The multiple issues surrounding airlines and ownership of passenger data

Imagine a world where someone owns a record of everything you do in life. Went shopping? Safeway owns that act. Watched a movie? Netflix owns a record of that. Grabbed a quick bite to eat? McDonalds owns a log of that.

That world — for better or worse — is not far away, and in many cases, already reality.

Companies far and wide are reaching into our daily lives more and more to personalize our experience via “loyalty cards” and, lately, by just analyzing your credit card transaction data.

Some might say this is the way of the future and a way to enjoy the conveniences of modern deal and offer targeting. Others might say it’s a massive invasion of privacy. But in general, many would agree that the actions they take in their daily lives are, in the end, theirs and therefore owned by them.

Airlines, seemingly, would beg to differ.

Flying by the seat of their pants

If you’ve recently taken a flight, airlines claim that a record of that mere fact is their “proprietary information.” This verbiage, among others, is currently being used by airlines to bully a number of travel startups, and even some established companies such as TripIt/Concur.

Airlines are also using similar excuses to shut down tools that automate certain aspects of a consumer’s interaction with the airline’s web site — whether it’s checking in for their flight, reviewing their mileage account, or performing other tasks which road warriors rarely have the time for.

Let’s take a look at some recent cases:

  • This past spring, Southwest Airlines sued a small Phoenix-based company named SW Software Development, operators of a site called Southwest (Market Cap: $6.65 billion) sued SW Software Development (Market Cap: A lot smaller) for enabling consumers to automatically check in on Southwest’s website 24 hours prior to a flight, enabling those consumers to obtain an early boarding group – and therefore get better seat on the plane. Southwest alleged, among other things, that “trespassed” on Southwest’s website, violated’s terms of use and deprived it of advertising and other opportunities.
  • In 2011, Southwest sent a cease and desist letter to the popular frequent flier mileage tracker tool AwardWallet, barring them from accessing the Southwest website on a customer’s behalf. The proffered reason? To protect their customers’ data.
  • Also in 2011, American Airlines sent a similar cease & desist to AwardWallet, citing “security concerns.”
  • Delta Airlines joined the AwardWallet bashing party just this week, with perhaps one of the more aggressive legal threats waged against a travel startup in recent memory. It accused AwardWallet of “trespass” on its computer systems.
  • United Airlines last week stopped displaying Award and Upgrade inventory on its site, infuriating their frequent flyer base in the process. Among other things, it blamed “automated scripts” that “re-display information in ways for which it was not intended.”

While the above cases seem fairly clear instances of airlines trying to set the rules of how their web sites (and in United’s case, data) can be accessed, the issue is a lot more complex than that.

For example, like any problem-solving startup, AwardWallet went to work after they received their cease and desist from American and came up with what it thought was a clear solution: instead of its servers accessing American’s website on the customer’s behalf, it wrote a browser plugin that used the customer’s own computer to access American’s site and download the required mileage information.

In other words, it wrote a plugin that specifically mimicked the exact same actions a consumer might take to track their mileage, using the consumer’s computer.

AwardWallet never saw the user’s American Airlines credentials and its servers never talked to American’s. A clever solution and the end of the problem, right?

Of course not.

Earlier this year, American again demanded AwardWallet cease providing this functionality to users, citing “security concerns”.

Command, control and conquer

Clearly, airlines want ultimate control over the data you’re generating. They want you (and only you) using their website. Under their terms – terms they can change any time.

All this leads to a few questions: Do airlines actually have the legal grounds to do this? Do they actually own the data you generate, and can they restrict your ability to give others access to it?

Legally, the answer leans towards “yes,” but is not fully settled. Interestingly, both American and Southwest were involved in some early precedent-setting legal cases almost a decade ago.

In 2003, the airlines took issue with FareChase, a travel startup that used screen scraping technology to retrieve live fares from airline web sites.

FareChase was accused of “trespass” by both airlines, while Southwest went further and alleged “Interference with Business Relations”, “Harmful Access by Computer” and “Misappropriation and Unjust Enrichment.” FareChase eventually settled with American but was was shuttered by its parent company Yahoo before the Southwest suit could reach higher courts.

Unfortunately for the industry, the cases were never really tried and tested to their full extent in the courts.

Of course, both of those cases involved traditional screen scraping, and not mere automated enablement of access to data as in the clever AwardWallet solution above.

One would expect the courts to side much more favorably with authors of these tools, but this too remains to be tested and seen.

In an industry with a number of large companies whose businesses rely on screen scraping, this issue remains a big question mark. For consumers and startups, I fear the only true representation will come when their interests happen to be aligned with these large companies.

Until then, it seems the airlines’ legal warchests will continue to set the precedent.

NB: Globe data routes image via Shutterstock.

Share on FacebookTweet about this on TwitterShare on LinkedInEmail to someone
Alex Kremer

About the Writer :: Alex Kremer

Alex Kremer is co-founder and head of product at Redeam, an electronic ticketing platform serving the tours & activities industry. He was previously Senior Vice President of Partnerships at Nor1, a leading hospitality merchandising provider. He joined Nor1 after it acquired Flextrip, a B2B tours & activities distribution network he co-founded. Alex is a 15-year veteran of technology startup companies, previously co-founding Cruvee, a business intelligence company for the wine industry where he led Business Development. Prior to that, he co-founded FanAxis, one of the world's first fan club management and merchandising firms in the music and entertainment industries. Alex is based in Boulder, Colorado. Follow him on Twitter at axk.



