Privacy, please: How much personal data would you share for the freedom to travel?
Your phone is tracking your location. The Transportation Security Administration (TSA) knows your travel plans before you even show up at the airport. An app on your phone may unlock your hotel room.
The fact is, most of us have already given up a lot of privacy and freedom to travel.
And the coronavirus pandemic has added another layer of monitoring that's less about making sure travelers aren’t a security threat and more about making sure they’re healthy. In recent months, the travel industry has either considered or already rolled out electronic monitoring at hotels, vaccine passports and social distancing using crowd data pulled from cellphones.
So, how much privacy -- especially health data -- will people be willing to sacrifice to travel again?
For more TPG news delivered each morning to your inbox, sign up for our daily newsletter.
TPG's senior news editor, Clint Henderson, recently stayed at a resort in Hawaii where he was required to check in on an app daily to report his health status. It was part of an “enhanced movement quarantine” program that uses tracking bracelets to keep tabs on guests. He received daily emails from the state of Hawaii reminding him to check-in and comply with all the quarantine regulations. Breaking the rules came with stiff penalties: fines up to $5,000 or even jail time.
Visitors to New York City might receive a knock at the door to make sure they're following the quarantine rules. And if you want to visit Barbados or the Cayman Islands during the pandemic, be prepared to be tracked. Like Hawaii, both islands monitor travelers to ensure they’re abiding by quarantine regulations.
For some travelers, being subjected to increased monitoring is fine as long as they get to hit the road again.
“I know I’m already being tracked for advertising purposes, at a minimum, by apps,” said Kirstin Stone, a member of the TPG Lounge Facebook group. “If there was a secure public health solution that would keep people safe and allow travelers some confidence to travel without getting sick, I’d happily accept it.”
But some travelers have real concerns about the privacy of their health data or view the new policies as a dangerous government and Big Tech overreach that might not be undone.
“I can see [tracking tools] being rolled out to control the spread of the virus, and then never rolled back,” said Anthony Sigalas, also a member of the TPG Lounge Facebook group.
Last month, TPG reported that vaccine and health passports will likely be instrumental in restarting international travel. But that doesn’t mean travelers completely trust them. A study by NordVPN found that 21.5% of Americans were afraid their vaccination record would be lost, while a third feared their record could be stolen.
“The two areas of concern are what the government is going to do with this information, and what does it mean that that information lives on my phone,” said Laura Hautala, a staff writer at CNET (which is owned by TPG's parent company, Red Ventures) who writes about cybersecurity and privacy.
This information (which includes things like vaccine passports and health passports) will likely be used to further mitigate the spread of COVID-19, said Marijus Briedis, the chief technology officer at NordVPN, in an email.
"Unvaccinated people might be restricted from going to regions where herd immunity has not been formed yet," he said. "If travel restrictions are imposed for [the] unvaccinated, vaccine shot records would be used to control our journeys periodically."
But it's not unrealistic that bad actors might try to target health data. For instance, more than 41 million patient records were breached in 2019, according to HealthITSecurity, a website that covers health data security and privacy. More recently, Qatar's COVID-19 tracking app was revealed to be vulnerable to cyberattacks that could have shown users' health status and location data.
“Everything can be hacked. The question is if the reward is worth the effort ... what we must understand is that the amount of data collected from internet users is massive," Briedis said.
Several companies have already announced or rolled out health passports. American Airlines and British Airways worked with a tech firm, Daon, to introduce a mobile health passport called VeriFLY. The app -- which is voluntary to use -- certifies negative test results and required travel documentation to streamline the travel journey.
But if you're worried about protecting your privacy, Daon said that travelers have "strict controls" over how their information is shared, and with whom. An executive on a British Airways media call also said the app uses the same secure mobile wallet as a digital bank account.
"When a customer chooses to use VeriFLY, any tests or health insurance documents they upload [are] purely confidential within the VeriFLY ecosystem, and American doesn't receive any of that," Preston Peterson, American Airlines' director of customer experience innovation, said in an interview. "We've been very careful to make sure that we safeguard our customer's data and take their privacy concerns very seriously."
Like slipping off your shoes at the airport before security, some form of health surveillance is likely to stay in place after the pandemic is behind us. And though travelers may have genuine concerns about their privacy, and who has access to their personal data, it seems likely that tools such as vaccine passports and biotechnology screening devices may become a permanent part of the travel experience -- whether passengers like it or not.
Right now, however, it's unclear where the line will be drawn.
“Similar to facial recognition, once you create the infrastructure for something, there's a temptation to find new uses for it," Hautala told TPG. "It's entirely possible that tracking health information will become a bigger part of international travel."