Friday, 18 August 2006

Airlines and CRS's squabble over who owns travellers' reservations

An important series of investigative reports by my friend and respected trade journalist Dennis Schaal in the past week in Travel Weekly (free registration and cookie acceptance required) has exposed a significant spat between American Airlines (IATA code AA) and the Sabre computerized reservation system or CRS (a/k/a "global distribution system" or GDS) over charges -- denied by Sabre -- that "Sabre approached the airline about a year ago and tried to sell American personal information in Passenger Name Records (PNRs) related to passenger travel on other carriers":

The dispute came to light in the context of an extremely complex and acrimonious process of renegotiation and revision of the agreements between all of the 4 major CRS's/GDS's and the largest USA-based airlines. I won't try to go into the background here, other than to say that the result of the ongoing transformation of the "travel distribution" industry is likely to reduce the ability of consumers, and of travel agents, to get the information from any single source that they they would need to make efficient comparisons of different airlines' prices.

The allegations in Schaal's story were foreshadowed in a recent white paper from the Business Travel Coalition , which also gives some useful background and analyzes how the current changes in CRS-airline agreements threaten the interests of business (and other) travellers.

Three things stand out about these stories:

First, if the allegations of PNR data sales are true, Sabre has much more to lose than airlines which may have bought the data. Both airlines and CRS's that accept reservations from the European Union are subject to EU privacy and data protection laws. But CRS's are also subject to the much more stringent requirements of Artcile 6(d) of the EU Code of Conduct for CRS's , which provides without exception that, "personal information concerning a consumer and generated by a travel agent shall be made available to others not involved in the transaction only with the consent of the consumer."

Second, athrough I have no independent information on the specific allegations, I can say as the person who has attempted most diligently to investigate and report on Sabre's privacy practices that Sabre's denial of the allegations by AA in Schaal's report is, on its face, incredible.

According to Schaal, Sabre says that, "under no circumstances whatsoever is any personally identifiable information that has been entrusted to us sold, knowingly disclosed or otherwise made available to any third party that is not involved in servicing or fulfilling travel on behalf of the customer." But the then-head of the USA Transportation Security Administration (TSA) TSA testified to Congress more than 2 years ago that both Sabre and AA had disclosed personal data from PNR's to the TSA, without the data subjects' knowledge or consent, for tests of the CAPPS-II airline passenger profiling and surveillance scheme.

Schaal also reports that Sabre told him, "We are fully transparent in our data privacy policies, which are published on our Web sites. We are fully open about any uses of data, including uses in providing value added services." But contrary to this claim of transparency, Sabre's chief privacy officer, Dave Houck, has told me that, "I am unable to confirm or deny the existence or nature of any projects Sabre has with the government."

Third and most fundamental, the dispute between Sabre and AA is, in essence, a commercial disagreement about which of them owns the rights to control the dissemination and use of, and to profit from, personal information about our travels. Shouldn't this be -- as it is in other countries including Canada and the EU -- our data, and neither the airline's nor the CRS's?

Link | Posted by Edward on Friday, 18 August 2006, 13:51 ( 1:51 PM) | TrackBack (1)
Comments
Post a comment









Save personal info as cookie?