The US Department of Transportation has announced its first industry-wide review of data security and privacy policies at the largest US airlines.
The DOT said in a press release Thursday that the review will look at whether the US airline giants are properly protecting their customers’ personal information and whether the airlines are “unfairly or misleadingly monetising or sharing this data with third parties”.
Letters to airline executives will include questions about how airlines collect and handle passenger personal information, monetize customer data through targeted advertising, and how employees and contractors are trained to handle the information of the passengers.
These airlines include Allegiant, Alaska, American, Delta, Frontier, Hawaiian, JetBlue, Southwest, Spirit and United.
The department, which oversees US government policy on all matters related to transportation, said it will investigate and take enforcement action as it uncovers evidence of problematic practices.
US Transportation Secretary Pete Buttigieg said the review aims to “ensure airlines are good stewards of sensitive passenger data.”
The DOT did not say what exactly prompted the review, but that the action was part of the US government’s “broader push to protect consumer privacy across the economy.”
In recent months, the US Federal Trade Commission – which regulates consumer data privacy issues – has banned data brokers and other companies from sharing sensitive user locations and browsing data with others, ordered companies affected by data breaches to review practices their security and pledged to strengthen the federal law known as COPPA that prevents companies from obtaining data on children under 13.
The DOT said the FTC is “also exploring rules to more broadly combat the harms that result from surveillance and lax data security.”
Transportation Secretary Buttigieg said the DOT’s privacy review will be conducted with the expertise and cooperation of Senator Ron Wyden, a senior Democrat who sits on the Senate Intelligence Committee.
Wyden has raised the alarm about the sharing and sale of sensitive US consumer data to data brokers – companies that collect and resell people’s personal data, such as precise location data, often from their phones and computers.
In recent months, Wyden has warned that data brokers are selling access to Americans’ personal information that can identify the websites they visit and the places they travel. Wyden also warned that US intelligence agencies can – and have – bought commercially available information about Americans from data brokers, who the intelligence community argues do not need to obtain a search warrant for data they can buy.
In remarks, Wyden said: “Because consumers will often never know that their personal data has been misused or sold to shady data brokers, effective privacy regulation cannot depend on consumer complaints to identify corporate abuses.”