Your email address will not be published. Required fields are marked *

  1. Evan Konwiser

    I hate to disagree (who am I kidding, I love it), but I don’t think airline mergers have much of anything to do with this. In fact, if anything, I think it’s the exact opposite.

    In Canada, where AirCanada has a virtual monopoly, you won’t find this sort of protectionism over their frequent fliers. Why? Because they don’t need to. So much so that they spun of AeroPlan years ago for a bunch of cash and while it still shares partial ownership with AirCanada, it’s run as a Canadian loyalty program without AirCanada having rights to dictate their strategy.

    In the US, where the market is much more competitive, not the case. Here, airlines feel the need to protect customer data. Why? For a few good reasons, actually:
    1) Most airlines can’t take advantage of the data themselves, so there’s bigger risk to competitors using it to their detriment. The first mover could pillage with it, so they all play it safe and try to hold back the data.
    2) These are loyalty programs. Not rewards, not prizes, not games. They are designed so you go to to book, not Expedia. Or if you do, you prefer UA and are willing to pay more. Commoditizing the points via 3rd parties compromises the value for airlines who are spending a lot of money funding the programs (and reaping the rewards from others buying points, like the banks).
    3) Control, but not not nearly as pathological as some here would have it seem. In fact, I know for a fact that at least one major airline has given API access of their loyalty program to at least one of the start-ups “cut-off”. And I assume that’s not isolated favoritism. They are actually telling the truth when they say they just want to work collaboratively via API where they have some iota of control and a more secure, sustainable, touch-point vs. scraping. (read: they want to be able to cut it off at will, naturally).

    But despite all this, Norm’s point above is the most salient. Mobile (as one example, but there are others, such as payment info) could circumvent all of this by putting the data in one company’s power without scraping FF data. And since airlines are slow to evolve IT to use the data, no wonder others will do it for them in the end, just as soon as incentives are aligned enough for them to play ball.

  2. Timothy O'Neil-Dunne

    Breathe in…. hold it… breathe out.

    Now let’s deal with the reality. The airlines are doing this because they can. Add F9 to the list. And many others are contemplating or doing the same thing. IE slowly destroying the 3rd party marketplace. They are squaring off for a battle with the OTAs. For example – CPA is dead for US airlines on Meta search already.

    The bad guys? Just the airlines? I think someone must accept the responsibility.

    Yes that is the DoT Allowing airlines to merge and then exert this amount of power is grounds for Sherman and Clayton. Will people do that? Few have the resources to put themselves through it. But it seems there is a real story here.

    Just for the record – I absolutely support the rights of individuals and corporations to control their own products. BUT….

    The DoT has a lot to answer for allowing these mega mergers and “mergers in all but name”. These events were and are bad things.

    Welcome to the collective nightmare. Our lot as consumers is about to get very hard.

    Losers – just about everyone.
    Winners… well you be the judge.


  3. Daniele Beccari

    Alex, good insights as usual.

    One way I’ve often solved data access roadblocks is by separating ownership from access.

    Instead of trying to find muddy legal rationales around ownership rights, privacy restrictions, etc. try simply to talk about an access service.

    X provides access to some data, operating the service has a cost (APIs, servers, operations…), anyone who wants to use X’s “access service” pays X in one way or another for their effort. In most cases this works.

  4. Norm Rose

    We are on the cusp of a new effort by the airlines to launch extensive merchandising efforts. The goal will be to customize offers through a combination of bundled and un-bundled ancillary services. This may also lead to unique prices for individuals based on customer value. The irony of this effort is that to be truly successful in customer management and acquisition the airline needs to not only understand the traveler’s value to the airline, but the opportunity to gain market share based on the passenger’s travel history with their competitors. As a 1K on UA I recently flew AA, which I had not done for many years. AA had no insight into the fact that I had flown so much on UA and thus no effort was made to deliver services that would sway my loyalty in the future. In my opinion, ultimately the mobile device will store my travel history (TripIt, Google Wallet, Apple Passbook). The traveler themselves need to have opt-in control on what they share with an airline to better tailor the product to their need.

  5. Charles Kollo

    Thx Alex for your post.
    In my opinion, the problem is that airlines don’t allow passengers to use their information at their full potential. The idea behind it is that airlines are poor and cannot diversify their business. So they can’t talk to passengers cause it costs too much (poor customer service), they can’t give good service cause employees don’t receive enough rewards.
    I think that very soon airline companies will understand that it is better to work with travel startups rather than playing the old game of monopoly for information. THERE ARE SOME STARTUPS THAT CAN GET THE JOB DONE.
    The interesting thing about the information is that it is free and it all depends on the way websites gather it. The Travel industry as we see it today will evolve and be totally different in 10 years, and unless big airline companies create innovation centers (see Microsoft’s:, another market will appear with smaller and more flexible companies like Surf air ( and its all-you-can-fly.

    My name is Charles Kollo, in my StartUp Shelterous ( we allow users to give their flight experiences by Consumer Generated Content. As a passenger I know the hassle when it comes to booking a ticket online and it is just like IKEA, you have to do everything by yourself. In our case, we help passengers to have a better understanding of their airline.

    CK (


Newsletter Subscription

Please subscribe now to Tnooz’s FREE daily newsletter.

This lively package of news and information from Tnooz’s web site provides a convenient digest of what’s happening in technology that drives the global travel, tourism and hospitality market.

  • Cancel