Passengers walking in airport showing the concerns on Cathay Pacific’s new privacy policy for airline passengers
Cathay Pacific’s New Privacy Policy Raises Concerns for Airline Passengers by Nicole Lindsey

Cathay Pacific’s New Privacy Policy Raises Concerns for Airline Passengers

The next time you fly on Hong Kong-based airline Cathay Pacific, take a long, hard look at the flight entertainment system on the seat back in front of you – it might just be spying on you. The latest privacy policy update from Cathay Pacific confirms what many passengers have already suspected for a long time: airlines are becoming increasingly intrusive into the details of your personal life, even going so far as to record images of you as you wait to board an airplane.

The new Cathay Pacific privacy policy spells it all out in very clear language: the airline reserves the right to collect as much data as it needs on every single passenger, and then to hold onto that data for an unspecified period of time. And the privacy policy even goes further than that, because Cathay Pacific says that it will also broker data deals about passengers with other travel loyalty programs (such as hotel reward programs), all in an effort to learn as much as it can about its passengers.

A troubled history of user privacy at Cathay Pacific

What makes this expanded privacy policy so disturbing is the fact that Cathay Pacific is not exactly known for its dedication to user privacy. Back in 2018, the company was involved in a serious data breach that exposed the information and personal data of as many as 9.4 million customers. At the time, Cathay Pacific downplayed the magnitude of the security breach, obviously believing that exposing personal data – like the passport information of its passengers – must not be a big deal.

The Hong Kong regulatory authorities, though, took a much dimmer view of the situation. They imposed a series of punitive measures on Cathay Pacific, all designed to make the company more transparent about the way it shares user data. The measures also forced Cathay Pacific to commit to a much stronger privacy policy posture when it comes to protecting user privacy, processing personal data and safeguarding detailed information.

Privacy policy issues at Cathay Pacific

The new Cathay Pacific privacy policy has rightly been panned by data security experts. Yes, the airline is to be commended for being very open about the way it uses, collects and analyzes user data. But the company appears to be going too far when it comes to collecting data, as detailed in the privacy policy. For example, the airline reserves the right to record images of passengers using seat back cameras. At the same time, the company also fervently denies that any of its cameras are actually operational. Cathay Pacific also reserves the right to collect images of passengers – not just when they are aboard the airline, but also in departure and arrival halls.

The flight entertainment system aboard the airline’s planes, too, will become part of a broader data collection strategy at Cathay Pacific. On one level, you could argue that the airline is just eager to provide Netflix-style recommendations anytime a passenger engages with the flight entertainment system. Or that, like Emirates Airlines, which enables video conferencing between first-class passengers and the flight crew, Cathay Pacific is eager to provide a new type of “premium” service that leverages all of the extensive data collection already underway.

But make no mistake about it – Cathay Pacific says that it is collecting every last scrap of data it can about passengers, and then combining all this data into a sort of super-profile for data transmission. The additional data being collected by Cathay Pacific includes information about lost luggage claims, previous travel itineraries, hobbies, interests, and airport activity before and after flights.

Are airlines taking privacy seriously enough?

This might sound very creepy, but as Cathay Pacific executives have explained in the past, it’s really just about remaining competitive in the high-end VIP air passenger marketplace. There’s big bucks to be made by super-serving the world’s elite passengers (including frequent flyers), and Cathay Pacific has clearly set its strategy on knowing as much as it can about these VIP passengers. That extends as far as the activities at the airport that these VIP passengers enjoy.

But, as the recent example of British Airways shows, there are a lot of trade-offs involved here when it comes to collecting data on passengers. British Airways is facing a potential $230 million fine for a massive data breach that impacted airline passenger records. Having access to so much data obviously comes with its share of risks, since that vast trove of data can be a goldmine for hackers. The goal of such a massive fine was to make an example of British Airways, showing other airlines that they should be taking user privacy very seriously.

Yet Cathay Pacific only seems to have received half the message. Yes, the company is now more transparent about its privacy policy. But, at the same time, the company says that images captured via CCTV are now fair game. And here’s the thing: the company says outright that “no data transmission… can be guaranteed to be secure.” And the company says it is only willing to go as far as to offer “commercially reasonable” security measures. In other words, the company really doesn’t want to spend the extra time or money to get the very best data security money can buy to protect personal information from a potential data breach.

No more illusions of passenger privacy

At one time, it was thought that what happened at 30,000 feet above the ground was safe from prying eyes. But that’s no longer the case. Hong Kong-based Cathay Pacific has made it clear that airport lounges and aircraft seats are going to be watched, whether it is by CCTV on the ground or by flight entertainment systems in the air. And they are brutally honest that they will continue to collect information and personal data about its passengers. Of course, they tell us that this is merely for the new era of hyper-personalization and hyper-customization. But the sinking feeling here is that the era of surveillance capitalism may now be so entrenched and so ubiquitous that there simply can no longer be any illusion of passenger privacy when traveling.