Digital Identification of the Passenger and Issues of Privacy

Abeyratne, Ruwantissa

doi:10.1007/978-3-030-48218-3_11

Ruwantissa Abeyratne²

528 Accesses

Abstract

One of the most important legal issues that emerge from the digital age and its impact on air transport is the digitalization of passenger information and the attendant rights of the passenger, particularly in view of the legal interpretations that have arisen. Before getting into legalities and judicial pronouncements and interpretations on the law of privacy it would be appropriate to discuss the regulatory regime in aviation that acts as the genesis of digitalization of passenger information. The seminal document in this regard is Annex 9 (Facilitation) to the Chicago Convention which has been discussed earlier in the context of security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

eBook: USD 16.99; Price excludes VAT (USA)

Softcover Book: USD 16.99; Price excludes VAT (USA)

Hardcover Book: USD 129.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
Supra, Chap. 6, note 23; Chap. 8, note 5.
2.
Proposal to Add a PKD Standard to Annex 9—Facilitation, FALP/11-WP/5 at 3.
3.
Standard 3.46.1.
4.
https://store.icao.int/products/guidelines-on-passenger-name-record-pnr-data-doc-9944.
5.
A Passenger Name Record (PNR), in the air transport industry, is the generic name given to records created by aircraft operators or their authorized agents for each journey booked by or on behalf of any passenger. The data are used by operators for their own commercial and operational purposes in providing air transportation services. Industry standards related to PNR creation are detailed in IATA’s Passenger Services Conference Resolutions Manual and in the ATA/IATA Reservations Interline Message Procedures—Passenger (AIRIMP). See ICAO Guidelines on Passenger Name Record Data, Doc 9944: 2010 at 2.1.1.
6.
ICAO’s Doc 9944 Section 2.4 Laws or Regulations.
7.
Ibid.
8.
Article 17 of the General Data Protection Regulation (GDPR) of the EU states inter alia that the data subject must have the right to obtain from the controller (of the data) the erasure of personal data concerning him or her without undue delay and the controller must have the obligation to erase personal data without undue delay if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or the data subject withdraws consent on which the processing is based; the personal data have been unlawfully processed; or the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
9.
NT1 and NT2 v Google Inc [2018] 3 WLR 1165. This was the first data privacy case adjudicated in the United Kingdom concerning a search engine provider. Two businessmen sued Google for publishing material about their past which they alleged came under the “right to be forgotten” principle. Google claimed journalistic exemption of the rule. Notwithstanding the fact that the Court agreed with Google’s submissions that the concept of journalism under EU law is broad, he drew a distinction between journalism and communication he Court that Google’s activities as an ISE operator could not be equated with journalism and therefore Google could not benefit from the exemption at s32 Data Protection Act 1998 (DPA) pertaining to journalism, literature and art.
10.
Article 12 states that no one must be subjected to arbitrary interference with their privacy, family, home or correspondence, nor to attacks upon their honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
11.
Article 17 is on freedom from arbitrary or unlawful interference.
12.
See Resolution adopted by the General Assembly on 18 December 2013 [on the report of the Third Committee (A/68/456/Add.2)], Distr.: General 21 January 2014. https://undocs.org/A/RES/68/167.
13.
A/HRC/RES/3, Human Rights Council Thirty-fourth session 27 February–24 March 2017 Agenda item 3 at https://documents-dds-ny.un.org/doc/UNDOC/GEN/G17/086/31/PDF/G1708631.pdf?OpenElement.
14.
A/HRC/39/29, Human Rights Council Thirty-ninth session Agenda items 2 and 3 Annual report of the United Nations High Commissioner for Human Rights and reports of the Office of the High Commissioner and the Secretary-General. https://www.intgovforum.org/multilingual/sites/default/files/a_hrc_39_29_-_privacy_in_the_digital_age.pdf.
15.
Guide For Assessing Security of Handling And Issuance of Travel Documents, Version 3.4, January 2010 at 21.
16.
Supra, note 5.
17.
Doc. 9944 Id. at 2.1.9. and 2.1.10.
18.
2.14.4 states that redress mechanisms should be set up to enable passengers to obtain adequate remedy for the unlawful processing of their PNR data by public authorities.
19.
Doc 9944 at 2.14.1.
20.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). 95/46/EC on the protection of individuals with regard to the processing of personal data (PII (US)) and on the free movement of such data) was a European Union directive adopted in 1995 which regulated the processing of personal data within the European Union (EU). It is an important component of EU privacy and human rights law.
21.
[Chapter 311 of the 63rd Congress, 38 Stat. 717, September 26, 1914] [As Amended Through Public Law 111–203, Enacted July 21, 2010].
22.
SEC. 5. [15 U.S.C. 45] (a)(1) & (2).
23.
Supra, Chap. 10, note 23, discussed under cyber security above.
24.
460 U. S., at 281.
25.
Id, at p.11.
26.
[2018] EWCA Civ 2329.
27.
[2019] EWCA Civ 1599.
28.
https://justice.org.uk/wp-content/uploads/2019/11/Lloyd-v-Google-LLC-Edited-final.pdf.
29.
Section 13 states inter alia that the controller’s obligations under Article 15(1) to (3) of the GDPR (confirmation of processing, access to data and safeguards for third country transfers) are taken to apply only to personal data relating to the data subject’s financial standing, unless the data subject has indicated a contrary intention. Where the controller discloses personal data in pursuance of Article 15(1) to (3) of the GDPR, the disclosure must be accompanied by a statement informing the data subject of the data subject’s rights under section 159 of the Consumer Credit Act 1974 (correction of wrong information).
30.
Section 4(4) states that where the processing by automatic means of the data of which the individual is the data subject has constituted or is likely to constitute the sole basis for any decision significantly affecting him or her, be informed free of charge by the data controller of the logic involved in the process in, as soon as may be and in any event not more than 40 days after compliance by the individual with the provisions of this section and, where any of the information is expressed in terms that are not intelligible to the average person without explanation, the information must be accompanied by an explanation of those terms.

Author information

Authors and Affiliations

Aviation Strategies International, Montréal, QC, Canada
Ruwantissa Abeyratne

Authors

Ruwantissa Abeyratne
View author publications
You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Abeyratne, R. (2020). Digital Identification of the Passenger and Issues of Privacy. In: Aviation in the Digital Age. Springer, Cham. https://doi.org/10.1007/978-3-030-48218-3_11

Download citation

DOI: https://doi.org/10.1007/978-3-030-48218-3_11
Published: 26 June 2020
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-48217-6
Online ISBN: 978-3-030-48218-3
eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics