National Academies Press: OpenBook

Legal Implications of Data Collection at Airports (2021)

Chapter: LEGAL IMPLICATIONS OF DATA COLLECTION AT AIRPORTS

« Previous: CONTENTS
Page 3
Suggested Citation:"LEGAL IMPLICATIONS OF DATA COLLECTION AT AIRPORTS." National Academies of Sciences, Engineering, and Medicine. 2021. Legal Implications of Data Collection at Airports. Washington, DC: The National Academies Press. doi: 10.17226/26207.
×
Page 3
Page 2
Suggested Citation:"LEGAL IMPLICATIONS OF DATA COLLECTION AT AIRPORTS." National Academies of Sciences, Engineering, and Medicine. 2021. Legal Implications of Data Collection at Airports. Washington, DC: The National Academies Press. doi: 10.17226/26207.
×
Page 2

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

ACRP LRD 42 3 LEGAL IMPLICATIONS OF DATA COLLECTION AT AIRPORTS Donald R. Zoufal, CrowZ Nest Consulting, Inc., Chicago, IL; Sean Cusson, Del Ray Solutions LLC, Alexandria, VA; Diane J. Larsen (Ret.), Circ. Ct. of Cook County, State of Illinois, Chicago, IL; Tobias Person, Von Oxon, LLC, Los Angeles, CA; Daniel Hantman, Chicago, IL; and E. Austin Maliszewski, Austin, TX I. INTRODUCTION A. Background of the Research As technology evolves, airports and their partners collect more data from passengers, employees, tenants, concessionaires, airlines, and others. This data is used in many ways, including for facility management, security, ground transportation, mar- keting, understanding passenger preferences, and enhancing the travel experience. Similarly, airports and their tenants have considered whether and how they can collect data. A wide range of functions within the airport environment will use this data, including management, operations, marketing, external affairs, concessions, and planning and development. Those seeking to gather information may not consider or be aware of the appli- cable legal requirements governing data collection and use, let alone the far-reaching implications associated with compliance. Implications include generating, preserving, and storing public records and financial data; complying with data privacy statutes and regulations; and creating infrastructure to prevent and re- spond to data breaches. Over the last two decades, the aviation sector increasingly employed sensor systems, data collection, and information pro- cessing to facilitate the passenger journey. Especially since the advent of smartphones and the digitization of virtually every- thing in recent years, data is generated from almost every aspect of the passenger journey. Data can be produced and collected from a passenger’s device; it can be captured by systems owned and operated by the airport or its partners; it can be collected by third-party businesses; or it can be collected by federal agen- cies. In most cases, data services are trending toward a complex partnership of various parties collaborating to support the pas- senger journey more seamlessly. For example, the 2019 publication of the Transportation Security Administration’s (TSA) TSA Biometric Roadmap1 en- capsulates a vision for data collection and use, including bio- metric data, to facilitate passenger movement across the passen- ger experience. TSA’s Biometric Roadmap involves data sharing between air carriers, TSA, and Customs and Border Patrol (CBP) to address commercial, operational, and security mea- sures essential to travel. While TSA’s vison of the passenger journey does not specifi- cally address airport participation in the program, airports and 1 U.S. Dep’t of Homeland Sec., Transp. Sec. Admin., TSA Bio- metrics Roadmap: For Aviation Security and the Passenger Experience, 18 (2018), available at https://www.tsa.gov/sites/default/ files/tsa_biometrics_roadmap.pdf. their staff coordinate these implementations within the spaces that belong to them, and at times are beneficiaries of some of the data produced by those systems. The model is also instructive of the type of data being collected and shared among airport stake- holders. More direct airport involvement in data collection and sharing programs occurs in the developing areas that enhance the passenger experience. This collection and sharing involves data from personalized information and wayfinding through websites, apps, kiosks, chat bots, and even roaming information service robots; from loyalty programs for parking, concessions and other support services; as well as from passenger path- way analytics (from video and other sensors), from automated license plate recognition for transportation and parking man- agement, and from other emerging capabilities. Operational data sharing between airport stakeholders can enhance airport operations. For example, sharing of passenger load counts and airline operational data can significantly assist airports in short-term and long-term planning. Enhanced data sharing can also provide significant efficiencies and enhance- ments for facilities, planning, and maintenance; airfield, termi- nal, and landside operations; safety and security; and so on. That sharing can include both anonymized and privacy data, but also involves significant proprietary concerns on the part of the air- lines and other commercial operators. Another area of growing data concern is increased data col- lection, or the potential of collection, by security operations in airports. Often this data collection involves the use of CCTV systems operated in connection with airport security programs. Security providers, however, are not the only CCTV users. Other actors in the airport context recognize the operational value of CCTV to enhance airport operations or customer engagement. In many instances, despite capability for image sharing, separate stovepipe systems are created. The proliferation of continually advancing CCTV creates large pools of data at airports. Further, as the use of CCTV grows, biometric analytic tech- nologies, such as facial recognition, continue to develop. These analytic tools are increasingly available to leverage existing sys- tems, such as CCTV or other camera systems. However, this growing ability raises additional privacy concerns. While the use of such technologies has been primarily in the retail sector, currently most of the biometric use with respect to passengers is limited to security and passenger processing programs man- aged by TSA or CBP along with the airlines. The advancement of biometrics has also seen increasing use in connection with

