Privacy International complaint poised to shut down Heathrow passenger fingerprinting
Privacy International's recent complaint to the UK Information Commissioner has threatened to bring to a halt an imminent plan to fingerprint all domestic and international passengers departing from Heathrow's Terminal 1 and Terminal 5, due to begin on March 27th. The British media is reporting that in response to PI's complaint, the Information Commissioner has advised that passengers should only accept fingerprinting "under protest" until our complaint is resolved.
The prospect of a complete shutdown of two Heathrow terminals has emerged since Privacy International's complaint about passenger fingerprinting. The complaint, lodged with the UK Information Commissioner on March 9th 2008, argues that the scheme breaches the fundamental tests of necessity and proportionality under the UK Data Protection Act.
The complaint states: "We believe the BAA solution is disproportionately intrusive. Even if it were to be established that passenger switching (if indeed such a problem exists) was a terrorist threat (rather than merely a breach of airline terms and conditions on transferability) then the photo option would be less invasive and would involve fewer intrusive procedures and less personal data."
The complaint alleged that the design of Terminal 5 was intentionally created to ensure that passengers, both domestic and international, were exposed to retail outlets to the maximum possible extent. It noted: "We are troubled by BAA's justification that the new procedure will ensure that "all our passengers will enjoy the same great facilities and wide choice of shops and restaurants". To diminish privacy rights in order to achieve greater sales revenue is a disquieting development in the evolution of thinking with regard to data protection.
Privacy International alleges that there is no basis in UK law for the establishment of mandatory fingerprinting, and that the claims made by the British Airports Authority (BAA) were based in fantasy or deception. "BAA's claim that these measures are "required by government" appears to be of dubious substance. There certainly appears to be no legislative requirement for fingerprinting in these circumstances, and so we assume that the scheme is based on an informal arrangement with government. Indeed a spokesman for BAA is quoted in the Evening Standard (March 11th) saying: "the fingerprinting scheme was introduced in cooperation with the Home Office".
The Information Commissioner's Office has confirmed to Privacy International (see below) that it has never been approached by the Government, British Airways, BAA or any other party about this scheme.
This PI claim received further weight when the British newspaper, the Mail on Sunday, reported that the Home Office denied that it had set any requirement for passenger fingerprinting.
If the Information Commissioner is not satisfied that the fingerprinting scheme is justified he has the authority to present a cessation order, breach of which would be a criminal offence. If BAA is found in breach of UK law its contractual terms could then be in jeopardy.
See below for the complaint and the response from the Information Commissioner's Office.
March 9 2008
Mr Richard Thomas
The Office of the Information Commissioner,
Wilmslow, Cheshire SK9 5AF
Dear Mr. Thomas,
Complaint: fingerprinting requirement at Heathrow
I am writing with regard to the British Airports Authority's intention to introduce compulsory fingerprinting of travellers at Heathrow Terminal Five.
On the face of the circumstances that we have assessed, it appears to us that the practice will substantially violate UK Data Protection law, and we request that your office institutes an investigation without delay. We also ask that you intervene on behalf of European nationals to seek the immediate suspension of the proposal pending the outcome of this investigation. A Freedom of Information Act request is also contained in this document.
We are fully aware of the security justification advanced by BAA in defence of this technology. We are also aware that there exists a general acceptance that airport security must be instituted. However there are a number of troubling questions of law and practice that Privacy International believes must be clarified before such a programme can even be considered. Until these questions have been satisfactorily answered, we believe the BAA scheme presents a number of substantial dangers for customers.
Privacy International believes that the acquisition of fingerprint data carries with it significant implications for privacy and security, and any such arrangement must be accompanied by stringent protections and in accordance with the dual tests of necessity and proportionality. It is for this reason that we have taken the decision to lodge this complaint.
Freedom of Information Act request. We wish to request under the Freedom of Information Act, copies of all correspondence between the Office of the Information Commissioner and BAA, British Airways and all third parties relating to Heathrow Terminal 5 security and the Terminal 5 fingerprinting scheme, as well as all documents relating to meetings between the Office of the Information Commissioner and those parties including, but not limited to minutes, memoranda, emails, diary entries, meeting summaries and meeting reports.
We also request copies of any reports that have been received by the Office of the Information Commissioner on that subject from those parties or from elsewhere. We also request copies of any legal advice commissioned by or received by the Office of the Information Commissioner on DPA compliance of passenger fingerprinting.
Background to the fingerprinting scheme
Heathrow's Terminal 5, a project of the British Airports Authority (BAA), is due to begin business on 27th March 2008.
BA's website says the following about the new fingerprinting requirements for Terminal 5:
"If you're departing on a domestic flight, or transferring from an international to a domestic flight, you'll be asked to provide fingerprints and have your photograph taken before you pass through Immigration.
"We're transforming Heathrow to make big improvements for all our passengers. As part of this programme, domestic passengers will in future use the same departure lounges as international passengers. That means all our passengers will enjoy the same great facilities and wide choice of shops and restaurants.
"As a result of this move, we are required by the Government to introduce extra security measures to help safeguard the UK's borders. Otherwise, it might be possible for an international connecting passenger to exchange travel documents with a domestic passenger and bypass border controls.
