Consumer groups call for action on travel privacy

The Consumer Travel Alliance, the Consumer Federation of America, and the Center for Financial Privacy and Human Rights have joined me in comments filed today with the Federal Trade Commission asking the FTC to “include the category of travel data in your agenda for action to protect the privacy of information concerning consumers.” According to our comments:

Personally identifiable information about consumers collected in relation to their reservation, purchase, and use of transportation and travel services is one of the the largest, most sensitive, most intimately revealing, most systematically computerized, most widely dispersed, most globally accessible, and most potentially subject to abuse categories of consumer data. But unlike other categories of consumer data recognized as having special characteristics that warrant special protections and special regulatory attention, there is no sector-specific privacy legislation applicable to travel data in the USA.

This is the first time that national consumer and privacy organizations have explicitly called for recognition of personal information about our travel as a category of consumer data deserving of greater attention and protection. While most of the discussion about travel data since 11 September 2001 has concerned its use by governments, I actually first began working on travel privacy as a consumer privacy issue. That’s the context in which I discussed it The Practical Nomad: How to Travel Around the World (published in February 2001) and in my warnings about what might happen to these commercial records in the event of bankruptcies of travel companies. And I remain at least as concerned about misuse of travel records by commercial entities as by governments.

The consumer and privacy organization join me in calling for a coordinated approach to ensure that travel data privacy doesn’t continue to “fall… through the jurisdictional cracks between multiple … agencies.” We outline the privacy threats posed by the ways travel data is stored, disseminated, and used, and the ways that consumers’ expectations of privacy are routinely violated both by travel industry business practices and by current laws and regulations. And we list some of the most important first steps to protect travellers’ privacy, including:

• Clarification of privacy jurisdiction and harmonization of privacy rules, particularly between the FTC and the Department of Transportation regarding the privacy policies and tariffs of common carriers (airlines, Amtrak, buses, ferries, mass transit operators, etc.).
• Protection of personal information provided to travel companies in response to government orders, or as a condition of transportation on Federally-licensed common carriers.
• Protection of personal information in mixed systems of government data, common-carrier data, and other commercial travel data.
• Reform of the bankruptcy laws to protect personal information (including travel records) from being sold without consumers’ consent.
• Reform of the counter-factual legal assumptions in US contract law as to what uses of travel and other data by commercial entities consumers intend to authorize.
• Protection of travel information stored, transmitted, aggregated, and provided to governments and third parties by Computerized Reservation Systems (CRS’s), also known as Global Distribution Systems (GDS’s): “The FTC can and should tackle the privacy problems of CRS’s/GDS’s immediately.”