Thursday, 22 September 2005

United Airlines to move its reservation database to Amadeus

United Airlines will be moving its reservation database to a computerized reservation system (CRS/GDS) based in the European Union, according to a joint announcement by United Airlines , Amadeus , and the Star Alliance .

The move to a new host for United's database of passenger name records (PNR's) is part of an effort by the Star Alliance to move from being purely a brand label and marketing consortium to at least some degree of operational and infrastructure standardization between members.

Currently, United's PNR's are hosted by Galileo International (marketed in the USA as the "Apollo" CRS/GDS), now a subsidiary of the Cendant Corp. but originally created by, and spun off from, United itself.

The announcement is ambiguous as to whether it specifically entails moving the PNR database hosting, or when that might happen. But Business Travel News reports:

For United, the move to Amadeus means a move off the Apollo reservations system.... Cendant said it "will continue to host United according to the current contract terms," and that Star's announcement was expected. Noting the complexities in switching platforms, Cendant said "it is unlikely that United will begin any such migration before late 2008."

Despite the interconnections between the four major CRS's/GDS's, the most reliable information about an airline's flights, fares, and reservations is typically that provided by the CRS that hosts the airline's master PNR database, and that is used by the airline's own reservations and ticketing staff and rate desk. The travel agency where I work, Airtreks.com , uses Amadeus as our primary CRS/GDS, although we also use Sabre and, rarely, Galileo/Apollo. Assuming we continue to work that way, a move by United to Amadeus would give us more better information about United flights and fares, and our clients' United reservations.

But should travellers care? Possibly, if they care about their privacy. Amadeus is the only major airline reservation hosting company based in the EU (the other three of the big four are based in the USA), and United will be the only major airline in the USA with its reservations hosted by an EU-based company.

(In several previous articles, I wrote incorrectly, based on the information I had at the time, that Continental Airlines' reservations were hosted by Amadeus. While neither Amadeus nor Continental responded to my inquiries before or after those stories appeared, or attempted to correct my error, I've since learned that, in an unusual arrangement, Continental uses Amadeus to host its fare database and to perform pricing and some other functions, but hosts its PNR database separately in the USA in the SHARES system run by EDS .)

The major USA-based CRS's (Sabre, Worldspan, and Galileo/Apollo), all operate in the EU, serve EU customers and subscribers, and are subject (for at least that portion of their data collected in the EU) to the EU Data Protection Directive, the even more stringent PNR confidentiality provisions of the EU Code of Conduct for CRS's , and the EU restrictions on the transfer of personal information form the EU to countries (such as the USA) that don't provide an "adequate" level of protection to that data, once it is transferred. The temporary "adequacy finding" by the European Commission, currently under legal challenge by the European Parliament in the European Court of Justice, pertains only to the adequacy of protection afforded data transferred to the USA government . PNR data transferred to commercial entities, such as CRS's and other airlines, has no legal protection whatsoever in the USA, which is clearly "inadequate" by EU law.

Still, United's move is likely to focus attention, as it should, on Amadeus' flagrant violation of EU privacy laws and the privacy clause of EU CRS regulations in its trans-Atlantic PNR transfers. And it will entitle all subjects of data in United reservations -- including passengers and travel agents in the USA and worldwide -- to the full protections of EU law with respect to data about them in PNR's.

The focus on Amadeus'(non)compliance with EU privacy law in its USA operations may also prompt long-overdue scrutiny of Amadeus' wholly-owned USA subsidiary Airline Automation , the world's largest multi-airline, multi-CRS, PNR data warehouse and aggregator. In 2002, Airline Automation provided the channel for the secret, nonconsensual transfers of more than a million PNR's to contractors working on the USA government's CAPPS-II airline passenger screening and surveillance scheme. I've seen nothing to suggest that, since being acquired by Amadeus in 2003, Airline Automation has brought its practices into compliance with EU privacy law. Airline Automation itself, as well as Amadeus spokespeople in the USA and the EU, continue to decline comment on Airline Automation and EU privacy law.

Link | Posted by Edward on Thursday, 22 September 2005, 22:09 (10:09 PM) | TrackBack (1)
Comments
Post a comment









Save personal info as cookie?