The Department of Transportation (DOT) has announced plans to undertake a comprehensive privacy review of major airlines operating within the United States, with a primary focus on the management and safeguarding of passengers’ personal information.
This review, as detailed by the DOT, will scrutinize the practices of the ten largest U.S. carriers concerning the collection, storage, and utilization of customer data. Specifically, it will delve into the procedures related to the handling of passenger data, including any mechanisms for its monetization. Additionally, the DOT will assess measures implemented by airlines to prevent data breaches, as well as address any reported incidents or allegations of mishandling personal information by airline personnel or contractors.
Conducted under the auspices of the DOT’s Office of Aviation Consumer Protection (OACP), the review will encompass Allegiant Air, Alaska, American, Delta, Frontier, Hawaiian, JetBlue, Southwest, Spirit, and United.
Transportation Secretary Pete Buttigieg emphasized the importance of ensuring passengers’ confidence in the protection of their personal information. “Airline passengers should have confidence that their personal information is not being shared improperly with third parties or mishandled by employees,” Buttigieg stated in a released statement. He further characterized this review as the initial step in a broader initiative by the DOT to ensure airlines fulfill their responsibilities as custodians of sensitive passenger data.
The DOT has clarified that this initial review represents the commencement of a series of periodic evaluations of airline privacy practices, aimed at ensuring compliance with relevant laws and adequate protection of consumers’ personal information.
In the event of identifying problematic practices, the Department asserts its readiness to take corrective action, which may include launching investigations or providing regulatory guidance.
The airline industry has faced challenges related to privacy breaches in the recent past. Notably, incidents such as the theft of personal information affecting over 8,000 pilot applicants from American Airlines and Southwest Airlines, as reported by CBS News last year, underscore the significance of robust data protection measures. Additionally, recent reports by Reuters revealed concerns over potential breaches of personal data at Spanish airline Air Europa.
Moreover, airlines have faced scrutiny over their utilization of passenger data for commercial purposes. Reports, including one by The Wall Street Journal, have highlighted instances where airlines explored leveraging passenger information for targeted advertising, raising questions about privacy and consumer consent, including United Airlines’ consideration of utilizing passenger data for selling targeted ads, potentially within its in-flight entertainment systems.