"These security measures are a Government requirement. Passengers who refuse to provide their data, or to validate it prior to boarding, will be denied entry and will not be able to board their flight."
Substance of the complaint
This complaint does not address issues of data security, longevity or purpose limitation. However it does call into question whether the Terminal 5 scheme is either necessary or proportionate.
1) Lack of necessity
Privacy International believes the Heathrow fingerprinting scheme breaches the fundamental test of Necessity for compliance with Data Protection. We are not aware of any published evidence indicating that passenger switching has become a significant security issue, nor are we aware of any evidence that it could be in the future.
BAA's claim that these measures are "required by government" appears to be of dubious substance. There certainly appears to be no legislative requirement for fingerprinting in these circumstances, and so we assume that the scheme is based on an informal arrangement with government. Indeed a spokesman for BAA is quoted in the Evening Standard (March 11th) saying: "the fingerprinting scheme was introduced in cooperation with the Home Office".
2) Lack of proportionality
Heathrow Terminal 5 is not a unique environment. Other terminals in the UK and internationally have areas that contain both international and domestic passengers. However none has introduced such an intrusive system as that planned by BAA. The Gatwick solution involves taking a photograph at check-in that can subsequently be scrutinised at the boarding point.
We believe the BAA solution is disproportionately intrusive. Even if it were to be established that passenger switching (if indeed such a problem exists) was a terrorist threat (rather than merely a breach of airline terms and conditions on transferability) then the photo option would be less invasive and would involve fewer intrusive procedures and less personal data.
We are troubled by BAA's justification that the new procedure will ensure that "all our passengers will enjoy the same great facilities and wide choice of shops and restaurants". To diminish privacy rights in order to achieve greater sales revenue is a disquieting development in the evolution of thinking with regard to data protection. We would have hoped that the planning of Terminal 5 and its associated security procedures would have taken account of compliance with law. We would be interested to learn whether a Privacy Impact Assessment was conducted or whether due diligence was instituted with regard to the DPA.
We do not believe this scheme will be in any way voluntary or opt-in. Most passengers will have little or no choice over which terminal they use, and even where such an alternative exists it may be costly. We do not believe in these circumstances that passengers should be compelled to undergo fingerprinting.
We refer you to the advice provided by your office on the subject of fingerprinting of children in schools (23rd July 2007):
In view of the sensitivity of taking children's fingerprints, schools should respect the wishes of parents and pupils who object to their (or their children's) fingerprints being taken in school.
We see no reason why this "sensitivity" should not extend to the adult population, particularly where some people feel vulnerable or anxious about the procedure, or where strong convictions are held about such procedures.
Additionally, with regard to the question of opt-out and school fingerprinting, your website advises that alternatives should be offered "where a card can work just as well as a fingerprint, so that those who wish to "opt out" can be given another means of accessing the same services".
We would argue that the same principle should apply to the Heathrow scheme, so that individuals can choose to produce a passport, be photographed or be subjected to fingerprinting.
It is, in our view, not acceptable for BAA to institute an intrusive system merely because of a "state of heightened alert" over airport security, particularly where no evidence is offered to justify fingerprinting. Nor in our view is it acceptable to advance architectural determinism or poor planning as a justification for the necessity for intrusive practices. The decisions that are made with regard to Terminal 5 will resonate across the travel industry, and so it is crucial to ensure that the justification, the legal compliance and the procedures are positioned properly in these early days. Vague claims of government requirements are not appropriate under these circumstances.
Nor, in our view, is it acceptable to define necessity and proportionality in a minimal or casual manner when the environment in question offers so much scope for the development of privacy friendly alternatives to fingerprinting.
We hope you are able to resolve these matters swiftly to ensure that airline passengers enjoy the benefits of strong security as well as protection of their privacy and personal information.
Response from the Information Commissioner's Office
From: Jonathan Bamford
Date: Thu, 20 Mar 2008 17:54:20 -0000
Cc: Internal Compliance Team
Subject: FOI request dated 9/3/08 -FOI/862
20 March 2008
Re: Your Request for Information of 9/03/08 (our reference FOI/862)
Further to the above request, we must inform you that the Information Commissioner does not hold any of the recorded information you are seeking. We have had no previous contact with BAA on the issue of passenger fingerprinting, taken legal advice or had any other dealings with others on this subject
However, although we have no recorded information on this subject we can inform you that we have now contacted BAA about this issue and once we have the necessary information from them will be contacting you further in response to the request for assessment of compliance with the Data Protection Act 1998 contained in your letter of the 9th March 2008. We are treating this as a high priority and hope to respond to you further in the near future.
If you are dissatisfied with the response you have received and wish to request a review of our decision or make a complaint about how your request has been handled you should write to the Information Request Team at the address below or e-mail Informationrequestteam@ico.gsi.gov.uk.
If having exhausted the review process you are not content that your request or review has been dealt with correctly, you have a further right of appeal to this office in our capacity as the statutory complaint handler under the legislation. To make such an application, please write to the Senior Complaints Resolution Manager, Complaints Resolution Team at the address below or e-mail firstname.lastname@example.org.
A copy of our review procedure is enclosed/attached along with details of our enforcement powers and your rights of appeal.