“There is no privacy,” says Tab Stone, a pediatrician from Los Angeles who’s a frequent traveler. “Reservation information is shared with the TSA if you’re on a flight. If you use a credit card to pay, it’s in a database. For years, many other countries have required hotels to hold or copy passports and give the information to the local authorities.”
Privacy advocates largely agree that to travel is to leave your personal data scattered across the information highway for almost anyone to see.
Justin Brookman, the director of consumer privacy at the Center for Democracy & Technology, says that current laws don’t adequately protect your personal information when you’re on the road. “When you give information over to a company, it can do whatever it wants with it,” he says. “The information could just be used to advertise to you, or it could be used to change the prices you see the next time you search for or buy tickets.”
But it doesn’t have to be that way. Privacy advocates point to several possible plugs for the information leak.
First, they suggest that companies could voluntarily choose to protect your data as a matter of policy.
Consider what happened to Dori Egan, who told me that she gave her cellphone number to a hotel reservation service two years ago and has regretted the decision ever since. “This was my personal cellphone, and I’m very careful about giving the number to anyone,” says Egan, who owns a small business in San Francisco. Almost immediately after divulging her number, she began receiving text messages to the phone from businesses related to the hotel site, and try as hard as she did, she couldn’t stop them.
“I’m still getting text messages to this day,” she complains.
Had the reservation service voluntarily agreed to keep Egan’s information private, it wouldn’t have incurred her wrath. Travel companies often give themselves permission to share this kind of information with third parties by pre-checking a box on a Web form that customers are asked to complete. That automatically adds their guests to a marketing list that the company shares with corporate “partners” who often pay for the information.
Paul Stephens, the director of policy and advocacy for the San Diego-based Privacy Rights Clearinghouse, says that many travel companies handle customers’ personal data in a reckless way, and with no legal consequences. This becomes particularly problematic when the information is deeply personal, such as your pillow preference or your taste in movies, which your hotel collects during a stay. Although the Federal Trade Commission requires that companies abide by their published privacy policies, some don’t have adequate privacy rules to begin with, says Stephens.