Skip to main content

Walking the fine line between passenger information and information privacy

23 Aug 2022
Victoria Wallace

Passenger data holds significant value to airports. It transforms what were once strangers on a plane into customers with demographics, interests and preferences, enabling airports to personalise the passenger journey to increase customer satisfaction and generate more revenue.

The trouble is, while collecting, using and storing passenger data is key to personalisation, there is a fine line between what is considered acceptable and in the interest of the passenger and what breaches their privacy.

This topic was recently discussed at the IAR Online Summit, with panellist Stephen Saunders, Director of Innovation & Information Technology at Cincinnati Airport, stating, “data privacy is all about ensuring the data is in the right hands, for the right purposes, and there are a lot of steps to go through to do that.”

Here we will take a closer look at some of the steps required to ensure passenger information privacy and how airports can ensure they stay on the right side of the line.


Passenger information collection

For security reasons, some countries require access to Advanced Passenger Information before passengers fly. This passenger data is typically collected as part of the check-in process, whether online, at a self-service kiosk at the airport or a counter.

Advanced Passenger Information will usually include:

  • Full name
  • Gender
  • Date of Birth
  • Nationality
  • Country of residence
  • Travel document type (passport)
  • Travel document number

Once a passenger has supplied their API, their airline carrier will usually store it on its system before sending it to the relevant government authorities. After it has been sent, the airline will remove it from its system.

While airline carriers usually collect API, airports may also collect passenger data such as:

  • Personal information like names, address, birth dates
  • Email address
  • Payment information
  • Purchase history
  • Preferences
  • Biometrics
  • Location data

Here are some of the ways airports can collect passenger information:

  • Online bookings for flights, hotels and holidays
  • Bookings made through parking reservation software
  • Fast Track and Queuless Journey e-ticket purchases
  • Biometric scanning at the airport
  • Email sign-up forms on airport websites and landing pages
  • Wi-Fi / Bluetooth integrations at the airport
  • Scannable QR codes for offers and deals at the airport
  • KPI & feedback systems at the airport

These lists aren’t exhaustive but are designed to give you an idea of the type of passenger information airports collect and how they can do it. However, we must stress the importance of obtaining passenger permission and having a valid reason to collect information to avoid passenger data privacy issues.

As Rashid Al Busaidy, Head of ICT Strategy & Technology Innovation at Oman Airports, said at the IAR Online Summit, when collecting passenger data, “there is a very thin line between having a personalised journey and impacting the passenger’s data privacy.”

Airports, therefore, need to make sure they are collecting passenger information for the right reasons, and these reasons should be made explicitly clear to the passenger.


Passenger information usage

Advanced Passenger Information improves Border Control and Security processing. Essentially, it gives Border Control a heads up and helps to pre-determine any problems that may arise with passengers entering a particular country. Moreover, it helps improve passenger security, speed up the processing of legitimate passengers, and reduce unauthorised travellers entering countries with fraudulent documents.

An airport may also collect personal passenger data to:

  • ensure passenger hold baggage is in the correct place
  • ensure it’s meeting wait time obligations
  • monitor and report on security incidents
  • prevent dangerous substances from entering departure lounges
  • assist passengers with reduced mobility
  • monitor the flow of passengers

In addition, airports might collect personal passenger data to personalise the passenger experience, aiming to improve customer satisfaction and loyalty while generating new revenue streams. Technology advancements have enabled airports to collect and analyse large amounts of data in what’s known as Business Intelligence (BI) systems. With a 360 view of its operations and passengers, airports can focus on finding ways to improve the customer experience.


The question is, how much passenger data do airports need?

Collecting Advanced Passenger Data is a legal requirement; without submitting it, passengers won’t be able to fly to certain countries. However, when it comes to collecting and using passenger data to improve the airport experience, personalise offerings and generate revenue, the airport must question how much it needs to know about individuals.

Panellists addressed this question at the International Airport Review Online Summit, discussing whether airports need each individual passenger’s information or whether anonymised data is enough to create a positive passenger experience by designing personas and segments.

“You can use anonymised data to do a lot of personalisation. You just have to think about the right ways to do it,” said Mats Berglind, Digital Innovation Manager at Swedavia Airport. He continued, “for example, you can use anonymised data to see passenger flows. You don’t necessarily need to know who that passenger is. Maybe it’s enough to see what flight they’re on. You can also look at groups and destinations to start the personalisation journey.”

Rashid Al Busaidy contributed a great example of how Oman Airport uses passenger data to achieve personalisation at scale without breaching passenger information privacy.

“First, we analysed our passenger segments – the different groups of passengers using our airport based on inbound and outbound data from our business functions. We then utilised those segments and developed specific personas based on our understanding. With those personas, we can better understand who our passengers are, their needs, expectations and habits. At this stage, we could identify the types of passengers and what those passengers were most likely to expect during their journey through different touchpoints within the airport,” he said.


Passenger information sharing

But the question of how much passenger data is necessary for personalisation isn’t the only one. There is also much debate over who owns the passenger and data. Typically, it’s always been airlines, as traditionally, passengers would book their flights with an airline, which would capture and control their data.

However, now that airports can sell flights, hotels, holidays and parking reservations to passengers using ecommerce platforms like the Rezcomm Marketplace, they too can become passengers’ first touchpoint and take control of their data.

The thing is, should either the airline or airport ‘own’ passenger data? As Dave Wood, Client Director of Airport Services at redcentric, said at the IAR Online Summit, “ideally, no one owns the passenger because we’re trying to be much more collaborative now.”

Of course, for airports and airlines to exchange passenger data, they must have permission to do so. For this to work, Stephen Saunders suggested the industry requires more standardisation so airports and airlines can share data safely, ethically and in the best interest of passengers.

He said, “as an industry, we have to continue to collaborate and work together, as all of these technologies are being developed in different pockets of the world and gaining a life of their own with no consistency. They don’t all have to look alike, but they need to start from a sound foundation, and I’d encourage everyone in the industry to push for that base level of standardisation.”

Steven also raised a good point about the need to think less about airports and airlines controlling the passenger experience and more about putting it back into the hands of the passenger. “What control are we giving the passenger?” he asked. “I think it’s really about giving that power back to the passenger to select not only what they’re sharing with us because it is their data and their ability to provide that but also what they want to hear from us.”

And we agree. Passengers must control the data they share with airports and their partners and have a say in passenger data usage for personalisation.


Passenger information storage

Finally, when it comes to passenger information privacy, it’s essential to consider how airports store data, for how long and why. To comply with relevant data protection regulations, like GDPR, airports must:

  • Have a valid reason for collecting passenger data
  • Have a way of storing it securely
  • Ensure passengers know why and how airports use their data
  • Ensure passengers know how to get their data removed

Ensure passenger information privacy with Rezcomm

Here at Rezcomm, we help keep our airport partners on the right side of passenger information privacy with cutting-edge Customer modules that deliver a customer-centric approach to passenger information usage.

For instance, our Data Subject Request Management module enables passengers to submit data requests. As a result, the airport can keep a precise record of actions taken, benefit from proof of compliance and save time through automated record keeping.

Additionally, with Centralised Privacy Management, airports can simplify their procedures for dealing with Data Protection Regulations with greater control over data retention periods, updating privacy policies and creating data privacy assessments from a single, secure location.

Are you interested in finding out more? Download our brochure and book a meeting with the Rezcomm team to discuss how we can support your airport with passenger information privacy.