To produce safe and smooth air travel, an airport makes use of certain passenger data. For example: for safety and security reasons, passengers are allowed to pass through the security check and enter the security restricted area only if they have a valid boarding pass.
“As the passenger shows the boarding pass to the security staff or a reader, their data – booking reference number, name, departure and arrival airport designators – are utilised by Finavia’s system to check that this passenger’s flight is departing within a certain timeframe,” says Finavia’s Data Protection Officer Jarmo Lumiaho. “The security officer will not see this data, only the green or red light that indicates whether the passenger is allowed to enter the security restricted area.”
Similarly, the boarding pass is shown at the gate, where the airline will check that the passenger is allowed to board the plane. This data is used only once, and it not updated in the system. Based on the booking number, Finavia will also track the length of the passenger’s journey from security check to the gate. This information is used to develop airport services.
“It’s important that people understand that the data we collect is not personalised: we do not need or use passengers’ names in the analysis, only data based on the booking reference number,” Lumiaho says.
GDPR strengthens personal data privacy
In May 2018, all EU countries started to enforce the EU’s General Data Protection Regulation (GDPR), which enhances personal data privacy and strengthens citizens’ rights to gain information about the use of their personal data.
GDPR requires companies to strengthen their data privacy practices and inform people about what kinds of personal data they collect and use, and how. Finavia has also reviewed all its registers and personal data handling processes.
“You can view our General Data Protection Principles document for more information about the principles and practices governing the collecting and processing of personal data by Finavia. People can trust that Finavia collects only the necessary data to provide and develop airport services and that we process personal data with care, according to the EU’s GDPR,” Lumiaho says.
“We let people know how we use their data and also expect our suppliers to adhere to GDPR.”
Only the necessary data is collected
The data in your boarding pass is only one example of personal data utilised at the airport to offer safe and functional services. In addition, the airport uses, for instance, location data from mobile devices connected to Bluetooth or Wi-Fi technology to predict queuing times to security check and for modelling airport passenger flow; data about passengers with reduced mobility to offer them assistance; and baggage data to transfer passengers’ luggage to the correct gate.
On Finavia’s website customer data is collected, for instance, to pre-book parking spaces. In addition, personal data about the people working at the airport is collected, for instance, to permit access to restricted areas and the use of IT systems.
“In all our data collecting, we only gather the necessary data to be able to provide our services and develop our service processes and passenger experience at the airport. In the majority of all cases, we cannot identify individual persons, even if we collect their name,” Lumiaho says.