Official US Government Icon

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure Site Icon

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Secretary Buttigieg Announces First Industry-Wide Privacy Review of U.S. Airlines

Thursday, March 21, 2024

Review will look at airline policies and training to ensure that passengers’ sensitive personal information is not improperly monetized or shared with third parties  

WASHINGTON – U.S. Secretary of Transportation Pete Buttigieg today announced the Department of Transportation (DOT) will undertake a privacy review of the nation’s ten largest airlines regarding their collection, handling, maintenance, and use of passengers’ personal information. The review will examine airlines’ policies and procedures to determine if airlines are properly safeguarding their customers’ personal information. In addition, DOT will probe whether airlines are unfairly or deceptively monetizing or sharing that data with third parties. As DOT finds evidence of problematic practices, the Department will take action, which could mean investigations, enforcement actions, guidance, or rulemaking.

“Airline passengers should have confidence that their personal information is not being shared improperly with third parties or mishandled by employees,” said U.S. Transportation Secretary Pete Buttigieg. “This review of airline practices is the beginning of a new initiative by DOT to ensure airlines are being good stewards of sensitive passenger data. DOT is grateful for the expertise and partnership of Senator Wyden as we undertake this effort to protect passengers.”

“Secretary Buttigieg and the Biden Administration deserve serious credit for working with me to launch a new initiative to review the privacy practices of the major U.S. airlines,” said Senator Ron Wyden. “Because consumers will often never know that their personal data was misused or sold to shady data brokers, effective privacy regulation cannot depend on consumer complaints to identify corporate abuses. I will continue to work with DOT to ensure that it is holding the airlines responsible for harmful or negligent privacy practices.”

DOT has stated that mishandling consumers’ private information may be considered an unfair or deceptive practice by airlines. DOT enforces airlines’ compliance with the Children’s Online Privacy Protection Act (COPPA) and the Federal Trade Commission (FTC) rules implementing COPPA, and DOT and FTC share jurisdiction over ticket agents with respect to COPPA. DOT has the authority to investigate complaints and take enforcement action against airlines and ticket agents that engage in unfair or deceptive practices involving passenger information – and impose civil penalties where appropriate.

The privacy review is the first of what will be periodic reviews of airline privacy practices by the Department to ensure that carriers adequately protect consumers’ personal information and follow the law. This year, DOT’s Office of Aviation Consumer Protection (OACP) will conduct a privacy review of Allegiant, Alaska, American, Delta, Frontier, Hawaiian, JetBlue, Southwest, Spirit, and United. OACP staff conferred with Senator Wyden’s office to take advantage of their deep expertise on consumer privacy issues to assist in the creation of the privacy review program.

As part of the privacy review, DOT sent a letter to the airlines requesting information in the following three areas.

  • Policies and procedures relating to the collection, maintenance, handling, and use of airline passengers’ personal information, including policies and procedures relating to monetization of passenger data, targeted advertising, and prevention of data breaches.
  • Complaints alleging that airline employees or contractors mishandled personal information or otherwise alleging that an airline violated an individual’s privacy.
  • Information regarding privacy training, including materials used for training, types of personnel that receive the training, and the frequency of the training.

The privacy review is part of the Biden-Harris Administration’s broader push to protect consumer privacy across the economy. The FTC recently proposed changes to the COPPA rule that would place new restrictions on the use and disclosure of children’s data and further limit the ability of companies to condition access to services on monetizing children’s data. The FTC is also exploring rules to more broadly crack down on the harms stemming from surveillance and lax data security. 

Under the Biden-Harris Administration, DOT has worked to significantly expand consumer rights for airline passengers and is currently pursuing rulemakings that would: 

  • Propose to ban family seating junk fees and guarantee that parents can sit with their children for no extra charge when they fly. Before President Biden and Secretary Buttigieg pressed airlines last year, no airline committed to guaranteeing fee-free family seating. Now, four airlines guarantee fee-free family seating, as the Department is working on its family seating junk fee ban proposal.
  • Ensure fee transparency so that consumers know the cost of flying with a checked or carry-on bag and for changing or canceling a flight before they buy a ticket. The rule was proposed to help consumers make informed decisions, save money, and avoid surprises at checkout.
  • Propose to make passenger compensation and amenities mandatory so that travelers are taken care of when airlines cause flight delays or cancellations. 
  • Ensure that airlines promptly provide a refund when they cancel or significantly change a flight without rebooking the passenger.  
  • Guarantee refunds for passengers for significantly delayed bags and for services they paid for that are not actually provided, such as broken Wi-Fi. 

 Consumers can continue to file privacy-related complaints or comments with the U.S. Department of Transportation at
For general information on DOT’s privacy authority, please visit