Monday, 4 October 2004

German privacy czar recommends minimizing data in PNR's

Interviewed for a feature on US-VISIT ( Kontrolle, Kontrolle, Kontrolle ), German data protection commissioner Peter Schaar recommends that travellers to the USA put only the minimum of essential and required information in their reservations ( PNR's ), to minimize the potential for misuse of personal data by authorities in the USA, or others to whom the USA might pass on reservation data.

Ironically, this excellent advice from Schaar appears on the MSN.de Web site alongside an ad for Internet travel agency Expedia.de , one of the most flagrant violators of the EU data protection rules that Schaar is supposed to enforce.

You can't even get to Expedia.de's home page or privacy policy, to find out if you want to accept their cookies, unless you have already accepted their cookies -- a problem I've pointed out repeatedly to the chief privacy officer of Expedia.de's parent company in the USA.

More importantly in the context of Schaar's advice, Expedia makes it impossible even to determine when a PNR is created, in which CRS it is created, or what information is stored in the PNR and what is stored in a separate database.

Now that Schaar has recognized the critical importance of decisions about what information is placed in PNR's, it will be interesting to see what action Schaar, and his fellow members of the "Article 29 Working Group" of EU data protection commissioners that he chairs, will take to require companies like Expedia.de, and other travel agencies and airlines, to disclose their CRS usage practices and give travellers control over which of their personal data is placed in PNR's.

Link | Posted by Edward on Monday, 4 October 2004, 15:29 ( 3:29 PM) | TrackBack (0)
Comments
Post a comment









Save personal info as cookie?