US Department of Transportation to investigate airline data privacy
Today the U.S. Department of Transportation (DOT) announced plans for a “a privacy review of the nation’s ten largest airlines regarding their collection, handling, maintenance, and use of passengers’ personal information.”
The review will include airlines’ compliance (or not) with the so-called Privacy Shield framework for transfers of personal data from the European Union to the US. As DOT notes on its website, “DOT is the enforcement authority for airlines participating in Privacy Shield. DOT shares jurisdiction with the FTC regarding ticket agents participating in Privacy Shield.”
This is a positive step, but we’re reserving judgment until we see what DOT actually does.
The review is to be conducted by DOT’s Office of Aviation Consumer Protection, which has demonstrated little expertise or interest in privacy issues despite its enforcement authority with respect to airline privacy practices. DOT’s Advisory Committee on Aviation Consumer Protection raised these issues a decade ago, but there’s been little visible change or enforcement activity. And the terms of reference for the review, as described in DOT’s press release today, make it unclear whether DOT will be looking into how personal information in airline reservations is made available to US and foreign governments, or whether DOT’s review will be limited to commercial use of airline data.
Stay tuned.