Monday, 10 November 2003
Leading travel lawyer calls for privacy law
"There ought to be a law protecting the privacy of travel records, just as there is a law protecting your health records. There also ought to be a federal government agency that enforces the law."
So writes Mark Pestronk , legal advice columnist for the influential trade publication for travel agents, Travel Weekly , as the conclusion this week of a two-part series on the privacy of travel records: Clients' travel data isn't as private as they think (3 November 2003), and U.S. should take note of EU's data-privacy rules (10 November 2003); free registration and cookie and popup acceptance required.
Pestronk is a big fish in the small pond of experts on travel law, and his endorsement of the calls for Congressional action on travel privacy is likely to carry significant weight with travel agents.
Pestronk reports that "Contrary to popular belief, there are no federal or state laws prohibiting a travel supplier or travel agency from giving travel data to the government or any third party. [They] can even sell your data to the highest bidder."
Pestronk correctly, I think, assesses the divergent interests of travellers and travel agents and agencies (especially, I would argue, the vast majority of small travel agencies), in support of privacy laws, and the likely opposition from large suppliers of travel services and especially the CRS's/GDS's.
"The biggest commercial data gatherers of all, the GDS vendors, have no privacy policies that affect agency bookings," Pestronk points out. He describes travel services providers' privacy policies as "almost worthless", noting that " all these voluntary promises are empty because there are no meaningful consequences for violations."
Meanwhile, on 7 November 2003, Member of the European Parliament Marco Cappato made a formal request to the European Commission (the EU's administrative and enforcement agency) for enforcement action under the privacy provisions of the EU code of conduct for computerized reservation systems for transferring his personal data to the USA without his consent, on flights he took to the USA earlier this year. MEP Cappato also renewed his call for the European Parliament itself to "start proceedings against the EU Commission for failure to act" on violations of the EU CRS regulations.
MEP Cappato's complaint was directed to European Commissioner Frits Bolkestein, who described the demands by the USA for passenger data from the EU as "surely excessively intrusive by any standards" in a recent op-ed column in the International Herald Tribune .
Today's Wall Street Journal reports (with, I think, an excess of what from their point of view would be called "optimism"), that a "Passenger-data deal may be near." From the details of the story, it looks to me like the way forward still would have to start with adoption of adequate privacy protections for travel data in the USA.
Reportedly, "The U.S. says it is willing to entrust [passenger] data to a privacy officer within the Department of Homeland Security who is responsible directly to the U.S. Congress." But that would likely be meaningless, even if it satisfied EU requirements for independent oversight, which it probably wouldn't. Aside from the role of the DHS Chief Privacy Officer to date as a privacy-invasion apologist, not a privacy advocate, President Bush has already declared in signing the CAPPS-II oversight bill that Congress has no authority to exercise any oversight over the Department of Homeland Security, on separation-of-powers grounds, and that the Executive branch will treat Congressional oversight as purely "advisory". I don't know what could make it more clear that the DHS Chief Privacy Officer isn't independent (as would be required to satisfy EU law), and answers solely to the President, not Congress -- no matter what law Congress might enact. At a minimum, to satisfy EU requirements, President Bush would have to renounce his signing statement on the CAPPS-II bill, and accede to Congressional oversight over DHS privacy practices.
Travellers, travel agencies, airlines based outside the USA don't have the lobbying clout in Washington that CRS's and USA-based airlines do. But with calls for a Federal travel data privacy law trickling up from the grassroots and being pressed by European Union authorities as the precondition to sharing fo EU data, it's only a matter of time before someone in Congress introduces such a bill.Link | Posted by Edward on Monday, 10 November 2003, 08:53 ( 8:53 AM)