March 9 - IATA Plans to Blatantly Ignore Data Privacy Obligations Under New EU CRS Code of Conduct


BTC warns that IATA’s “Passenger Intelligence Services” Data Product Dangerously Exposes Travel Agency and Corporate Buyer Identities, Average Prices Paid

All consumers of air transportation services to face higher fares

Brussels, Belgium, 9 March 2009 – Business Travel Coalition (BTC) today responded with strong disapproval to industry reports that the International Air Transport Association (IATA), the airline industry’s trade organisation, has been informing airlines that it plans to blatantly ignore its data privacy obligations under the new European Union’s Computerised Reservation System (CRS) Code of Conduct. The new Code, which becomes officially effective on 29 March 2009, contains clear obligations to mask travel agency and corporate purchasers’ identification in all sales and booking data products any firm markets to airlines.

Unless IATA is obliged to comply with the privacy requirements in Section 7.3, its data product (called by IATA “Passenger Intelligence Services” or “PaxIS” for short) would have a chilling effect on airline corporate discounting and drive up prices paid by both small and mid-size enterprises (SMEs) and individual consumers.

“In revising the Code, European governmental institutions took specific notice of PaxIS and made clear their intent that IATA should have no regulatory pass for PaxIS because they knew they would have accomplished nothing by way of protecting the data privacy rights of corporations and travel agencies if IATA had been exempted from the safeguards of the Code,” said Kevin Mitchell, Chairman of BTC. “The new Code creates a reasonable standard for passenger data dissemination and protection that must be respected by all industry participants.”

IATA has promoted PaxIS to airlines on the basis that unlike the Marketing Information Data Tapes (MIDT) offered by CRSs, PaxIS can be used to “gain intelligence on travel agencies dedicated to a specific organisation” -- in other words, the corporate purchaser.IATA’s non-compliance with Section 7.3 would enable airlines, through PaxIS, to continue to identify the precise magnitude of business airline competitors are securing from many corporations in terms of shares of business and average yields, directly contrary to the intent of the Code to protect the privacy of corporate travel data. With this information airlines would able to set prices at exactly the level sufficient to win corporate business and undermine the corporate purchaser or its agency’s ability to negotiate prices and discounts.

For all travel agencies, whether serving a single customer or many, IATA’s non-compliance with Article 7.3 of the Code would mean that their exact booking behaviour on all carriers would be revealed to all airlines -- without those travel agencies having had the opportunity to give their express consent to the disclosure of agency identification that the Code requires.IATA has touted PaxIS as a tool that would enable airlines to “target agencies not giving you a fair share based on the capacity available for a specific market.” Armed with PaxIS, airlines would know how to target for punishment those travel agencies deemed to be “underperforming” when it comes to offering them travel agency discount programs on which millions of SMEs rely. The consequence is that major corporations, SMEs and individual airline consumers could all expect to pay permanently higher prices for air travel.

“This is the first major test for the potential efficacy of EU’s new CRS Code and an opportunity for the Commission to demonstrate in enforcing the Code its resolve to protect the airline consumer,” Mitchell said. “EC regulations call for up to a ten-percent fine on a firm’s or organisation’s annual revenue for violation of such regulations. BTC calls on IATA to confirm publically it will fully comply with Article 7.3 of the new Code when it comes into force.”

©2001 to 2017 Business Travel Coalition, Inc..