The Electronic Privacy Information Center (EPIC) filed a complaint Monday with the Federal Trade Commission (FTC) claiming JetBlue Airways violated the FTC Act when it provided personal passenger data to Torch Concepts, a data mining company based in Little Rock, Ark. EPIC alleges JetBlue’s actions were in violation of its own privacy policies.
JetBlue does not deny the allegations but says it provided the information at the request of the Department of Defense. The airline also says Torch is a defense contractor working on a project concerning military base security and that JetBlue is not involved in the Transportation Security Administration’s (TSA) controversial CAPPS II program.
In an official company statement, JetBlue said, “It will not be a test airline nor has it ever shared customer information for the TSA’s CAPPS II program and will not do so unless required by law.”
JetBlue’s privacy policy as stated on its website is not to disclose personal passenger information to third parties. The EPIC complaint alleges JetBlue’s disclosures to Torch constitute a deceptive trade practice and is seeking an injunction against the airline, fines and an order forcing JetBlue to disclose to its customers that their personal information was disclosed.
EPIC also filed three Freedom of Information Act requests related to possible government use of the JetBlue data.
“The information given to Torch contained name, address and phone number, along with flight information, but absolutely no payment or credit card information,” David Neeleman, CEO of JetBlue, said in the company statement. “While this is a concern, we want to let our customers know that we are fully committed to their privacy and are working with the assistance of Deloitte & Touche to further develop our internal processes and procedures to address the protection of personally identifiable customer information.”
JetBlue confirmed it had entered into discussions with the TSA regarding the CAPPS II program and had agreed initially to participate in its development.
In late July, the Department of Homeland Security issued new guidelines for the program aimed at defusing the firestorm of criticism that followed the March disclosures that the TSA planned to scan government and commercial databases for potential terrorist threats when a passenger makes flight reservations.
Although the TSA dropped its previous plans to access passenger credit records and said it would only use commercial information to help verify name, address and date of birth, critics say TSA still intends to use highly classified intelligence and law enforcement data to measure threat levels.
“We support the TSA and the important work they do to ensure the safety and security of all airline passengers but we decided not to be involved in CAPPS II testing given the unresolved issues regarding privacy protection,” said David Neeleman. “Along with other airlines, we look forward to continuing our partnership with the TSA to improve airline security while being respectful of customer privacy concerns.”