CONTENTS I. Introduction, 3 A. Background of the Research, 3 B. Objective of the Research, 5 C. How to Use the Digest, 5 D. Summary of Section Content, 5 II. Literature Review, 6 A. New Technology–New Concerns, 6 B. Adapting to Technology Change and Developing Considerations, 6 C. Statutory and Regulatory Move Toward Prevention, 6 D. International Distinctions, 8 E. Present Day Challenges in Defining Privacy and Enforcement Practice, 9 F. New Technology Driven Privacy Frontiers, 10 G. Growing Discussions of Airport Data Use Cases in the Literature, 10 III. Airport Data Use Cases, 11 A. Use Case Domain #1—Technology Services–PPA, 12 B. Use Case Domain #2—Security and Terminal Operations–Biometrics, 14 C. Use Case Domain #3—Landside Operations– Automated License Plate Recognition (ALPR), 16 D. Use Case Domain #4—Airport Digital Landscape (Websites, Mobile Apps, e-Commerce, Wi-Fi and CRM), 18 E. Use Case Domain #5—Health Checks–Temperature Screening, 20 F. Conclusion, 22 IV. Developments in Federal Constitutional Protections, 22 A. Carpenter and the Contours of Privacy Protections, 22 B. Recurrent Themes in Supreme Court’s Privacy Analysis, 24 V. Survey of Federal Statutory Provisions and Federal Agency Actions, 26 A. Early Federal Statutory Efforts to Address Privacy, 26 B. Additional Federal Statutory Provisions, 29 C. Federal Agency Actions, 34 VI. Federal Enforcement Activities and Other Federal Initiatives, 35 A. FTC Enforcement Activity and the Creation of “Privacy Common Law”, 35 B. Rulemaking Authority, 40 C. Advocacy and Education, 40 D. Other Executive Branch and Congressional Initiatives, 41 E. Future Trends, 41 VII. Overview of State Constitutional Privacy Protections, 41 VIII. State Statutory Privacy Protections and Trends, 43 A. Data Security Laws Regulating the Public Sector, 43 B. Data Security Laws Regulating the Private Sector, 43 C. Data Disposal/Destruction Laws, 44 D. Data Breach Laws, 44 E. Consumer Protection, 45 F. State Legislative Initiatives and Trends, 47 G. Other State Legislative Bills, 48 H. Conclusions, 49 IX. Developing State and Local Laws, and Federal Agency Actions and Legislative Proposals on Biometrics Usage, 49 A. State Law Developments, 49 B. Local Restrictions, 51 C. Federal Agency Actions and Legislative Proposals, 52 X. Interplay of Privacy and Open Government Records, 54 A. Provisions for Open Government, 54 B. Public Records and Retention, 55 C. Trends in State FOIA Provisions, 55 XI. Payment Card Industry Data Security Standard (PCI DSS) and Airports, 57 A. Contractual Duties and Liabilities, 58 B. Model Industry Standard, 58 XII. International Efforts, 59 A. GDPR, 59 B. Bilateral Agreements to Enforce GDPR Principles, 61 C. The Cookie Law, 62 D. Other International Efforts, 62 E. Conclusions, 63 XIII. Policy Considerations and Contractual Provisions for Data Collection and Usage, 63 A. Policy Considerations, 63 B. Contractual Issues, 67 XIV. Resource Guide, 69 A. Resources Identifying State Laws on Data, 69 B. Resources Identifying State Laws on Records Retention and Freedom of Information, 69 C. Resources on Federal Law for Consumer Protection, 69 D. Resources on International Law, 70 E. Resources on Technical Issues Relative to Privacy and Data Protection, 70 F. Sample Airport Privacy Policies, 71 XV. Conclusions, 71 APPENDIX: Airport Technology and Privacy, 73 2 ACRP LRD 42

Next: I. INTRODUCTION »
Legal Implications of Data Collection at Airports Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

As technology evolves, airports and their partners collect more data from passengers, employees, tenants, concessionaires, airlines, and others. This data is used in many ways, including for facility management, security, ground transportation, marketing, understanding passenger preferences, and enhancing the travel experience.

The TRB Airport Cooperative Research Program's ACRP Legal Research Digest 42: Legal Implications of Data Collection at Airports provides a survey of applicable law; considerations for the collection and safekeeping of data; and a review of the issues that arise related to data collection among airports, their tenants, and other users. It also offers an understanding of the expansion in law around data collection and use.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!