The U.S. Department of Transportation announced its first industry-wide review of data security and privacy policies across the largest U.S. airlines.
The DOT said in a press release Thursday that the review will examine whether U.S. airline giants are properly protecting their customers’ personal information and whether airlines are “unfairly or deceptively monetizing or sharing that data with third parties.”
Letters to airline executives will include questions about how the airlines collect and handle passengers’ personal information, monetize customer data through targeted advertising, and how employees and contractors are trained to handle passenger’s information.
Those airlines include Allegiant, Alaska, American, Delta, Frontier, Hawaiian, JetBlue, Southwest, Spirit, and United.
The department, which oversees U.S. government policy on all matters related to transportation, said it would investigate and take enforcement action as it discovers evidence of problematic practices.
U.S. Secretary for Transportation Pete Buttigieg said the review aims to “ensure airlines are being good stewards of sensitive passenger data.”
The DOT did not say what specifically prompted the review, but that the action was part of the U.S. government’s “broader push to protect consumer privacy across the economy.”
In recent months, the U.S. Federal Trade Commission — which regulates consumer data privacy matters — has banned data brokers and other companies from sharing users’ sensitive location and browsing data with others, ordered companies hit by data breaches to overhaul their security practices, and pledged to strengthen the federal law known as COPPA that prevents companies from obtaining data on children under the age of 13.
The DOT said that the FTC is “also exploring rules to more broadly crack down on the harms stemming from surveillance and lax data security.”
Transportation Secretary Buttigieg said the DOT’s privacy review will be carried with the expertise and partnership of Sen. Ron Wyden, a senior Democrat who sits on the Senate Intelligence Committee.
Wyden has raised alarms about the sharing and sale of sensitive U.S. consumer data to data brokers — companies that collect and resell people’s personal data, like precise location data, often derived from their phones and computers.
In recent months, Wyden has warned that data brokers sell access to Americans’ personal information, which can identify which websites they visit and the places they travel to. Wyden also warned that U.S. intelligence agencies can — and have — purchased commercially available information about Americans from data brokers, which the intelligence community argues that they don’t need to obtain a search warrant for data they can purchase.
In remarks, Wyden said: “Because consumers will often never know that their personal data was misused or sold to shady data brokers, effective privacy regulation cannot depend on consumer complaints to identify corporate abuses.”