We have to worry about what costs are involved for airlines.
They are also talking about standards on monitoring the correct implementation of the PNR agreement. And reciprocity is another principle, which I have already mentioned.
We can see that the Europeans are making some very clear demands. Yet here in
I think there are very serious problems.
I think we compromise the principles of PIPEDA at our peril. That is what this legislation seeks to do.
Mr. Jack Harris (St. John's East, NDP):
Mr. Speaker, I listened very carefully to my colleague from Burnaby—Douglas on this issue, and it amazes me to discover, from his speech and from what else we have learned about the bill, that the government intends to enter into an agreement on the use and transfer of data without Canadians having any idea where this information is going to go.
If we happen to go on a holiday to Mexico and are flying over the United States, with no intention of even being in the United States, information about us is going to be made available to the American authorities and there apparently are no guarantees from anyone as to where this information will ultimately go, how long it will be kept or to whom it will be given.
This runs counter to the principles contained in not only our own privacy legislation but, as other countries have determined, the same thing goes for the
This seems to be required by elementary requirements of privacy. Whether the entire PIPEDA applies is another question, but to just exclude it and say that there is nothing in its place seems to me to be ignoring the privacy rights of Canadians in a very reckless way.
I wonder whether the member has gotten any assurances from the government that that is not going to be the case.
Mr. Bill Siksay:
Mr. Speaker, I do think it is a really serious issue that there is too broad an exemption in this bill from the provisions and principles of PIPEDA, and when we combine that with the fact that in the Aeronautics Act there is broad discretion for the minister of transport, it is a very problematic combination that will lead to a situation where Canadians really do not know what is happening with our information.
We remember the situations that cropped up when the no-fly list was implemented and the number of people who were delayed at airports or subject to questioning, who missed their flights, who were detained for hours when they were trying to travel and the problems they had clarifying the information, correcting information, and whether they ever really knew if that was done, why that was done or who to approach about it. There were all kinds of problems that arose with the implementation of the passenger protect program.
We should learn something from the implementation of the no-fly list or the specified persons list. There were real problems that came up there, and there will be real problems that come from this proposal to share more personal information of Canadians with countries such as the
Mr. Jim Maloway (Elmwood—Transcona, NDP): Mr. Speaker, I would really like to hear from somebody as to how this bill is actually going to increase passenger safety with these measures. The fact of the matter is that the bad guys should not be on the plane in the first place, based on the no-fly list and all the security we have in place at the airport.
I am much more concerned about the trusted shippers program, the 1,000 or so companies that are part of the trusted shippers program, because in fact mail, parcels and other packages are routinely put on planes every day. Right below where we are sitting on that plane are all kinds of mail, none of which has been scanned. If we want to look for a real security problem, that is a big area that has to be looked at both in
Here we are running around, trying to appease the Americans with information on people on 100 flights to the
We have no problem doing things that make sense and that make people safer, but where is the proof that this is going to happen in this case?
Mr. Bill Siksay:
Mr. Speaker, I do not know where the proof is. I certainly have not heard it in the debate so far on this legislation and I certainly have not heard it from the government.
The member is quite right to point out that we would probably have already intercepted the bad guys before we shared the information with the
He is right to raise the shipping concerns, because that may very well be the weak spot in our security system.
The member talked about reciprocity, whether we should be getting the information about the thousands of
That might be the way to draw attention to this issue. That might be the way to get American citizens who are concerned about their privacy and the integrity of their own personal information interested in this issue. However, I am not sure that it is the kind of principle on which we would want to base this kind of legislation.