Airlines and ticket agents regularly collect personal information from passengers in the course of business that may not be otherwise publicly available such as name, date of birth, and frequent flyer number. It is important for this information to be collected and maintained responsibly.
Mishandling the private information of consumers may be considered an unfair or deceptive practice. DOT has the authority to investigate complaints and take action against airlines and ticket agents for unfair or deceptive practices. This authority includes imposing civil penalties where appropriate.
It is an unfair or deceptive practice for an airline or ticket agent to violate the privacy of airline passengers by:
- violating a rule issued by the DOT identifying specific privacy practices to be unfair or deceptive
- violating the Children's Online Privacy Protection Act (COPPA) or Federal Trade Commission (FTC) rules implementing COPPA
- failing, as a participant in the Privacy Shield Framework, to comply with Privacy Shield Principles
- engaging in an “unfair” practice. In general, a practice is unfair if it causes or is likely to cause substantial injury, which is not reasonably avoidable, and the harm is not outweighed by benefits to consumers or competition.
- engaging in a “deceptive” practice. A practice is deceptive if it is likely to mislead a consumer, acting reasonably under the circumstances, regarding a material matter. A matter is material if it is likely to have affected the consumer’s conduct or decision with respect to a product or service.
To file a privacy-related complaint, click here. You may contact DOT by phone at 202-366-2220. Calls are returned Monday through Friday, generally between 7:30 am and 5:00 pm Eastern time. Please know that in order for a case to be processed as a complaint, it must be submitted in writing.
In general, the Children’s Online Privacy Protection Act (COPPA) prohibits operators of web sites from obtaining personal information from children under the age of 13 without first obtaining parental consent. The FTC has issued regulations implementing COPPA.
DOT enforces COPPA with respect to airlines. DOT and FTC share jurisdiction over ticket agents with respect to COPPA.
For further information about COPPA, see the FTC COPPA Page.
Privacy Shield is a method by which companies may transfer consumers’ personal data from the European Union (EU) to the United States without violating EU privacy law. Privacy Shield is administered by the Department of Commerce. Participants in Privacy Shield agree to follow Privacy Shield Principles. In addition, Privacy Shield participants must list the appropriate U.S. entity with jurisdiction to investigate any claims against the participant regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy.
DOT is the enforcement authority for airlines participating in Privacy Shield. DOT shares jurisdiction with the FTC regarding ticket agents participating in Privacy Shield. The Department has publicly committed to make enforcement of the Privacy Shield a high priority.