Well, your pre-flight meanderings, from the check-in desk through passport control, duty free, the lounge and all the way to the boarding gate have left behind a trail of data about yourself, picked up via your passport, smartphone, apps, airport Wi-Fi, credit cards and boarding pass.
Large amounts of data are being collected about passengers and we see data collection increasing exponentially as new technologies are deployed to help turn airports into destinations in their own right and an experience to be enjoyed.
The current airport experience is largely geared to passengers getting to their plane as efficiently as possible.
But in the future, our experiences will be propelled by technology, starting before arrival to the airport, online during the journey to the airport and once you arrive.
We expect apps to optimise the time spent at airports, for example by 'nudging' visitors about what to do, enticing them with retail offers and tracking visitors for live departure updates.
If airports can get it right, the customer experience is boosted, operational efficiencies are improved and commercialisation opportunity will be maximised.
Data is key
Data sits behind all of this technology and whilst it will bring vast benefits, passengers will be wary of how their data is being used.
Data use is heavily regulated by law which means that compliance with data protection and cyber security laws is paramount.
However, airports - and technology providers to airports – shouldn’t view data protection as a compliance burden; it's a business opportunity and increasingly a market differentiator.
Why does data protection matter?
There are plenty of reasons to take data protection seriously: regulations demand it, customers expect it and competitors will seek to exploit the opportunities it can present.
Regulations coming down the tracks will place even greater scrutiny on data protection compliance, and need to be built into data strategies.
The European General Data Protection Regulation (GDPR) will come into force on 25 May 2018. Here are five key GDPR takeaways:
Penalties – under the GDPR the supervisory authority (ICO in the UK) will have the power to issue fines of up to the higher of €20m or 4% of worldwide turnover;
Consent – the conditions for consent have been strengthened. Requests for consent must be in clear and plain language. Data subjects must be able to withdraw consent as easily as it was given;
Privacy by design – the GDPR emphasises the concept that data protection should not be an afterthought or an issue casually considered at the end of a project or bolted onto procedures; it must be central to the way that organisations plan and operate;
Data breach notification – Data controllers must notify most data breaches without undue delay and, where feasible, within 72 hours of awareness; and
Pseudonymisation – the GDPR refers to the technique of processing personal data in such a way that it can no longer be attributed to a specific 'data subject' without the use of additional information (which must be kept separately). This may challenge proposed uses of anonymous data.
What's the upside?
Through use of technology, it will be possible to build an airport which is a mini Smart City, with all the advantages that brings in terms of efficiency, convenience and commerce.
Good data protection practice is necessary – not only as a legal prerequisite but to help reduce cyber risk, protect brand value for stakeholders, deepen customer relationships and meet increasingly demanding customer expectations.
There's no escaping a degree of administrative burden that comes with data compliance, but airports have a huge opportunity to harness the gains from the power of data.
About the authors
Adrian Lifely is a Partner and head of Airports Infrastructure & Services and Will Robertson is a Partner and specialist in data protection law at international legal practice Osborne Clarke LLP.