My Internet friend Edward Hasbrouck – you may know him from his columns about The Amazing Race or from his book The Practical Nomad – sent me a link to Canadian privacy office questions US surveillance of Canadian travelers which details the implications for Canadians of U.S. policy regarding air travel passenger records, the heart of which is this:
Asst. Comm. Bernier’s statement was limited to flights to, from, or overflying the USA. We suspect that her office is unaware that the DHS already has ways to get access — without the knowledge or consent of anyone in Canada, including airlines and travel agencies — to information about passengers and reservations for flights within Canada and between Canada and other countries, regardless of whether they pass though US airspace.
Just like airlines, travel agencies, and websites in Europe, those in Canada routinely outsource the hosting of their reservation (PNR) databases to third-party Computerized Reservation Systems (CRSs), most of which are in the USA. When you make an airline reservation with a Canadian travel agency, even for a domestic flight within Canada, the first thing that generally happens is that a PNR is created in the database of a CRS in the USA.
What this means is that if you fly from Charlottetown to Halifax, your PNR – passenger name record – may be stored in a computer system under U.S. jurisdiction, placing it beyond the reach of Canadian privacy legislation.
The story finishes with a suggestion:
We encourage Canadian travelers to request a full accounting of what has happened to their airline reservations from Canadian travel agencies (we’ll be happy to help interpret the responses), and to complain to the Office of the Privacy Commissioner if they don’t get the answers to which they are entitled or if the responses show that their data was sent to the USA without their knowledge or consent or without complying with PIPEDA.
If you take them up on the suggestion, please let me know what you learn.