US airlines face review of personal information and data collection practices

The U.S Department of Transportation (DOT) is undertaking a privacy review of the country’s ten largest airlines to ensure proper handling of customers’ personal information, address complaints about mishandled data and privacy violations, and assess airlines’ privacy training procedures.

In a government release, U.S. Secretary of Transportation Pete Buttigieg says that “airline passengers should have confidence that their personal information is not being shared improperly with third parties or mishandled by employees.” Buttigieg does not specify whether biometrics such as passenger facial scans are included, but presumably, biometric data will figure into the overall privacy equation.

“Because consumers will often never know that their personal data was misused or sold to shady data brokers, effective privacy regulation cannot depend on consumer complaints to identify corporate abuses,” says Senator Ron Wyden, who is launching the review in partnership with DOT. The review will look at airlines’ data collection policies and procedures, and investigate whether airlines are unfairly or deceptively monetizing or sharing data with third parties. Airlines found to be selling customer information for targeted advertising, lacking protection against data breaches, or conducting other improper practices could face civil penalties, stronger enforcement measures or additional rules.

The initial review will assess the airlines Allegiant, Alaska, American, Delta, Frontier, Hawaiian, JetBlue, Southwest, Spirit, and United. Further reviews will be conducted periodically.

COPPA puts DOT in charge of policing how airlines use kids’ data

DOT’s jurisdictional claim on airline passengers’ digital rights comes via its enforcement of airlines’ compliance with the Children’s Online Privacy Protection Act (COPPA). The Federal Trade Commission’s (FTC) recently proposed changes to COPPA put new restrictions on how companies use and monetize childrens’ personal information. The changes also call for protected biometric identifiers to be expanded to include face, voice, fingerprint and iris biometrics, as well as gait data, DNA and avatars.

Data privacy is an ongoing national security concern for the U.S. In February, President Joe Biden issued an Executive Order “to protect Americans’ sensitive personal data from exploitation by countries of concern.”

In its wake, last week, the House of Representatives passed H.R. 7520, the Protecting Americans’ Data from Foreign Adversaries Act of 2024 by a vote of 414-0. In a joint statement, Energy and Commerce Committee Ranking Member Frank Pallone, Jr. (D-NJ) and Chair Cathy McMorris Rodgers (R-WA) say the law cracks down on data brokers selling personal information, and “serves as an important complement to more comprehensive national data privacy legislation.”

Article Topics

airport biometrics  |  biometric identifiers  |  data privacy  |  data protection  |  U.S. Government