Australia’s Federal Privacy Commissioner is investigating the US Customs and Border Protection Agency's online access to data of passengers on Australian airlines.
Commissioner Malcolm Crompton is yet to make a ruling on the data transfers but views it as "sufficiently serious to warrant investigation".
The investigation follows similar moves overseas after the US data transfers by European airlines outraged European Union privacy advocates.
Crompton said it is not clear how much personal information flows from Australian airlines to US authorities or the level of privacy protection it receives.
This includes clarification on the level of privacy protection used for sensitive information provided by the Department of Immigration.
He said it was a complex issue and will make a ruling "once I have all the facts".
"It is important to protect the safety and privacy of people who are flying, as well as the community generally. This means striking a balance regarding information flows about airline passengers and the uses of that information. However, we also need to be careful of function creep; that personal information is used for the purposes for which it was collected and that new uses do not develop without careful consideration and broad consultation," Crompton said.
According to Unisys’ spokesperson, Tony Roulston, the company’s Advanced Passenger Information System database transfers passenger data to the authorities at an aircraft’s destination but he argues that forwarding the passenger manifest is nothing new.
“What has been happening, and it is just a natural part of air travel, is that as passengers are being boarded onto a plane, you create a passenger manifest,” Roulston said. “That manifest is used for a variety of purposes, not least is that the right people are boarding the plane, they are holding a boarding pass and that they are ticketed.
“Traditionally, prior to the aircraft landing at the point of destination, that manifest was sent through to the receiving border organisation such as Customs, to ensure that it is able to check off customers who are disembarking on the aircraft. As far as the data is concerned, my understanding is that it is nothing more than the passenger’s name and their passport number. From a privacy point of view, it is no more information than a person would have to present at the point of entry.”
A coalition of EU privacy groups is campaigning against an agreement in March with the US Customs and Border Protection Agency. Under the agreement, the EU agreed to provide the agency with online access to data from all Europe-based carriers that fly to, from or through the US.
“There are no safeguards or restrictions on these data transfers,” said Maurice Wessling, president of the European Digital Rights (EDRI) privacy coalition which represents 10 privacy and civil rights groups from seven EU countries.”