CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

United sends mixed privacy messages

Despite the airline's promise to protect the privacy of people who use its online reservations' system, the company also reserves the right to share personal information with others.

    Despite United Airlines' promise to respect customer's privacy, users of its reservation system could find their personal information exposed.

    The confusion stems from a contradiction between the Web site's privacy policy and its separate so-called "terms and conditions statement."

    While the privacy policy promises to protect users' personal information, the terms and conditions statement asks users to click on a statement indicating that by using the service, United customers give up any expectation of privacy when it comes to use of their personal data.

    The policies come at a time when many businesses, responding to consumers clamoring for assurance that their personal information won't be sold to marketers, are promising to draft privacy policies. Last month, a survey by Georgetown University indicated that while 93 percent of Web sites collect personal information, just two-thirds of Web sites post policies that clarify what they intend to do with that information.

    Less than 10 percent of the Web sites surveyed had policies that enabled users to request the company to bar distribution of their personal information, according to the study.

    United's privacy policy statement promises that United will not authorize any other use of the profile information except by the users themselves.

    But the site's terms and conditions statement says that by using the United Connection reservation system, users give "express and unambiguous approval" for United to use their personal information "for purposes of solicitations, promotions, and marketing programs."

    By using the service, users also give their "express and unambiguous agreement" that they have no " expectation of privacy resulting from the use of United Connection services."

    Deirdre Mulligan, staff counsel for the Center for Democracy and Technology, called the statements "incredibly confusing."

    Even if the users read both statements, they might not understand exactly what personal information could be released, she said.

    "At the very least, consumers would have no idea how to mesh the two statements," Mulligan said.

    Although other companies post policies which warn consumers that they have little control over their personal information when they use the site, Mulligan said United's claim that consumers are giving their "unambiguous" consent is unusual.

    "I think it's very difficult to assume that users are giving 'unambiguous' consent," Mulligan said.

    United Airlines spokesman Kurt Ebenhoch acknowledged the confusing nature of the two statements and said the company was reviewing the language of both. He said United intended to maintain customers privacy.

    "Our intent on this is to keep that information confidential and not share it with other companies," Ebenhoch said.

    Privacy advocate Jason Catlett, president of Junkbusters, said he is not surprised by the apparent contradiction between the privacy policy and the site's terms and conditions. He said that many companies, instead of guaranteeing customers' privacy in their policy statement, are issuing disclaimers, abdicating responsibility for how personal information will be used.

    "That's all too typical," Catlett said, calling for regulations that would set a baseline for how companies can use personal information.

    "If you use people's personal information, then you should use it fairly," he said.