Legal Implications of Data Collection at Airports (2021)

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

ACRP LRD 42   73 APPENDIX: AIRPORT TECHNOLOGY AND PRIVACY A. Technology Use Case Review 1. Objective & Scope This document aims to identify and categorize airport tech- nology that captures or processes PII. It focuses on PII related to passengers and public users of the airport environment. While the airport is at the center of this research the analysis is adapt- able to other airport stakeholders collecting, retaining, and using data. It does not address the regular capture of data of employees in the ordinary course of business of the airport, airlines, FAA, TSA, CBP, or any other third party contracted to support the airport except that data used in conjunction with airport access control measures. It focuses on technology typically operated by or for an airport (not by the airlines, FAA, CBP, TSA etc.). 2. Defining PII For this review, we use the definition of PII as provided by the NIST in its “Guide to Protecting the Confidentiality of Per- sonally Identifiable Information (PII).” PII is “any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individ- ual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an indi- vidual, such as medical, educational, financial, and employment ­information.” B. Use Case Analysis The analysis below offers a summary of use cases im­ple­ mented or under consideration for implementation at U.S. air- ports. A brief description is provided for each use case. Also provided is a brief summary of the types of data involved in supporting the use case. This involves use case application for the following areas of airports: • Technology Services; • Terminal Operations; • Landside Operations; • Concessions; and • Security. The outlines for theses use cases demonstrate common data types that will need to be understood and addressed by airports and airport stakeholders. These use cases will be expanded, and additional use cases may be added as this project continues. 

74    ACRP LRD 42 C. Technology Services Use Case Description Data Type & Use Cellphone Services System to identify and track individual Biographic and location data used by service cellphones while providing cellular connectivity. providers independent of airport Passenger Pathway Analytics System to model the movement of people from Computer vision, LIDAR, and/or cellphone one area of the airport to another. tracking is conducted by vendors providing airports and other partners with anonymized and aggregated insights Personalized Wayfinding System to provide wayfinding directions to an Biographic and location data used by vendors individual. to personalize wayfinding via smartphone anonymized analytics provided to airport and other partners Wi-Fi Services System to authorize and track passenger use of Biographic and location data used by Wi-Fi Wi-Fi. provider for access management latest generation technology able to also provide airport and partners with passenger movement data D. Terminal Operations Use Case Description Data Type & Use Baggage Handling System to process and track bags unique to Biographic data to track and route baggage individual passengers. through system used by airlines, airports, and security agencies Biometric eGates System to identify and verify passengers while Biometric data used by airlines and security boarding or disembarking from a flight. agencies Biometric Self-Service Bag Drop System to identify and verify passengers as they Biometric data used by airlines and security submit a bag into the baggage handling system. agencies Biometric Self-Service Check-in System to identify and verify passengers as they Biometric data used by airlines and security eCheck into their flights. agencies Common Use Airline System System used by various airline companies to Biographic data used by airlines and airports to process passenger and employee information in support terminal operations support of airline operations Queue Management System to track wait-times in lines at ticketing Computer vision, LIDAR, and/or cellphone and SSCPs tracking is conducted by vendors providing airports and other partners with anonymized and aggregated insights Remote Bag Drop System to register and process a passenger’s Biographic data to track and route baggage baggage through system used by airlines, airports, and security agencies Wheelchair Services System to manage wheelchair services for Biographic data used by airlines and airport to individual passengers in need arrange and provide wheelchair services 

ACRP LRD 42   75 E. Landside Operations Use Case Description Data Type & Use Automated License Plate System to identify vehicles by their license Biographic and license plate data used by Recognition (ALPR) plate as they enter various zones within airport airports and vendors property Automated Vehicle Identification Transponder system to identify unique vehicles Biographic and transponder data used by (AVI) as they enter various zones within airport airports and vendors property Curb Management System to identify individual vehicles and Biographic and license plate data used by manage curb use airports and vendors Smart Parking System to purvey and manage parking for Biographic and license plate data used by individual passengers airports and vendors F. Concessions Use Case Description Data Type & Use Airport Apps Mobile app to assist individual travelers with Biographic and location data used by airports information and services tailored to their profile and partners Airport Loyalty Program Digital service to give incentives and benefits Biographic data used by airports and partners to individual travelers based on their frequency of us Common Use Lounge System to identify and manage lounge access Biographic data used by airports and partners and service transactions Digital Marketplace Online marketplace to assist travelers to make Biographic and location data used by airports purchases using the web and partners Retail: Point of Sale System to process payment Payment card information used by airports and partners Retail Analytics System to track and profile passenger shopping Computer vision, LIDAR, and/or cellphone behavior tracking is conducted by vendors, providing airports and other partners with anonymized and aggregated insights 

76    ACRP LRD 42 G. Security Use Case Description Data Type & Use Airport Access and Perimeter System to detect and identify individuals Biometric and/or biographic data used by Control involved in unauthorized access and perimeter airports, partners, and security agencies breaches. This system includes identity management for individuals granted unescorted access as well as programs to manage visitors and contractors (particularly those engaged in airport construction). Door Access Control and System to grant or restrict access to sensitive Biometric and/or biographic data used by Monitoring areas airports, partners, and security agencies Hotlist/Watch list System to identify individuals of interest Biometric and/or biographic data used by airports, partners, and security agencies Lost & Found System to register and process the release of lost Biographic data used by airports, airlines, and items to those who lost them security agencies Health Checks System to check passengers and employees for Video and thermal imaging information used fever by airports, airlines, and security agencies SSCP–Passenger Screening System to identify and authorize passenger Biometric and/or biographic data used by access privileges airports, partners, and security agencies 





ACKNOWLEDGMENTS This study was performed under the overall guidance of the ACRP Project Committee 11-01. The Committee was chaired by ELIZABETH SMITHERS, Charlotte Douglas International Airport, Charlotte, North Carolina. Members are MONICA R. HARGROVE, Metropolitan Washington Airports Authority, Washington, D.C.; JOSEPH HUBER, Cincinnati/Northern Kentucky International Airport, Cincinnati, Kentucky; D. SCOTT KNIGHT, Tampa International Airport, Tampa, Florida; SARAH MEADOWS, University of Arizona, Tucson, Arizona; and CLYDE OTIS, Post, Polak, Goodsell, and Strauchler P.A., Roseland, New Jersey. DAPHNE A. FULLER provides liaison with the Federal Aviation Administration, PABLO NUESCH provides liaison with Air- ports Council International—North America, JUSTIN BARKOWSKI provides liaison with American Association of Airport Executives, ROBERT J. SHEA provides liaison with the Transportation Research Board, and THERESIA H. SCHATZ repre- sents the ACRP staff. 

Transportation Research Board 500 Fifth Street, NW Washington, DC 20001 Subscriber Categories: A  viation • Data and Information Technology • Planning and Forecasting • Law These digests are issued in order to increase awareness of research results emanating from projects in the Cooperative Research Programs (CRP). Persons wanting to pursue the project subject matter in greater depth should contact the CRP Staff, Transportation Research Board of the National Academies of Sciences, Engineering, and Medicine, 500 Fifth Street, NW, Washington, DC 20001.