Sunday, 9 December 2018

Review of the E.U. Code of Conduct for reservation systems

The European Commission is conducting a public consultation on the E.U. Code of Conduct for Computerised Reservation Systems.

The CRS Code of Conduct, although porly enforced, provides important conusmer and privacy protections for air travellers and airline ticket purchasers worldwide.

The CRS Code of Conduct was last reviewed a decade ago. Since then, several complaints have been lodged with the European Commission against CRS operators, including airlines, for failing to comply with the requirements of the CRS Code of Conduct. But the Commission has taken action on few, if any, of these complaints,

My own complaint was finally acknowledged by the Commission in May 2017, and has supposedly been under investigation. But a year and a half later, I’ve received no word of any action on my complaint, and no response to recent inquiries as to its status.

According to a report by the trade trade news site TheBeat.Travel, the same office of the European Commision that is investigating my complaint decided earlier this year to abandon its investigation of another complaint of violations of the Code of Conduct for CRSs:

In May this year, the EC alerted ETTSA [the complainant] that it “took the preliminary view that it did not need to act upon the complaints,” according to an ETTSA statement…. “Rather than taking a position on substance, as one would legitimately expect after an assessment process lasting almost three years, the Commission said it intended to turn down the complaint merely on the basis that the [EU code of conduct for CRSs] ‘no longer reflects market reality and that it may be revised in the future.’” Indeed, European regulators are reviewing “all provisions” within that code of conduct, which is the governing GDS regulation in the EU.

At a committee hearing in the European Parliament on 10 July 2018 where this complaint was discussed, MEPs criticized the Commission for delaying enforcement of the current CRS Code of Conduct merely because it might later be revised.

The key points in my own submission today to the European Commission are as follows:

I share the concern of other consumer advocates that the CRS Code of Conduct remains — along with the requirement for each airline to publish and comply with a tariff of fares — a key means of ensuring transparency and non-discrimination in airfares. CRSs facilitate comparison shopping, in the face of airlines’ efforts to make it more difficult for consumers to compare prices and to replace fare tariffs with personalized prices.

Airlines don’t want transportation to be commodified. Airlines don’t want the services of Airlines A, B, C, and D in providing a bundle of services including transportation of 1 adult person and 2 pieces of checked luggage from Point P to Point Q to be regarded as fungible. But travellers do, in fact, regard air transportation as a commodity, and regard most airlines as fungible. Airbuses are Airbuses, and Boeings are Boeings, regardless of what logo is painted on the tail. Travellers want to compare prices, and CRSs that provide neutral displays are the best means available for them to do so.

The CRS Code of Conduct also includes significant and necessary — although to date unenforced — protections for the highly sensitive personal information about travellers stored in CRSs. These provisions of the CRS Code of Conduct should be retained and enforced, for the same reasons that were discussed in comments to the Commission by the Identity Project in 2007, the last time the CRS Code of Conduct was reviewed.

The privacy and data protection provisions of the CRS Code of Conduct:

  1. Should be retained, regardless of what other changes are made to the Code of Conduct;
  2. Should continue to explicitly define CRSs as data controllers, regardless of what other entities might also be considered controllers of the same data; and
  3. Should be enforced, both now and in the future, including by requiring CRSs to:
    • (a) Replace “record locators” with user-selectable, user-changeable passwords, and
    • (b) Add immutable access logs, similar to the current change logs, to PNR “histories”, to enable CRSs and CRS users to provide data subjects with an accounting of disclosures and international transfers of PNR data and to enable oversight of purpose and geographic access controls.

The consultation ends Monday, 10 December 2018, Brussels time. You can submit comments through this online questionnaire or by e-mail to

Link | Posted by Edward on Sunday, 9 December 2018, 22:34 (10:34 PM)

In January 2020, the European Commission released a report suggesting that the privacy and data protection provisions of the Code of Conduct might be "redundant" and could possibly be repealed:

The report mentions some of the issues that have been raised complaints to the EC of violations of the Code of Conduct, but does not mention my complaint or that there have been any complaints of violations of the data protection provisions of the Code of Conduct.

The report claims that, "The Commission was and still remains in continuous contact with interested stakeholders (individual and their associations), in particular CRSs and carriers."

But I have received no response whatsoever to my submission to the EC, and it appears from the report that none of their follow-up interviews were with individuals or consumer advocacy groups.

Additional documents concerning the review have been posted here:

A seminar with "stakeholders" was held in 2019, but I wasn't invited:

There has been no indication of the timeline for further action on this dossier by the EC.

Posted by: Edward Hasbrouck, 16 July 2020, 11:53 (11:53 AM)
Post a comment

Save personal info as cookie?

Bio | Blog | Blogroll | Books | Contact | Disclosures | Events | FAQs & Explainers | Home | Newsletter | Privacy | Resisters.Info | Search | Sitemap | The Amazing Race | The Identity Project | Travel Privacy & Human Rights | Twitter

"Don't believe anything just because you read it on the Internet. Anyone can say anything on the Internet, and they do. The Internet is the most effective medium in history for the rapid global propagation of rumor, myth, and false information." (From The Practical Nomad Guide to the Online Travel Marketplace, 2001)
RSS 2.0 feed of this blog
RSS 2.0 feed of this blog
RSS 1.0 feed of this blog
Powered by
Movable Type Open Source
Movable Type Open Source 5.2.13

Pegasus Mail
Pegasus Mail by David Harris