Dark Side Of Rewards Miles And Government Surveillance: DOT Audits How Airlines Abuse Your Data
The Department of Transportation is initiating a new review of airline privacy practices that has implications for both frequent flyer programs and civil liberties.
DOT is auditing the 10 largest U.S. airlines over how they collect, manage, and use passenger information – including whether any engage in the unethical monetization or distribution of passenger data to third parties without proper authorization. According to Secretary Buttigieg,
Airline passengers should have confidence that their personal information is not being shared improperly with third parties or mishandled by employees.
The agency will be looking at airline data management policies, how privacy breaches are handled (I regularly hear from passengers who receive copies of other people’s itineraries!) and how they train staff on handling of private data. The agency highlights the role that Senator Ron Wyden (D-OR)’s office has in pushing forward these issues. According to Senator Wyden,
Secretary Buttigieg and the Biden Administration deserve serious credit for working with me to launch a new initiative to review the privacy practices of the major U.S. airlines.
Because consumers will often never know that their personal data was misused or sold to shady data brokers, effective privacy regulation cannot depend on consumer complaints to identify corporate abuses. I will continue to work with DOT to ensure that it is holding the airlines responsible for harmful or negligent privacy practices.
How Airlines Use And Abuse Data
There are two main uses of data, outside of running an airline’s operations moving passengers on planes (and of course they must comply with relevant data handling laws and take ordinary measures in protecting that data).
- Monetization through loyalty programs. They and their partners want to sell things to airline frequent flyer program members. The biggest one here is co-brand credit card partner banks.
- Providing travel information to governments. Government agencies gain access to travel histories and reservations data, and it’s not always clear that this is authorized or made known to consumers. There are probably data use violations here, but I’d be surprised if the U.S. government came down on airlines for cooperating with it and with other governments.
Governments obtain information on customers both officially (through access to reservations data) and unofficially (by asking or paying low level employees to provide it).
The Drug Enforcement Administration pays off employees to provide them with confidential data from their employers. The DEA is no longer allowed to do this with “quasi-governmental agencies like Amtrak” however their internal policies haven’t been changed to prohibit doing so with companies, including airlines (and hotel chains).
Will The Government Crack Down On Abuses By The Government?
Providing information to governments, in ways that are undisclosed to customers and aren’t pursuant to proper oversight, is surely a violation of an airline’s obligation to safeguard company data. Government agencies should be making use of a subpoena or at a minimum legal and official channels for obtaining customer data.
- I’m skeptical that the Department of Transportation will go after airlines for their employees making data available to DEA under such an arrangement but I would love for my skepticism to be proven wrong.
- Indeed, the Federal Trade Commission acted against a data broker that was selling location data to defense contractors who would then provide it to U.S. intelligence agencies and the Department of Defense. So maybe!
Frequent Flyer Programs Are Data Warehouses
Since marketing relationships with third parties are the lifeblood of airlines, the effort by the administration has high stakes. Carriers will need to ensure that their lawyers are updating their privacy policies to match actual data sharing practice, if they aren’t already consistent.
At the same time, privacy policies miss the crux of value in the information companies hold. It’s their behavioral models take that information about you and turn that into predictive tools. That’s the why a consumer transacts with a brand; their intent driving action; as well as the timing of their behavior.
Additional Areas Of Exposure For Airlines
Other areas where there’s potential liability include handling of data of minors (both passengers, and children with frequent flyer accounts!) and moving data between the U.S. and E.U. for those carriers with a European presence and partnerships.
What We Need To Do To Protect Our Privacy
Years ago I wrote that we’re being tracked. That ship has sailed. The idea that government will protect us from tracking seems unlikely, because they’re doing it more than anyone else. From license plate readers to storing cell phone geolocation data, the government can zero in on pretty much anyone. They want companies collecting data because it makes their lives easier. That’s why I’ll be surprised to see DOT scale airline data sharing back in a meaningful way.
What’s most important is checking the power of those with access to the information. It needs to hold governments accountable, rather than just being a tool of governments. Companies need to be shielded from rather than being forced to become tools of government surveillance, from banks to cell phone providers to social media and e-mail services and.. airlines. I just don’t see that happening, but will applaud this effort if it makes even the smallest bit of difference.