“There is no privacy,” says Tab Stone, a pediatrician from Los Angeles who’s a frequent traveler. “Reservation information is shared with the TSA if you’re on a flight. If you use a credit card to pay, it’s in a database. For years, many other countries have required hotels to hold or copy passports and give the information to the local authorities.”
Privacy advocates largely agree that to travel is to leave your personal data scattered across the information highway for almost anyone to see.
Justin Brookman, the director of consumer privacy at the Center for Democracy & Technology, says that current laws don’t adequately protect your personal information when you’re on the road. “When you give information over to a company, it can do whatever it wants with it,” he says. “The information could just be used to advertise to you, or it could be used to change the prices you see the next time you search for or buy tickets.”
But it doesn’t have to be that way. Privacy advocates point to several possible plugs for the information leak.
First, they suggest that companies could voluntarily choose to protect your data as a matter of policy.
Consider what happened to Dori Egan, who told me that she gave her cellphone number to a hotel reservation service two years ago and has regretted the decision ever since. “This was my personal cellphone, and I’m very careful about giving the number to anyone,” says Egan, who owns a small business in San Francisco. Almost immediately after divulging her number, she began receiving text messages to the phone from businesses related to the hotel site, and try as hard as she did, she couldn’t stop them.
“I’m still getting text messages to this day,” she complains.
Had the reservation service voluntarily agreed to keep Egan’s information private, it wouldn’t have incurred her wrath. Travel companies often give themselves permission to share this kind of information with third parties by pre-checking a box on a Web form that customers are asked to complete. That automatically adds their guests to a marketing list that the company shares with corporate “partners” who often pay for the information.
Paul Stephens, the director of policy and advocacy for the San Diego-based Privacy Rights Clearinghouse, says that many travel companies handle customers’ personal data in a reckless way, and with no legal consequences. This becomes particularly problematic when the information is deeply personal, such as your pillow preference or your taste in movies, which your hotel collects during a stay. Although the Federal Trade Commission requires that companies abide by their published privacy policies, some don’t have adequate privacy rules to begin with, says Stephens.
Another fix: Pass new laws protecting consumer privacy. Edward Hasbrouck, a privacy rights advocate who specializes in travel, says that Congress should consider a comprehensive privacy bill that would protect your personal data when you’re on the road, modeled on Canadian and European Union privacy laws.
In the United States, a company can use any information it can obtain about you in any way not explicitly forbidden by law or by the terms of your contract. In Canada and the E.U., it’s the reverse: Businesses can use or share your data only for the specific purpose for which you provided it, or if you give them permission.
These protections should also apply to the government, Hasbrouck says. The U.S. Department of Homeland Security has direct access to the Global Distribution Systems used to make airline, hotel and cruise reservations. That information is mined by government intelligence agencies, he adds.
“Measures to address the surveillance scandal need to include government surveillance and logging of the movements of our bodies just as much as, if not more than, government surveillance and logging of the movements of our messages,” Hasbrouck notes.
But perhaps the most effective way to keep your information private is to simply refuse to give your personal information to anyone unless you’re required to.
“There are times I’m forced to give my date of birth, like when I fly,” says Howard LaVine, a technology consultant from Clifton Park, N.Y. “But there are many others when I’m asked for information that the business doesn’t need. When someone asks for my driver’s license number, Social Security number or similar personally identifiable information, I question why they need it and usually don’t provide it.”
Taking a few common-sense precautions can significantly reduce the possibility that your personal data will fall into the wrong hands, says Christopher Wolf, co-chairman of the Future of Privacy Forum and a partner in the Washington office of the law firm Hogan Lovells. For example, taking care not to reveal your password when using a laptop computer, a tablet or a smartphone in public can protect your privacy in a meaningful and immediate way. “Something as simple as a privacy screen on a device makes sense,” he says.
In the end, there are no easy solutions. New privacy laws seem unlikely to be enacted in the near future, and the travel industry is largely unmotivated to regulate itself, some advocates say.
But probably not as unmotivated as travelers, most of whom simply fork over their personal information at every step without a second thought.
Lee Tien, a staff attorney at the San Francisco-based Electronic Frontier Foundation, admits that the current options are terrible. Paying cash avoids leaving a trail, although it can also raise suspicions. Making sure that you don’t reveal any personal details about your travel plans via social media might prevent your home from being burglarized, but it’s no guarantee. Tien makes sure to carry a computer with only the data he needs, lest a customs agent at the border try to scan it and harvest the information.
The NSA scandal “raises the stakes” on the privacy discussion, he says. Maybe it will also raise our awareness of the information we’re about to give up when we travel this summer.
E-mail Christopher Elliott at