The Department of Transportation is initiating a new review of airline privacy practices that has implications for both frequent flyer programs and civil liberties.
DOT is auditing the 10 largest U.S. airlines over how they collect, manage, and use passenger information – including whether any engage in the unethical monetization or distribution of passenger data to third parties without proper authorization. According to Secretary Buttigieg,
Airline passengers should have confidence that their personal information is not being shared improperly with third parties or mishandled by employees.
The agency will be looking at airline data management policies, how privacy breaches are handled (I regularly hear from passengers who receive copies of other people’s itineraries!) and how they train staff on handling of private data. The agency highlights the role that Senator Ron Wyden (D-OR)’s office has in pushing forward these issues. According to Senator Wyden,
Secretary Buttigieg and the Biden Administration deserve serious credit for working with me to launch a new initiative to review the privacy practices of the major U.S. airlines.
Because consumers will often never know that their personal data was misused or sold to shady data brokers, effective privacy regulation cannot depend on consumer complaints to identify corporate abuses. I will continue to work with DOT to ensure that it is holding the airlines responsible for harmful or negligent privacy practices.
How Airlines Use And Abuse Data
There are two main uses of data, outside of running an airline’s operations moving passengers on planes (and of course they must comply with relevant data handling laws and take ordinary measures in protecting that data).
- Monetization through loyalty programs. They and their partners want to sell things to airline frequent flyer program members. The biggest one here is co-brand credit card partner banks.
- Providing travel information to governments. Government agencies gain access to travel histories and reservations data, and it’s not always clear that this is authorized or made known to consumers. There are probably data use violations here, but I’d be surprised if the U.S. government came down on airlines for cooperating with it and with other governments.
Governments obtain information on customers both officially (through access to reservations data) and unofficially (by asking or paying low level employees to provide it).
The Drug Enforcement Administration pays off employees to provide them with confidential data from their employers. The DEA is no longer allowed to do this with “quasi-governmental agencies like Amtrak” however their internal policies haven’t been changed to prohibit doing so with companies, including airlines (and hotel chains).
Will The Government Crack Down On Abuses By The Government?
Providing information to governments, in ways that are undisclosed to customers and aren’t pursuant to proper oversight, is surely a violation of an airline’s obligation to safeguard company data. Government agencies should be making use of a subpoena or at a minimum legal and official channels for obtaining customer data.
- I’m skeptical that the Department of Transportation will go after airlines for their employees making data available to DEA under such an arrangement but I would love for my skepticism to be proven wrong.
- Indeed, the Federal Trade Commission acted against a data broker that was selling location data to defense contractors who would then provide it to U.S. intelligence agencies and the Department of Defense. So maybe!
Frequent Flyer Programs Are Data Warehouses
Since marketing relationships with third parties are the lifeblood of airlines, the effort by the administration has high stakes. Carriers will need to ensure that their lawyers are updating their privacy policies to match actual data sharing practice, if they aren’t already consistent.
At the same time, privacy policies miss the crux of value in the information companies hold. It’s their behavioral models take that information about you and turn that into predictive tools. That’s the why a consumer transacts with a brand; their intent driving action; as well as the timing of their behavior.
Additional Areas Of Exposure For Airlines
Other areas where there’s potential liability include handling of data of minors (both passengers, and children with frequent flyer accounts!) and moving data between the U.S. and E.U. for those carriers with a European presence and partnerships.
What We Need To Do To Protect Our Privacy
Years ago I wrote that we’re being tracked. That ship has sailed. The idea that government will protect us from tracking seems unlikely, because they’re doing it more than anyone else. From license plate readers to storing cell phone geolocation data, the government can zero in on pretty much anyone. They want companies collecting data because it makes their lives easier. That’s why I’ll be surprised to see DOT scale airline data sharing back in a meaningful way.
What’s most important is checking the power of those with access to the information. It needs to hold governments accountable, rather than just being a tool of governments. Companies need to be shielded from rather than being forced to become tools of government surveillance, from banks to cell phone providers to social media and e-mail services and.. airlines. I just don’t see that happening, but will applaud this effort if it makes even the smallest bit of difference.
The airlines, airline contractors, airlines’ business customers, governments and government contractors all need to be monitored and held to account for the use of passenger data and frequent flyer program account data. All of them are undermining privacy at times.
@GU … Whom do you suggest ought to monitor them ?
The airlines have a fraction of the amount of information your car is transmitting. Car manufacturers are making millions selling drivers information to LexisNexis who in turn sell your information to anyone who will pay them for it. It’s specific by your name and buried in the fine print about their infotainment systems. All the major manufacturers do it. Credit card companies sell your purchase history to companies like Google. Whenever you allow someone to scan your license for an age check all the information on your license is downloaded and the cash register companies even tell in their literature that companies can do targeted marketing with the info. Pothole Pete should be looking other places if he’s worried about protecting peoples data.
I’m surprised that you don’t welcome this initiative as at least some being in the right direction.
@H2oman is absolutely correct, and the story is pretty spooky if you tend to drive on the fast side (I do). The real issue is that all of the vehicle data (including acceleration, braking, speed and location) is saved by services such as GM OnStar and then re-sold to Auto Insurers. There are horror stories of guys who drive Vette’s fast and end up having their auto insurance canceled or tripled in cost. Here’s the archive link for the NYT story: https://archive.is/7vRB8
Nothing the government does is for the benefit of regular citizens. Automatically this review of data by the government is bad because it will never be used to help us. I am not afraid of companies selling my data to other companies to be used to make a profit. I am afraid of the government using any data because all of its aims and interests are the opposite of that of regular people.
The only concerns with data are around companies like Facebook manipulating elections by preventing people from seeing real news by censoring real stories. The reason the government hates TikTok is TikTok is not owned by the 3% who control Facebook, Instagram, Google, Oracle, Disney, NBC, CBS, CNN, and all the others aside from X. The problem with X is Musk still doesn’t understand those with a resume in Silicon Valley going to be corrupt. He has a 3% woman at Twitter managing things. It’s like with Trump. If all the people you hire or judges you nominate are McConnell judges or are 3% or rinos, of course they will undermine your aims.
Gary,
It is all theater and a joke. Anymore, if you want “X,Y, or Z” you must accept the Ts&Cs. If not, you don’t get the ticket, credit card or whatever.
The idea that a politician (regardless of party) that is kept by lobbyists is going to do any real safeguards is a joke.
The Government and some States are going after Apple for not letting every developer have access to the store or platform. One reason they have fewer security issues is they control the access. I doubt any consumer started this complaint.
Little like TSA theater. The appearance of doing something.
@Christian – it might be, it depends what they do!
Someone needs to read history. US government’s collection and use of data on its citizens is a long tradition and includes McCarthyism and the entire NSA.
Authoritarians like the orange guy (his name is blocked here) will do everything in their power to increase, not reduce, this surveillance, because that’s how they and their friends (Pu Tin, Kim, etc.) stay in power.
The solution for the auto data collection is to maintain an older car. Airline data collection cannot be stopped so easily.
The politicians will always fallback on the terrorists and/or children excuse on why this data is needed.