As air travel continues to grow over the next couple decades—even accounting for the 2020 fall in demand—airlines have an opportunity to leverage volumes of data from a vast cross-section of society to improve the travel experience for passengers globally. Along with that opportunity comes unique challenges from a privacy perspective. Compliance with privacy laws is, for sure, an important concern.  But the bigger issue for airlines may be one of data ethics and public perception: how do airlines assure the public that their use of personal data is a good thing?

Unfortunately, when it comes to air travel, the public is already primed to be guarded when it comes to their privacy, not because of anything airlines have done, but simply because of the context.  When a passenger arrives at an airport, they’re greeted by security guards and cameras.  Maybe they interact with a ticket kiosk that asks questions about their destination.  They pass through a security screening complete with x-rays and body scans, which many view (rightly or wrongly) as an intrusion on personal privacy.  Even if the passenger waits in line for a traditional security screening, they may be watching others pass through a screening process using facial recognition, fingerprint readers, and iris scans. In short, by the time a passenger has arrived at the gate, the traveler may relish the relative privacy of being the anonymous person in seat 7F.  None of these factors have anything to do with anything the airlines have or haven’t done; it’s just the context.  But the public association of air travel with intrusive experiences can spill over into suspicious feelings towards airlines.

Complicating matters, many feel air travel is a necessity and may be inclined to treat airlines as common carriers to whom they should not have to give permission to use personal data for purposes beyond providing the transportation service.

Another risk is complexity.  The web of entities that need to exchange data about passengers just to make a flight happen is both large and intricate. Any given flight may involve interactions among airlines, global distribution systems (GDS), online travel agencies and online booking tools, traditional travel agents, and the innumerable service providers that fit between those players, not to mention the TSA and other government agencies (of perhaps multiple countries). Outside of the flight experience itself, airline alliances and partnerships with other players in the travel industry, such as hotels, car rentals and credit card companies, means complex data sharing for purposes of loyalty programs. This complexity both heightens cybersecurity issues and produces more places for privacy risks to emerge.

There are, of course, legal complexities.  Air travel is cross-border in a very physical sense, raising the specter of conflicts of law, especially in an area of law such as privacy, where jurisdictions are only relatively recently starting to implement regulations, and not in a very uniform manner. The quick pace at which emerging technologies leveraging personal data develop may also cause uncertainty as to the applicability of regulations to new (and even settled) practices in the industry.

So how can airlines cope with these challenges and build trust with the public?  In short, airlines should look to privacy principles not as a burden, but as an opportunity.

For example, a key privacy principle is transparency.  Airlines can view transparency as an opportunity to demonstrate the value they provide using data.  There are reasons airlines may want to know a person’s dietary restrictions—it means the airline can provide the person an appropriate meal, perhaps even without the person remembering to request one.  Storing a passenger’s credit card number may make it easier to make food, beverage, or entertainment purchases in flight without fumbling around for a payment card.  Knowing the routes that a passenger may regularly take could allow the airline to make better recommendations or offer advantageous pricing.  Examples abound; the point is that airlines can use transparency to educate consumers on how the use of personal data creates value for the consumer.

Another key privacy principle is control.  By providing consumers with a measure of control over their data—just like large tech companies increasingly do—airlines are likely to give people comfort on someone else holding data on them.  Famously, people are afraid of flying, even though it’s safer than driving, because they don’t feel they are in control. The same principle applies to data. 

And of course, there is security.  Airlines need to make cybersecurity a priority, particularly when it comes to personal data.  All in all, the air travel industry has an excellent track record for physical safety thanks to scrupulous testing and inspections.  By being just as diligent with the security of personal data, airlines can build trust with the public so that they can use personal data to serve their customers.