The multiple issues surrounding airlines and ownership of passenger data
Imagine a world where someone owns a record of everything you do in life. Went shopping? Safeway owns that act. Watched a movie? Netflix owns a record of that. Grabbed a quick bite to eat? McDonalds owns a log of that.
That world — for better or worse — is not far away, and in many cases, already reality.
Companies far and wide are reaching into our daily lives more and more to personalize our experience via “loyalty cards” and, lately, by just analyzing your credit card transaction data.
Some might say this is the way of the future and a way to enjoy the conveniences of modern deal and offer targeting. Others might say it’s a massive invasion of privacy. But in general, many would agree that the actions they take in their daily lives are, in the end, theirs and therefore owned by them.
Airlines, seemingly, would beg to differ.
Flying by the seat of their pants
If you’ve recently taken a flight, airlines claim that a record of that mere fact is their “proprietary information.” This verbiage, among others, is currently being used by airlines to bully a number of travel startups, and even some established companies such as TripIt/Concur.
Airlines are also using similar excuses to shut down tools that automate certain aspects of a consumer’s interaction with the airline’s web site — whether it’s checking in for their flight, reviewing their mileage account, or performing other tasks which road warriors rarely have the time for.
Let’s take a look at some recent cases:
- In 2011, Southwest sent a cease and desist letter to the popular frequent flier mileage tracker tool AwardWallet, barring them from accessing the Southwest website on a customer’s behalf. The proffered reason? To protect their customers’ data.
- Also in 2011, American Airlines sent a similar cease & desist to AwardWallet, citing “security concerns.”
- Delta Airlines joined the AwardWallet bashing party just this week, with perhaps one of the more aggressive legal threats waged against a travel startup in recent memory. It accused AwardWallet of “trespass” on its computer systems.
- United Airlines last week stopped displaying Award and Upgrade inventory on its site, infuriating their frequent flyer base in the process. Among other things, it blamed “automated scripts” that “re-display information in ways for which it was not intended.”
While the above cases seem fairly clear instances of airlines trying to set the rules of how their web sites (and in United’s case, data) can be accessed, the issue is a lot more complex than that.
For example, like any problem-solving startup, AwardWallet went to work after they received their cease and desist from American and came up with what it thought was a clear solution: instead of its servers accessing American’s website on the customer’s behalf, it wrote a browser plugin that used the customer’s own computer to access American’s site and download the required mileage information.
In other words, it wrote a plugin that specifically mimicked the exact same actions a consumer might take to track their mileage, using the consumer’s computer.
AwardWallet never saw the user’s American Airlines credentials and its servers never talked to American’s. A clever solution and the end of the problem, right?
Of course not.
Earlier this year, American again demanded AwardWallet cease providing this functionality to users, citing “security concerns”.
Command, control and conquer
Clearly, airlines want ultimate control over the data you’re generating. They want you (and only you) using their website. Under their terms – terms they can change any time.
All this leads to a few questions: Do airlines actually have the legal grounds to do this? Do they actually own the data you generate, and can they restrict your ability to give others access to it?
Legally, the answer leans towards “yes,” but is not fully settled. Interestingly, both American and Southwest were involved in some early precedent-setting legal cases almost a decade ago.
In 2003, the airlines took issue with FareChase, a travel startup that used screen scraping technology to retrieve live fares from airline web sites.
FareChase was accused of “trespass” by both airlines, while Southwest went further and alleged “Interference with Business Relations”, “Harmful Access by Computer” and “Misappropriation and Unjust Enrichment.” FareChase eventually settled with American but was was shuttered by its parent company Yahoo before the Southwest suit could reach higher courts.
Unfortunately for the industry, the cases were never really tried and tested to their full extent in the courts.
Of course, both of those cases involved traditional screen scraping, and not mere automated enablement of access to data as in the clever AwardWallet solution above.
One would expect the courts to side much more favorably with authors of these tools, but this too remains to be tested and seen.
In an industry with a number of large companies whose businesses rely on screen scraping, this issue remains a big question mark. For consumers and startups, I fear the only true representation will come when their interests happen to be aligned with these large companies.
Until then, it seems the airlines’ legal warchests will continue to set the precedent.
NB: Globe data routes image via Shutterstock.
Alex Kremer is co-founder and head of product at Redeam, an electronic ticketing platform serving the tours & activities industry. He was previously Senior Vice President of Partnerships at Nor1, a leading hospitality merchandising provider. He joined Nor1 after it acquired Flextrip, a B2B tours & activities distribution network he co-founded. Alex is a 15-year veteran of technology startup companies, previously co-founding Cruvee, a business intelligence company for the wine industry where he led Business Development. Prior to that, he co-founded FanAxis, one of the world's first fan club management and merchandising firms in the music and entertainment industries. Alex is based in Boulder, Colorado. Follow him on Twitter at axk.