US airlines’ privacy protection practices to get DOT review

The Department of Transportation (DOT) will review data collection practices for the country's 10 largest airlines in a bid to improve passenger privacy protections, Secretary Pete Buttigieg said on Thursday. 

The department said it will examine airline policies and training in handling passengers’ sensitive personal data and will ensure it is “not improperly monetized or shared with third parties,” according to a press release.  

The review will probe how airlines collect, handle, maintain and use the information in order to understand and potentially regulate those procedures. The department  also will investigate whether airlines are “unfairly or deceptively monetizing or sharing that data with third parties,” the release said. 

It also will examine if airlines are selling customer information for targeted advertising and are adequately protecting against data breaches, the release said

In announcing the review, DOT did not mention airports’ and airlines’ increasing use of gateside facial recognition scans. Many airlines have partnered with the Transportation Security Administration, which is overseen by the Department of Homeland Security, to add facial scans at various points of the security process.

In recent months, travelers increasingly submit to a facial recognition scan before boarding planes, according to passenger complaints online and news accounts.

The newly announced review will be the first in what the agency is calling a periodic process to check whether airlines are properly protecting customer privacy. The probe, to be conducted by the agency’s Office of Aviation Consumer Protection (OACP), will study 10 airlines: Allegiant, Alaska, American, Delta, Frontier, Hawaiian, JetBlue, Southwest, Spirit and United. 

Sen. Ron Wyden (D-OR), a privacy champion in Congress, has shared expertise with OACP staff about how to undertake the review, the press release said.

Under the review, officials will examine passenger complaints alleging airline employees or contractors have “mishandled” sensitive data as well as assess the quality of airline employee privacy training programs

The announcement noted that the Federal Trade Commission recently proposed updates to the Children’s Online Privacy Protection rule, placing new restrictions on the use and disclosure of children’s data which would  “further limit the ability of companies to condition access to services on monetizing children’s data.”