goTravel: A Human Rights - Centred Approach
In 2018, Under-Secretary-General Vladimir Voronkov of United Nations Office of Counter-Terrorism (UNOCT) highlighted the importance of human rights in global counter-terrorism efforts, noting specifically that “respect for human rights is a critical component of the [United Nations] Global Counter-Terrorism Strategy”.
Since the launch of the United Nations Countering Terrorist Travel Programme (CT Travel) in May 2019, the Programme has emphasized the importance of complying with international obligations and efforts to ensure that national systems for the collection, processing, use and protection of passenger data are established in line with International Civil Aviation Organization (ICAO) standards and recommended practices (SARPs) .
Today, CT Travel is working closely with more than 85 Member States worldwide as part of a growing global partnership. As the scope of the Programme’s support has expanded, so too have its efforts to further reinforce human rights considerations throughout the different phases of its methodology.
The examples below highlight efforts made under this global, flagship initiative to integrate human rights considerations into the Programme’s goTravel software solution in view of supporting beneficiary Member States with implementing actions in line with human rights, including privacy and data protection considerations, and integrating these core values into national counter-terrorism efforts.
How does goTravel integrate purpose limitation safeguards and data retention periods?
goTravel is configured for use in line with the purposes specified by the Member State’s national laws and regulations. CT Travel provides guidance to ensure that these are in accordance with ICAO SARPs and United Nations General Assembly and Security Council resolutions. The system requires that every action taken is justified according to the defined purposes, and that these actions can be audited and assessed by the PIU DPO and the national oversight authority, with guidance provided by the UN.
The goTravel International User Community (IUC) has further reinforced these safeguards; Member States define respective business requirements to ensure closer alignment with the European Union (EU) PNR Directive and recent European Court of Justice (ECJ) rulings. CT Travel has worked with beneficiaries to ensure that the system complied with both national legislation and EU regulations on data retention periods, depersonalization, masking, and other configurations to the data privacy settings in the system.
For example, the CT Travel Programme provides guidance to Member States on how to incorporate data processing-related provisions into the national legislative framework, including establisheddata retention periods. The CT Travel-deployed goTravel software solution is adapted to the national framework and data is automatically deleted once the Member State’s pre-established retention period expires.
United Nations’ Software
The United Nations’ goTravel Solution: Enhancing security in line with General Assembly and Security Council Resolutions and International Human Rights Law.
goTravel supports the end-to-end process for Passenger Information Units (PIU) to obtain passenger data from air carriers, conduct targeted analysis, as well as provide findings of the data assessment.
CT Travel prioritizes privacy and data protection in the deployment of goTravel in alignment with the United Nations Secretary-General's Guidance on Human Rights Due Diligence for Digital Technology.
More information on the goTravel software solution is available here.
Pre-implementation
CT Travel conducts a detailed assessment of the Member State’s Advance Passenger Information (API) and Passenger Name Record (PNR) capacities via completion of a detailed questionnaire, followed by an in-depth consultation process which entails an analysis of the Member State’s institutional context, legal framework and data privacy provisions. As a result of the consultation, CT Travel prepares a roadmap with recommendations on the next steps, including human rights safeguards and mitigation measures. The Pre-implementation Phase concludes with the signing of an agreement to implement the roadmap, which requires Member State “to ensure that the implementation [...] and operation of the UN Countering Terrorist Travel Programme will comply with relevant rules of international law, in particular international human rights, refugee, and international humanitarian law, as well as applicable data protection safeguards.” Following this agreement, phased implementation can begin with the provision of technical assistance.
Phase 1:
Conception prioritises the drafting of the legal framework and initiates the establishment of the Passenger Information Unit (PIU) structure, including its governance, role, and terms of reference. During this phase, support on engagement and connectivity with the transport industry also begins. Once a draft legal framework and draft PIU terms of reference are prepared, Phase 2: Set-Up starts.
Phase 2:
While the legal framework proceeds for adoption, a Privacy Impact Assessment is prepared and conducted, which allows the Member State to continuously evaluate the impact of PNR implementation on human rights, with guidance from the United Nations. The PIU identifies the requisite staff and competent authorities, watchlist, and databases that should be considered for its work. This phase also includes developing a national implementation guide for airline connectivity and developing the skills of the staff in the PIU required for managing relationships with carriers. If the Member State has successfully completed the pre-implementation phase and milestones outlined in Phase 1 in line with UN guidance and recommendations, it can choose to deploy goTravel. To do so, the Member State must sign a Memorandum of Agreement for the software license and agree to the terms of use. Once signed, CT Travel begins training the Member State’s Information and Communication Technology (ICT) staff to test the required technical platforms. Once the legal framework is adopted, the new system is operationalized.
Phase 3:
Operationalization works with a focus on building the Data Protection Officer’s (DPO) capacity, training and mentoring the new PIU staff, engaging with the airlines on non-compliance, and transitioning goTravel from testing to production, allowing carriers to receive live data through a passenger data single window.
How are decisions made with goTravel?
goTravel does not feature automated decision-making; an appointed official must assess all matches and hits to decide on further actions. CT Travel provides training, mentoring, and detailed standard operating procedures to support PIU staff with each step of the decision-making process.
The Programme provides guidance to Member States on its transparency obligations to passengers – this guidance encompasses not only the guidance that airlines should provide to passengers when booking a flight, but also the notice Member States should provide to passengers on the website of the relevant government authority. The goTravel system allows Member States to facilitate the exercise of data subjects’ rights of access, rectification, and redress in accordance with ICAO Standards and national data protection laws.
How does goTravel promote data sovereignty and ICT security?
Member States using goTravel manage information handling processes at the national level, enabling them to maintain full data sovereignty while adhering to international legal obligations and applicable national laws. This means that the United Nations does not have access to any of the Member States’ data.
CT Travel provides guidance to Member States to manage information security risks, including data encryption, access controls, risk assessments, and security policies; as well as for secure data storage, in line with International Organization for Standardization (ISO) standards.
For example, in recent deployments of goTravel in Europe and Southeast Asia, CT Travel supported Member States with hardware and network procurement, advised on ICT security assessments, and conducted technical training to strengthen understanding of privacy and data protection.
How does CT Travel ensure appropriate use of goTravel through oversight of the system?
goTravel enables oversight of the PIU’s passenger data processing activities through the review of all justifications, matches, hits and requests. CT Travel supplements this with specialized training for the DPO on how to use goTravel to monitor, audit and report on the work of the PIU.
The system strictly controls user access and roles, with CT Travel advising on user access based on the principle of least privilege (‘need-to-know basis’).
For example, as part of its training course on privacy and data protection, CT Travel trained a beneficiary Member State in Eastern Europe on how the PIU’s DPO can monitor the work of the PIU and control user access rights, in line with national requirements and on the basis of least privilege.