The dark side of reward miles and government surveillance: DOT audits how airlines misuse data
The Department of Transportation is launching a new review of airline privacy practices that will impact both frequent flyer programs and civil liberties.
The DOT is auditing 10 major U.S. airlines on how they collect, manage, and use passenger information. This includes whether there is unethical monetization or distribution of passenger data to third parties without proper authorization. According to Secretary Buttigieg,
Airline passengers need to be confident that their personal information is not being inappropriately shared with third parties or mishandled by employees.
The agency examines airlines' data management policies, how they deal with privacy breaches (we often hear from passengers who received a copy of someone else's itinerary!), and how they train staff to handle personal data. We are planning to consider it. The agency highlights the role that Sen. Ron Wyden's (D-Ore.) office is playing in advancing these issues. According to Senator Wyden:
Secretary Buttigieg and the Biden Administration deserve much credit for working with me to launch a new initiative to overhaul the privacy practices of major U.S. airlines.
Because consumers often never know that their personal data has been misused or sold to shady data brokers, effective privacy regulation relies on consumer complaints to identify corporate wrongdoing. You can't. I will continue to work with the DOT to ensure that airlines are held accountable for harmful or negligent privacy practices.
How airlines use and misuse data
There are two main uses for data, outside of the operations of airlines that transport passengers on planes (of course, airlines must comply with relevant data handling laws and take normal steps to protect data). there is).
- Monetize through loyalty programs. They and their partners want to sell products to members of airline frequent flyer programs. The biggest thing here is the affiliated credit card partner banks.
- Providing travel information to governments. Government agencies have access to travel history and booking data, but it is not always clear whether this is authorized or made known to consumers. There is probably a data use violation here, but I would be surprised if the US government accused airlines of collaborating with other governments.
Governments obtain information about customers both formally (through access to reservation data) and informally (by requesting or paying low-level employees to provide information).
The Drug Enforcement Administration pays employees to provide sensitive data from their employers. The DEA is currently not allowed to take such actions against “quasi-governmental entities like Amtrak,” but internal policies prohibiting actions against companies, including airlines (and hotel chains), have changed. Not yet.
Will the government crack down on government abuses?
It is clear that providing information to governments in a manner that is not disclosed to customers and without proper oversight violates airlines' obligations to protect corporate data. Government agencies must use subpoenas, or at least legal and official means, to obtain customer data.
- I'm skeptical that the Department of Transportation would go after airline employees who provide data to the DEA under such an arrangement, but I hope my skepticism is proven wrong. .
- In fact, the Federal Trade Commission has taken action against data brokers who sell location data to defense contractors and then provide it to the U.S. intelligence community and the Department of Defense. maybe!
Frequent flyer programs are data warehouses
Because third-party marketing relationships are the lifeblood of airlines, government efforts are at great risk. Carriers should ensure that their lawyers update their privacy policies if they are not consistent with their actual data sharing practices.
At the same time, privacy policies miss the core of the value of the information companies hold.it's theirs The behavioral model Turn information about you into a predictive tool. That's why consumers do business with brands. Their intentions drive their actions. So is the timing of their actions.
Additional exposure areas for airlines
Other areas of potential liability include handling of data of minors (both passengers and children with frequent flyer accounts!) and between the US and EU for European-based and affiliated airlines. This includes data movement.
What we must do to protect your privacy
A few years ago, I wrote that we are being tracked. The ship has sailed. The idea that the government can protect us from tracking is unlikely. Because the government does more tracking than anyone else. From reading license plates to storing cell phone location data, governments can zero in on just about anyone. They want companies to collect their data. Because collecting data makes our lives easier. That's why I would be surprised to see DOT resume airline data sharing in a meaningful way.
The most important thing is to check the power of those who have access to the information. We need to hold the government accountable, not just a tool of the government. Businesses, from banks to mobile phone providers to social media and email services to airlines, need to be protected rather than forced into tools of government surveillance. I don't see that happening, but I'll applaud this effort if it makes any difference.